Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Need!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Robert A Duckett

Robert A Duckett

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:52 PM

Posted 25 March 2009 - 06:18 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Rob Jr at 19:14:06.50 on Wed 03/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2205 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rob Jr\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Bsecure Popup Blocker: {e0019445-4c1f-414d-a70e-ad80f231c584} - c:\windows\system32\inetcntrl\popupkil\BsafeBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bsecure Popup Blocker: {e0019445-4c1f-414d-a70e-ad80f231c584} - c:\windows\system32\inetcntrl\popupkil\BsafeBHO.dll
TB: McAfee SiteAdvisor: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [ares] "c:\program files\ares\Ares.exe" -h
mRun: [InetCntrl] c:\windows\system32\inetcntrl\InetCntrl.exe
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-explorer: NoRecentDocsNetHood = 01000000
uPolicies-explorer: NoSMMyDocs = 00000000
uPolicies-explorer: NoSMMyPictures = 00000000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: InetCntrl0011.dll
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220362468904
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221783762000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.117,85.255.112.121
TCP: {8F613381-084A-4001-B213-978934B6413D} = 85.255.112.117,85.255.112.121
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robjr~1\applic~1\mozilla\firefox\profiles\dfd9anlz.default\

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-9-13 47640]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2008-7-24 231424]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-23 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-23 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-23 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-23 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-23 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-23 40488]
S3 DrvSnSht;DrvSnSht;c:\program files\r-drive image\DrvSnSht.sys [2008-4-15 94608]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-23 34152]
S3 R-ImageDisk;R-ImageDisk;c:\program files\r-drive image\R-ImageDisk.sys [2008-4-15 85431]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-03-25 18:39 <DIR> --d----- c:\program files\Trend Micro
2009-03-25 16:33 <DIR> --d----- c:\windows\system32\HouseCall 6.6
2009-03-25 14:28 <DIR> --d----- c:\docume~1\robjr~1\applic~1\HouseCall 6.6
2009-03-25 14:15 <DIR> --d----- c:\program files\WinDirStat
2009-03-24 21:36 <DIR> --d----- c:\program files\Doblon
2009-03-24 21:26 <DIR> --d----- c:\docume~1\robjr~1\applic~1\Acoustica
2009-03-24 21:26 57,344 a------- c:\windows\system32\Wnaspint.dll
2009-03-24 21:23 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Acoustica
2009-03-23 20:59 5,299 a------- c:\windows\system32\Config.MPF
2009-03-23 20:59 <DIR> --d----- c:\program files\SiteAdvisor
2009-03-23 20:56 79,240 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-23 20:56 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-23 20:56 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-23 20:55 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-03-23 20:55 <DIR> --d----- c:\program files\common files\McAfee
2009-03-23 20:55 <DIR> --d----- c:\program files\McAfee.com
2009-03-23 20:55 <DIR> --d----- c:\program files\McAfee
2009-03-23 20:54 34,152 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-23 20:36 <DIR> --d----- c:\program files\DigitalHQ
2009-03-23 20:36 373 ---shr-- C:\autorun.inf
2009-03-23 19:42 <DIR> --d----- c:\program files\iPod
2009-03-23 19:42 <DIR> --d----- c:\program files\iTunes
2009-03-23 19:42 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-23 19:18 <DIR> --d----- c:\program files\YouTube Downloader
2009-03-23 19:12 <DIR> --d----- c:\program files\Regensoft
2009-03-23 19:12 <DIR> --d----- c:\program files\Red Kawa
2009-03-20 15:19 <DIR> --d----- c:\program files\iPod(2)
2009-03-20 15:19 <DIR> --d----- c:\program files\iTunes(2)
2009-03-20 15:19 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 15:12 <DIR> --d----- c:\program files\Ares
2009-03-14 22:20 <DIR> --d----- c:\docume~1\robjr~1\applic~1\LimeWire
2009-03-05 20:25 <DIR> --d----- c:\program files\Essentials Codec Pack
2009-03-02 19:48 159 a------- c:\windows\system32\test.aok
2009-03-02 17:26 <DIR> --d----- c:\documents and settings\rob jr\dwhelper
2009-03-02 12:45 2,174,976 a------- c:\windows\system32\ffdshow.ax
2009-03-02 12:45 34,820 a------- c:\windows\system32\ffdshow.reg
2009-03-02 12:45 3,049,984 a------- c:\windows\system32\libavcodec.dll
2009-03-02 12:45 404,480 a------- c:\windows\system32\libmplayer.dll
2009-03-02 12:45 200,704 a------- c:\windows\system32\TomsMoComp_ff.dll
2009-03-02 12:45 114,688 a------- c:\windows\system32\libmpeg2_ff.dll
2009-03-02 12:45 409,600 a------- c:\windows\system32\vampd.ax
2009-03-02 12:45 364,544 a------- c:\windows\system32\cdg.dll
2009-03-02 12:45 348,160 a------- c:\windows\system32\cdga.dll
2009-03-02 12:45 114,688 a------- c:\windows\system32\PropListCtrl.ocx
2009-03-02 12:45 14,909 a------- c:\windows\system32\A_reg.reg
2009-02-28 19:25 <DIR> --d----- c:\program files\SAMSUNG CDMA Modem
2009-02-25 22:32 156 a------- c:\windows\Twunk001.MTX
2009-02-25 22:32 2 a------- c:\windows\Twain001.Mtx
2009-02-25 22:32 0 a------- c:\windows\Twunk002.MTX
2009-02-25 22:15 <DIR> --d----- c:\program files\Audacity

==================== Find3M ====================

2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-27 23:45 56,632 a---h--- c:\windows\system32\mlfcache.dat
2009-01-08 00:17 92,064 ac------ c:\documents and settings\rob jr\mqdmmdm.sys
2009-01-08 00:17 79,328 ac------ c:\documents and settings\rob jr\mqdmserd.sys
2009-01-08 00:17 9,232 ac------ c:\documents and settings\rob jr\mqdmmdfl.sys
2009-01-08 00:17 5,936 ac------ c:\documents and settings\rob jr\mqdmwhnt.sys
2009-01-08 00:17 4,048 ac------ c:\documents and settings\rob jr\mqdmcr.sys
2009-01-08 00:17 66,656 ac------ c:\documents and settings\rob jr\mqdmbus.sys
2009-01-08 00:17 25,600 ac------ c:\documents and settings\rob jr\usbsermptxp.sys
2009-01-08 00:17 22,768 ac------ c:\documents and settings\rob jr\usbsermpt.sys
2009-01-08 00:17 6,208 ac------ c:\documents and settings\rob jr\mqdmcmnt.sys
2008-12-07 16:32 256 ac------ c:\documents and settings\rob jr\pool.bin

============= FINISH: 19:14:43.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:52 PM

Posted 25 March 2009 - 07:33 PM

Hello Robert A Duckett,

Posted Image

Can you tell me if these are your computers, or are you IT?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:52 PM

Posted 04 April 2009 - 06:09 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users