Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need to confirm spyare removal


  • This topic is locked This topic is locked
14 replies to this topic

#1 Joffa_d

Joffa_d

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 03 May 2009 - 05:50 AM

Hi there, this is my first post so i will do my best not to act like a complete n00b. Yesterday 02/05/09 i believe i infected my computer with something nasty, while installing a program my Antivirus, Mcafee internet security asked me if i wanted to confirm a registry change, since i was installing at the time, i thought why not? Only immediately after the change i had a red X come up on my taskbar infrming me i had spyware, i immediately initiated a lockdown and went to look at what had happened. Mcafee reports that a registry change under the process system32\frmwrk32.dll. The changes were to do with "nosetactivedesktop" I went the long way round on trying to fix this problem, i deleted frmwrk32.dll, and deleted the affected registry keys. still the problem remained. i browsed some forums and downloaded and ran a program called combofix. This program located various problems all with the prefix OVSTH~~~.dll, .dat, etc. I have the log if it is of any use. After combofix ran, it seems that the problems have disappeared, though i want to be totally sure. After reading much on this forum i decided to register, and try the methods described, so i have ran the DDS.scr program, and the logs are included below, i would be very greatful if someone could take a look at it for me, your help is very much appreciated, regards, J.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jof Davies at 11:37:07.90 on 03/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.403 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jof Davies\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [MioNet] c:\program files\mionet\MioNetLauncher.exe /p
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
StartupFolder: c:\docume~1\jofdav~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jofdav~1\applic~1\mozilla\firefox\profiles\pkk6mp8v.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJPI150_17.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 BT848;WinFast VC100 WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2005-6-1 76325]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-30 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-30 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-30 144704]
R2 MioNet;MioNet;c:\program files\mionet\MioNetManager.exe [2008-6-10 139264]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-30 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-30 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-30 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-30 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-30 34216]

=============== Created Last 30 ================

2009-05-03 11:36 <DIR> --dsh--- c:\documents and settings\jof davies\IECompatCache
2009-05-03 11:35 <DIR> --dsh--- c:\documents and settings\jof davies\PrivacIE
2009-05-03 11:31 <DIR> --dsh--- c:\documents and settings\jof davies\IETldCache
2009-05-03 11:27 <DIR> -cd-h--- c:\windows\ie8
2009-05-03 10:59 161,792 a------- c:\windows\SWREG.exe
2009-05-03 10:59 98,816 a------- c:\windows\sed.exe
2009-05-03 10:59 <DIR> --d----- C:\ComboFix
2009-05-03 10:43 <DIR> --d----- c:\program files\CCleaner
2009-05-02 10:20 <DIR> --d----- c:\program files\Nero
2009-05-02 10:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-04-30 21:28 7,707 a------- c:\windows\system32\Config.MPF
2009-04-30 21:08 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-30 21:08 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-30 21:08 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-30 21:08 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-30 21:07 <DIR> --d----- c:\program files\common files\McAfee
2009-04-30 21:07 <DIR> --d----- c:\program files\McAfee.com
2009-04-30 21:07 <DIR> --d----- c:\program files\McAfee
2009-04-30 21:00 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-04-17 05:54 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-17 05:54 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 05:54 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-17 05:54 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 05:54 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 05:54 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 05:54 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 05:54 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 05:54 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 05:54 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 05:54 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-17 05:54 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-07 19:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-04-07 18:01 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-04-07 18:01 47,360 a------- c:\docume~1\jofdav~1\applic~1\pcouffin.sys
2009-04-07 18:01 102,439 a------- c:\windows\system32\sipr3260.dll
2009-04-07 18:01 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-04-07 18:01 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-04-07 18:01 217,127 a------- c:\windows\system32\drv43260.dll
2009-04-07 18:01 208,935 a------- c:\windows\system32\drv33260.dll
2009-04-07 18:01 176,165 a------- c:\windows\system32\drv23260.dll
2009-04-07 18:01 65,602 a------- c:\windows\system32\cook3260.dll
2009-04-07 18:01 <DIR> --d----- c:\program files\VSO
2009-04-03 18:01 1,324 a------- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-12 09:11 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 19:56 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-09 13:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 13:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 13:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 13:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 11:19 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-08 12:35 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 12:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 20:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 11:37:57.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:05:53 PM

Posted 17 May 2009 - 03:08 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Joffa_d

Joffa_d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 17 May 2009 - 05:37 AM

Update: Ok, i'm still running very slow, and i seem to have a graphics card issue that i can't place. I've updated my graphics driver but still the problem persists. My screen seems to hang or drag when i move windows, and occasionally in Media player video is replaced by garbled noise, i also can not use the "full screen" option in Youtube, if i do my computer will either crash, or reset itself. I'm not sure if this could be malware related, but the problems only started after i was infected. I do not have any more pop ups, or fake antivirus notification, but as i say the machine is still running like treacle. please see attached DDS files.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Jof Davies at 11:30:19.20 on 17/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.181 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jof Davies\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [MioNet] c:\program files\mionet\MioNetLauncher.exe /p
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jofdav~1\applic~1\mozilla\firefox\profiles\pkk6mp8v.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJPI150_17.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 BT848;WinFast VC100 WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2005-6-1 76325]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-30 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-30 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-30 144704]
R2 MioNet;MioNet;c:\program files\mionet\MioNetManager.exe [2008-6-10 139264]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-30 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-30 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-30 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-30 40552]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-30 606736]

=============== Created Last 30 ================

2009-05-10 17:53 <DIR> --d----- c:\program files\Driving Test Success - All Tests (2008-2009)
2009-05-10 17:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Driving Test Success
2009-05-09 21:24 4,096 a------- c:\windows\system32\crash
2009-05-07 10:26 <DIR> --d----- c:\windows\pss
2009-05-07 09:27 <DIR> a-dshr-- C:\cmdcons
2009-05-07 08:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-05-05 07:09 <DIR> --d----- C:\ATI
2009-05-03 11:36 <DIR> --dsh--- c:\documents and settings\jof davies\IECompatCache
2009-05-03 11:35 <DIR> --dsh--- c:\documents and settings\jof davies\PrivacIE
2009-05-03 11:31 <DIR> --dsh--- c:\documents and settings\jof davies\IETldCache
2009-05-03 11:29 <DIR> --d----- c:\windows\ie8updates
2009-05-03 11:29 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-03 11:27 <DIR> -cd-h--- c:\windows\ie8
2009-05-03 10:59 161,792 a------- c:\windows\SWREG.exe
2009-05-03 10:59 98,816 a------- c:\windows\sed.exe
2009-05-03 10:43 <DIR> --d----- c:\program files\CCleaner
2009-05-02 10:20 <DIR> --d----- c:\program files\Nero
2009-05-02 10:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-04-30 21:28 9,801 a------- c:\windows\system32\Config.MPF
2009-04-30 21:08 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-30 21:08 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-30 21:08 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-30 21:08 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-30 21:07 <DIR> --d----- c:\program files\common files\McAfee
2009-04-30 21:07 <DIR> --d----- c:\program files\McAfee.com
2009-04-30 21:07 <DIR> --d----- c:\program files\McAfee
2009-04-30 21:00 34,216 a------- c:\windows\system32\drivers\mferkdk.sys

==================== Find3M ====================

2009-04-07 18:01 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-04-07 18:01 47,360 a------- c:\docume~1\jofdav~1\applic~1\pcouffin.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-12 09:11 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-08 14:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020820090209\index.dat

============= FINISH: 11:30:47.81 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 18 May 2009 - 07:44 PM

HEllo.

Please continue with the following and once it's done post a new set of DDS logs.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and run RootRepeal CR

Please download RootRepeal to your desktop
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Unzip it to it's own folder
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Report tab at the bottom.
  • Now click the Scan button in the Report Tab. Posted Image
  • A box will pop up, check the boxes beside ALL SIX
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the log here in your reply.
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Joffa_d

Joffa_d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 20 May 2009 - 03:01 PM

ok, here's the update, thanks in advance for your help.

Malware Log:

Malwarebytes' Anti-Malware 1.36
Database version: 2158
Windows 5.1.2600 Service Pack 3

20/05/2009 19:44:12
mbam-log-2009-05-20 (19-44-12).txt

Scan type: Quick Scan
Objects scanned: 92695
Time elapsed: 12 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.116,85.255.112.157 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1ff303c2-70e1-4a19-8822-a839dd7ad8b8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.116,85.255.112.157 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







Repeat Scan Log:

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/05/20 20:26
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDC88000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AC6000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBAAFE000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Program Files\MioNet\logFile.txt
Status: Size mismatch (API: 594021, Raw: 591746)

Path: C:\WINDOWS\Temp\sqlite_Re0oaehwp8GcQaz
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_5UaRJ6uOBv1UXJk
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_eAcinuX7lZFl70h
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\mcmsc_ugeZE1fMlosNkme
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_0eUCNB7TuGC7hAp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_2I0hZp7vI8MSTlM
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_2LHD2Mj4cxXF2rp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\Temp\sqlite_5cBPMb4Qgc8hZbH
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Documents and Settings\Jof Davies\Local Settings\temp\~DF7B0C.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\Jof Davies\Local Settings\temp\~DF8842.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl
Status: Allocation size mismatch (API: 8192, Raw: 4096)

Stealth Objects
-------------------
Object: Hidden Module [Name: CLI.Aspect.HotkeysHandling.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x05480000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD2.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x05010000 Size: 36864

Object: Hidden Module [Name: CLI.Component.Runtime.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x037c0000 Size: 45056

Object: Hidden Module [Name: CLI.Implementation.dll]
Process: cli.exe (PID: 1760) Address: 0x00cc0000 Size: 45056

Object: Hidden Module [Name: LOG.Foundation.dll]
Process: cli.exe (PID: 1760) Address: 0x011c0000 Size: 45056

Object: Hidden Module [Name: LOG.Foundation.Service.dll]
Process: cli.exe (PID: 1760) Address: 0x01220000 Size: 53248

Object: Hidden Module [Name: CLI.Foundation.dll]
Process: cli.exe (PID: 1760) Address: 0x011f0000 Size: 77824

Object: Hidden Module [Name: LOG.Foundation.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x01240000 Size: 28672

Object: Hidden Module [Name: CLI.Foundation.XManifestation.dll]
Process: cli.exe (PID: 1760) Address: 0x01260000 Size: 36864

Object: Hidden Module [Name: CLI.Component.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x03540000 Size: 94208

Object: Hidden Module [Name: ATICCCom.dll]
Process: cli.exe (PID: 1760) Address: 0x03580000 Size: 28672

Object: Hidden Module [Name: AEM.Foundation.dll]
Process: cli.exe (PID: 1760) Address: 0x035a0000 Size: 36864

Object: Hidden Module [Name: CLI.Caste.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x03700000 Size: 61440

Object: Hidden Module [Name: CLI.Caste.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x03760000 Size: 307200

Object: Hidden Module [Name: DEM.Graphics.I0601.dll]
Process: cli.exe (PID: 1760) Address: 0x03800000 Size: 53248

Object: Hidden Module [Name: DEM.Foundation.dll]
Process: cli.exe (PID: 1760) Address: 0x037e0000 Size: 28672

Object: Hidden Module [Name: ACE.Graphics.DisplaysManager.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x03830000 Size: 36864

Object: Hidden Module [Name: System.Management.dll]
Process: cli.exe (PID: 1760) Address: 0x04640000 Size: 380928

Object: Hidden Module [Name: ATIDEMGR.dll]
Process: cli.exe (PID: 1760) Address: 0x045e0000 Size: 299008

Object: Hidden Module [Name: CLI.Aspect.MultiVPU2.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04a30000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.MultiVPU2.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x04a60000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.MultiVPU.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04a80000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.MultiVPU.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x04aa0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.VeryLargeDesktop.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04ac0000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.VideoOverlay.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x04e30000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04d50000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x04ce0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04d10000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.Radeon3DLegacy.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04d30000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x04db0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04d90000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x04d70000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x04df0000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04dd0000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.VideoOverlay.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04e10000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04f00000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.SmartGart.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04e80000 Size: 36864

Object: Hidden Module [Name: ACE.Graphics.VideoOverlay.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x04e60000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.VPURecover.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x04ec0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.VPURecover.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04ea0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.WorkstationConfig.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04ee0000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT2.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x04f90000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT2.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04f60000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x04f30000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x04fc0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x04ff0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP2.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x051d0000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x05070000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x05050000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD2.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x05030000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceCV2.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x050b0000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.CustomFormats.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x05090000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceCV2.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x050d0000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x05150000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceTV2.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x05110000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x05190000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x051b0000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.OverDrive3.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x05250000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.OverDrive3.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x05220000 Size: 86016

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP2.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x051f0000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.PowerPlay3.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x05290000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.OverDrive2.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x05270000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.PowerPlay3.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x052b0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x05320000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x05300000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x052e0000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x05340000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll]
Process: cli.exe (PID: 1760) Address: 0x05460000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.Radeon3DLegacy.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x054e0000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x054b0000 Size: 69632

Object: Hidden Module [Name: DEM.Graphics.I0600.dll]
Process: cli.exe (PID: 1760) Address: 0x05530000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.WorkstationConfig.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x05580000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.SmartGart.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x05560000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceProperty.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x055d0000 Size: 28672

Object: Hidden Module [Name: DEM.Graphics.I0602.dll]
Process: cli.exe (PID: 1760) Address: 0x055b0000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x056e0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceTV2.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x05630000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceProperty2.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x05600000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x05670000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.OverDrive2.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x056c0000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll]
Process: cli.exe (PID: 1760) Address: 0x05720000 Size: 28672

Object: Hidden Module [Name: APM.Foundation.dll]
Process: cli.exe (PID: 1760) Address: 0x05750000 Size: 36864

Object: Hidden Module [Name: APM.Foundation.dll]
Process: cli.exe (PID: 2472) Address: 0x03740000 Size: 36864

Object: Hidden Module [Name: CLI.Caste.Graphics.Shared.dll]
Process: cli.exe (PID: 2472) Address: 0x035a0000 Size: 61440

Object: Hidden Module [Name: CLI.Implementation.dll]
Process: cli.exe (PID: 2472) Address: 0x00d20000 Size: 45056

Object: Hidden Module [Name: LOG.Foundation.dll]
Process: cli.exe (PID: 2472) Address: 0x01220000 Size: 45056

Object: Hidden Module [Name: CLI.Foundation.dll]
Process: cli.exe (PID: 2472) Address: 0x01250000 Size: 77824

Object: Hidden Module [Name: LOG.Foundation.Shared.dll]
Process: cli.exe (PID: 2472) Address: 0x032b0000 Size: 28672

Object: Hidden Module [Name: LOG.Foundation.Service.dll]
Process: cli.exe (PID: 2472) Address: 0x03290000 Size: 53248

Object: Hidden Module [Name: CLI.Foundation.XManifestation.dll]
Process: cli.exe (PID: 2472) Address: 0x032d0000 Size: 36864

Object: Hidden Module [Name: CLI.Component.Systemtray.dll]
Process: cli.exe (PID: 2472) Address: 0x035f0000 Size: 438272

Object: Hidden Module [Name: CLI.Component.Runtime.dll]
Process: cli.exe (PID: 2472) Address: 0x035d0000 Size: 94208

Object: Hidden Module [Name: ACE.Graphics.DisplaysManager.Shared.dll]
Process: cli.exe (PID: 2472) Address: 0x03700000 Size: 36864

Object: Hidden Module [Name: ATICCCom.dll]
Process: cli.exe (PID: 2472) Address: 0x036e0000 Size: 28672

Object: Hidden Module [Name: AEM.Foundation.dll]
Process: cli.exe (PID: 2472) Address: 0x03720000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x065f0000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x05e80000 Size: 315392

Object: Hidden Module [Name: CLI.Aspect.Welcome.Local.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x039a0000 Size: 118784

Object: Hidden Module [Name: CLI.Implementation.dll]
Process: cli.exe (PID: 2500) Address: 0x00d20000 Size: 45056

Object: Hidden Module [Name: LOG.Foundation.dll]
Process: cli.exe (PID: 2500) Address: 0x01220000 Size: 45056

Object: Hidden Module [Name: CLI.Foundation.dll]
Process: cli.exe (PID: 2500) Address: 0x01250000 Size: 77824

Object: Hidden Module [Name: LOG.Foundation.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x032b0000 Size: 28672

Object: Hidden Module [Name: LOG.Foundation.Service.dll]
Process: cli.exe (PID: 2500) Address: 0x03290000 Size: 53248

Object: Hidden Module [Name: CLI.Foundation.XManifestation.dll]
Process: cli.exe (PID: 2500) Address: 0x032d0000 Size: 36864

Object: Hidden Module [Name: CLI.Foundation.Clients.dll]
Process: cli.exe (PID: 2500) Address: 0x035a0000 Size: 53248

Object: Hidden Module [Name: CLI.Component.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x036b0000 Size: 1200128

Object: Hidden Module [Name: CLI.Component.Dashboard.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x035c0000 Size: 36864

Object: Hidden Module [Name: CLI.Component.Runtime.dll]
Process: cli.exe (PID: 2500) Address: 0x035f0000 Size: 94208

Object: Hidden Module [Name: ATICCCom.dll]
Process: cli.exe (PID: 2500) Address: 0x03620000 Size: 28672

Object: Hidden Module [Name: CLI.Caste.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x03640000 Size: 61440

Object: Hidden Module [Name: AEM.Foundation.dll]
Process: cli.exe (PID: 2500) Address: 0x03660000 Size: 36864

Object: Hidden Module [Name: ACE.Graphics.DisplaysManager.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x03680000 Size: 36864

Object: Hidden Module [Name: CLI.Caste.Local.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x036a0000 Size: 28672

Object: Hidden Module [Name: CLI.Caste.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x03940000 Size: 69632

Object: Hidden Module [Name: CLI.Caste.Graphics.Dashboard.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x03970000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT2.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x03eb0000 Size: 585728

Object: Hidden Module [Name: CLI.Aspect.VeryLargeDesktop.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x03c30000 Size: 307200

Object: Hidden Module [Name: CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x03b30000 Size: 708608

Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x03a20000 Size: 356352

Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x03cd0000 Size: 192512

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x03d90000 Size: 577536

Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x041d0000 Size: 806912

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD2.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x04090000 Size: 454656

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x03fb0000 Size: 446464

Object: Hidden Module [Name: CLI.Aspect.DeviceTV2.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x04540000 Size: 1265664

Object: Hidden Module [Name: CLI.Aspect.DeviceCV2.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x04350000 Size: 716800

Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x047c0000 Size: 1249280

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x04700000 Size: 438272

Object: Hidden Module [Name: CLI.Aspect.VideoOverlay.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x05670000 Size: 2797568

Object: Hidden Module [Name: CLI.Aspect.Radeon3DLegacy.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x04d90000 Size: 454656

Object: Hidden Module [Name: CLI.Aspect.Radeon3D.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x04c30000 Size: 978944

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP2.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x04ac0000 Size: 503808

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x05080000 Size: 880640

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x04ed0000 Size: 823296

Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x05290000 Size: 1183744

Object: Hidden Module [Name: CLI.Aspect.VPURecover.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x05a80000 Size: 151552

Object: Hidden Module [Name: CLI.Aspect.SmartGart.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x05a20000 Size: 364544

Object: Hidden Module [Name: CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x05970000 Size: 282624

Object: Hidden Module [Name: CLI.Aspect.OverDrive3.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x05bf0000 Size: 905216

Object: Hidden Module [Name: CLI.Aspect.WorkstationConfig.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x05ae0000 Size: 143360

Object: Hidden Module [Name: CLI.Aspect.OverDrive2.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x05d80000 Size: 708608

Object: Hidden Module [Name: CLI.Aspect.DisplaysOptions.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06150000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.InfoCentre.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x060e0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.MultiVPU.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x06050000 Size: 512000

Object: Hidden Module [Name: CLI.Aspect.MultiVPU2.Graphics.Dashboard.dll]
Process: cli.exe (PID: 2500) Address: 0x05f50000 Size: 512000

Object: Hidden Module [Name: CLI.Aspect.HotkeysHandling.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06110000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06130000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceProperty.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x061c0000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06180000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceCRT2.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x063f0000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceTV2.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x064f0000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06450000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceProperty2.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06430000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.DeviceCV.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x064a0000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceLCD2.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06480000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceCV2.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x064c0000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06570000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.DeviceTV.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06530000 Size: 69632

Object: Hidden Module [Name: CLI.Aspect.CustomFormats.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06590000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DeviceDFP2.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x065c0000 Size: 53248

Object: Hidden Module [Name: CLI.Aspect.PowerPlay3.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x066d0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06660000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.DisplaysColour2.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06640000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.Radeon3DLegacy.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06620000 Size: 61440

Object: Hidden Module [Name: CLI.Aspect.MMVideo.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06680000 Size: 45056

Object: Hidden Module [Name: CLI.Aspect.VideoOverlay.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x066b0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.WorkstationConfig.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06730000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.VPURecover.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06710000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.SmartGart.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x066f0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.OverDrive2.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06770000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.OverDrive3.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06750000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.MultiVPU2.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x067b0000 Size: 36864

Object: Hidden Module [Name: CLI.Aspect.IntegratedUMAFrameBuffer.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x06790000 Size: 28672

Object: Hidden Module [Name: CLI.Aspect.MultiVPU.Graphics.Shared.dll]
Process: cli.exe (PID: 2500) Address: 0x067e0000 Size: 36864

#6 Joffa_d

Joffa_d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 20 May 2009 - 05:30 PM

Sorry. i do apologize, DDS Logs....



DDS (Ver_09-05-14.01) - NTFSx86
Run by Jof Davies at 23:27:02.09 on 20/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.282 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Documents and Settings\Jof Davies\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [MioNet] c:\program files\mionet\MioNetLauncher.exe /p
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 BT848;WinFast VC100 WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2005-6-1 76325]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-30 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-30 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-30 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-30 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-30 35272]
S2 MioNet;MioNet;c:\program files\mionet\MioNetManager.exe [2008-6-10 139264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-30 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-30 40552]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-30 606736]

=============== Created Last 30 ================

2009-05-20 19:30 <DIR> --d----- c:\docume~1\jofdav~1\applic~1\Malwarebytes
2009-05-20 19:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-20 19:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 19:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-20 19:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-10 17:53 <DIR> --d----- c:\program files\Driving Test Success - All Tests (2008-2009)
2009-05-10 17:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Driving Test Success
2009-05-09 21:24 4,096 a------- c:\windows\system32\crash
2009-05-07 10:26 <DIR> --d----- c:\windows\pss
2009-05-07 09:27 <DIR> a-dshr-- C:\cmdcons
2009-05-07 08:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-05-05 07:09 <DIR> --d----- C:\ATI
2009-05-03 11:36 <DIR> --dsh--- c:\documents and settings\jof davies\IECompatCache
2009-05-03 11:35 <DIR> --dsh--- c:\documents and settings\jof davies\PrivacIE
2009-05-03 11:31 <DIR> --dsh--- c:\documents and settings\jof davies\IETldCache
2009-05-03 11:29 <DIR> --d----- c:\windows\ie8updates
2009-05-03 11:29 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-03 11:27 <DIR> -cd-h--- c:\windows\ie8
2009-05-03 10:59 161,792 a------- c:\windows\SWREG.exe
2009-05-03 10:59 98,816 a------- c:\windows\sed.exe
2009-05-03 10:43 <DIR> --d----- c:\program files\CCleaner
2009-05-02 10:20 <DIR> --d----- c:\program files\Nero
2009-05-02 10:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-04-30 21:28 10,139 a------- c:\windows\system32\Config.MPF
2009-04-30 21:08 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-30 21:08 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-30 21:08 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-30 21:08 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-30 21:07 <DIR> --d----- c:\program files\common files\McAfee
2009-04-30 21:07 <DIR> --d----- c:\program files\McAfee.com
2009-04-30 21:07 <DIR> --d----- c:\program files\McAfee
2009-04-30 21:00 34,216 a------- c:\windows\system32\drivers\mferkdk.sys

==================== Find3M ====================

2009-04-07 18:01 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-04-07 18:01 47,360 a------- c:\docume~1\jofdav~1\applic~1\pcouffin.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-12 09:11 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-08 14:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020820090209\index.dat

============= FINISH: 23:27:22.96 ===============

Attached Files



#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 21 May 2009 - 04:06 PM

Hello.

Update Java and run an online scan.

Update Java to Version 6 Update 13

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Take a new DDS log afterwards and let me know how your computer is running. What symptoms do you still have?

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 Joffa_d

Joffa_d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 24 May 2009 - 03:52 AM

Hey there, again, thanks for all your help in this. But the JAca update didn't seem to fix anything, i also removed all previous Java versions as requested. The Kaspersky scan took a shocking 20 hours, and i cancelled it after it had been scanning the "Police Academy 1-7" .Rar files for about 12 hours. I have a terrabyte network storage drive, and while i would have liked to have that scanned completely i couldn't really wait for a week. Thank god i don't pay for dial up internet is all i can say. The kaspersky scan results are included below. Symptoms remaining are: Laggy behaviour, refreshing windows as i drag them, occasional screen 'crash' resulting in a garbled image. Next time it happens i'll try and take a picture, i'm beginning to think it definietly is a graphic card or AGP slot issue. Pishcock. Again, Thankyou for all your hard work.

KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, May 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 23, 2009 13:25:41
Records in database: 2225888
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
L:\

Scan statistics:
Files scanned: 128457
Threat name: 4
Infected objects: 4
Suspicious objects: 1
Duration of the scan: 20:00:13


File name / Threat name / Threats count
C:\Documents and Settings\Jof Davies\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (Jo a63\Sent items\24FA53E2-0000007F.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\My Documents\Downloads\PowerISO v4.1.Incl. Keymaker-AGAiN\Keygen.exe Infected: Worm.Win32.AutoRun.vmq 1
C:\My Documents\Downloads\PowerISO v4.1.Incl. Keymaker-AGAiN\PowerISO41.exe Infected: Worm.Win32.AutoRun.vmq 1
C:\Qoobox\Quarantine\C\RECYCLER\S-3-3-77-100006656-100032171-100003730-9722.com.vir Infected: Trojan-Dropper.Win32.Agent.aooj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\khfGvstQ.dll.vir Infected: Trojan.Win32.Monderb.aqtp 1

The scan was stopped by the user.

#9 Joffa_d

Joffa_d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 24 May 2009 - 04:32 AM

Sorry, again. DDS logs....


DDS (Ver_09-05-14.01) - NTFSx86
Run by Jof Davies at 10:26:52.25 on 24/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.299 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jof Davies\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [MioNet] c:\program files\mionet\MioNetLauncher.exe /p
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_17\bin\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_17\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 BT848;WinFast VC100 WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2005-6-1 76325]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-30 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-30 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-30 144704]
R2 MioNet;MioNet;c:\program files\mionet\MioNetManager.exe [2008-6-10 139264]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-30 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-30 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-30 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-30 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-30 34216]

=============== Created Last 30 ================

2009-05-23 11:44 49,265 a------- c:\windows\system32\jpicpl32.cpl
2009-05-22 20:51 <DIR> --d----- c:\documents and settings\jof davies\.SunDownloadManager
2009-05-22 20:50 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-20 19:30 <DIR> --d----- c:\docume~1\jofdav~1\applic~1\Malwarebytes
2009-05-20 19:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-20 19:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 19:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-20 19:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-10 17:53 <DIR> --d----- c:\program files\Driving Test Success - All Tests (2008-2009)
2009-05-10 17:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Driving Test Success
2009-05-09 21:24 4,096 a------- c:\windows\system32\crash
2009-05-07 10:26 <DIR> --d----- c:\windows\pss
2009-05-07 09:27 <DIR> a-dshr-- C:\cmdcons
2009-05-07 08:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-05-05 07:09 <DIR> --d----- C:\ATI
2009-05-03 11:36 <DIR> --dsh--- c:\documents and settings\jof davies\IECompatCache
2009-05-03 11:35 <DIR> --dsh--- c:\documents and settings\jof davies\PrivacIE
2009-05-03 11:31 <DIR> --dsh--- c:\documents and settings\jof davies\IETldCache
2009-05-03 11:29 <DIR> --d----- c:\windows\ie8updates
2009-05-03 11:29 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-03 11:27 <DIR> -cd-h--- c:\windows\ie8
2009-05-03 10:59 161,792 a------- c:\windows\SWREG.exe
2009-05-03 10:59 98,816 a------- c:\windows\sed.exe
2009-05-03 10:43 <DIR> --d----- c:\program files\CCleaner
2009-05-02 10:20 <DIR> --d----- c:\program files\Nero
2009-05-02 10:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-04-30 21:28 11,653 a------- c:\windows\system32\Config.MPF
2009-04-30 21:08 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-30 21:08 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-30 21:08 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-30 21:08 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-30 21:07 <DIR> --d----- c:\program files\common files\McAfee
2009-04-30 21:07 <DIR> --d----- c:\program files\McAfee.com
2009-04-30 21:07 <DIR> --d----- c:\program files\McAfee
2009-04-30 21:00 34,216 a------- c:\windows\system32\drivers\mferkdk.sys

==================== Find3M ====================

2009-05-22 21:07 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-07 18:01 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-04-07 18:01 47,360 a------- c:\docume~1\jofdav~1\applic~1\pcouffin.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-08 14:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020820090209\index.dat

============= FINISH: 10:27:50.01 ===============

Attached Files



#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 24 May 2009 - 10:02 AM

Hello.

1. It seems you have ran Combofix before... You should know it shouldn't be used unless instructed to...

2. Empty out all mails from your hotmail folder. There is/(are) mail(s) that are infected.

I see evidence of a keygene related file. You may have even more. Please note what are keygenes/cracks.

Posted ImageCracks and Key Generators Warning

I see evidence of cracks/keygene related files on your computer." This means You have used cracks or key generators.

You should know that use of these is considered illegal activity, as it bypasses copyright laws.

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a sm?rg?sbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.

Merely visiting such sites without downloading ANYTHING is one of the worst things a user can do online. They are illegal. Cracked software is notorious for carrying malware/infections. How do you think these people make their money... they aren't really giving you this software out of the goodness of their hearts.

Antivirus programs cannot protect you against what you are deliberately running. If you have or are using a CRACKED version of ANY security programs you are basically infecting yourself by installing that software, as it's not going to protect you.

The HJT Teams will have 0 tolerance of members that continue to reinfect their system from use of such programs. PLEASE REMOVE ANY files/programs you may have that is related to these now. One that I see in the Kaspersky log is this: C:\My Documents\Downloads\PowerISO v4.1.Incl. Keymaker-AGAiN\Keygen.exe. In fact it would be better if you delete that whole PowerISO v4.1.Incl. Keymaker-AGAiN folder. If you have this program installed remove it.

4. Java is not updated. Please update it now, and remove all older versions if you haven't done so already.

Laggy behaviour, refreshing windows as i drag them, occasional screen 'crash' resulting in a garbled image. Next time it happens i'll try and take a picture, i'm beginning to think it definietly is a graphic card or AGP slot issue.

Perhaps, I don't think this issue is related to malware anymore.

Take a new DDS log after that is all complete. I want Attach.txt attached as well please.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Joffa_d

Joffa_d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 25 May 2009 - 09:34 AM

When you say empty mails, do you mean delete EVERYTHING i've accrued over the years i've has that account? I've removed all the sent items so far, but would like to hold fire on deleting all mails until i know more. Poweriso has been removed, i don't think it worked anyway. Java has now been updated, not sure what happened last time, i followed the same procedure. I'm not running any cracked security programs, though i wish i was, just shelled out 55.00 for a mcafee license, days later i get infected. Go figure. In that virus log from Kaspersky it makes reference to "Qoobox" i have no idea what this is, do you? finally in the Attach.txt you will see that i've just tried to do a windows update, and the files failed to install, i've had a problem with the same 2 files for some time now. Is this a symptom? As always your help is appreciated, hope you're enjoying the lovely weather on this bank holiday weekend. DDS logs:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Jof Davies at 15:25:01.25 on 25/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.169 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jof Davies\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [MioNet] c:\program files\mionet\MioNetLauncher.exe /p
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 BT848;WinFast VC100 WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2005-6-1 76325]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-30 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-30 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-30 144704]
R2 MioNet;MioNet;c:\program files\mionet\MioNetManager.exe [2008-6-10 139264]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-30 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-30 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-30 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-30 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-30 34216]

=============== Created Last 30 ================

2009-05-25 15:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-24 23:14 <DIR> --d----- c:\program files\DVD Decrypter
2009-05-22 20:51 <DIR> --d----- c:\documents and settings\jof davies\.SunDownloadManager
2009-05-22 20:50 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-20 19:30 <DIR> --d----- c:\docume~1\jofdav~1\applic~1\Malwarebytes
2009-05-20 19:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-20 19:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 19:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-20 19:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-10 17:53 <DIR> --d----- c:\program files\Driving Test Success - All Tests (2008-2009)
2009-05-10 17:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Driving Test Success
2009-05-09 21:24 4,096 a------- c:\windows\system32\crash
2009-05-07 10:26 <DIR> --d----- c:\windows\pss
2009-05-07 09:27 <DIR> a-dshr-- C:\cmdcons
2009-05-07 08:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-05-05 07:09 <DIR> --d----- C:\ATI
2009-05-03 11:36 <DIR> --dsh--- c:\documents and settings\jof davies\IECompatCache
2009-05-03 11:35 <DIR> --dsh--- c:\documents and settings\jof davies\PrivacIE
2009-05-03 11:31 <DIR> --dsh--- c:\documents and settings\jof davies\IETldCache
2009-05-03 11:29 <DIR> --d----- c:\windows\ie8updates
2009-05-03 11:29 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-03 11:27 <DIR> -cd-h--- c:\windows\ie8
2009-05-03 10:59 161,792 a------- c:\windows\SWREG.exe
2009-05-03 10:59 98,816 a------- c:\windows\sed.exe
2009-05-03 10:43 <DIR> --d----- c:\program files\CCleaner
2009-05-02 10:20 <DIR> --d----- c:\program files\Nero
2009-05-02 10:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-04-30 21:28 11,653 a------- c:\windows\system32\Config.MPF
2009-04-30 21:08 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-30 21:08 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-30 21:08 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-30 21:08 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-30 21:07 <DIR> --d----- c:\program files\common files\McAfee
2009-04-30 21:07 <DIR> --d----- c:\program files\McAfee.com
2009-04-30 21:07 <DIR> --d----- c:\program files\McAfee
2009-04-30 21:00 34,216 a------- c:\windows\system32\drivers\mferkdk.sys

==================== Find3M ====================

2009-05-25 15:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-07 18:01 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-04-07 18:01 47,360 a------- c:\docume~1\jofdav~1\applic~1\pcouffin.sys
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-08 14:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012009020820090209\index.dat

============= FINISH: 15:26:12.09 ===============

Attached Files



#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 25 May 2009 - 05:28 PM

Hello.

When you say empty mails, do you mean delete EVERYTHING i've accrued over the years i've has that account? I've removed all the sent items so far, but would like to hold fire on deleting all mails until i know more.

I would try at least to delete MOST if not ALL. I would be careful with mails that have any attachments or url links. one or more of them are infected..

Poweriso has been removed, i don't think it worked anyway.

It doesn't matter if it worked or not. They are also infected, so you simply infected your machine with something that doesn't work.

I'm not running any cracked security programs, though i wish i was

I hope that is sarcasm...

just shelled out 55.00 for a mcafee license

I'm not saying purchasing Anti-Virus softwares are better or worse then free ones. My point in my previous reply was that you should not be using any cracks or keygene related files or programs. Never.

In that virus log from Kaspersky it makes reference to "Qoobox" i have no idea what this is, do you?

Those are items Combofix quarantined, don't worry about that right now. I believe you have ran Combofix before then? You should know how dangerous and what a powerfull toll Combofix is.

windows update, and the files failed to install, i've had a problem with the same 2 files for some time now.

What is the 2 files? What error code do you get when trying to update? Do you get an error code? What is it? I see it..

I would simply manually download that file package. The two download links: http://www.microsoft.com/downloads/details...;displaylang=en
http://www.microsoft.com/downloads/details...;displaylang=en

I don't think that will be considered a malware symptom but you bringing it up is certainly not a harm :thumbup2:

hope you're enjoying the lovely weather on this bank holiday weekend. DDS logs:

Yes. I am :)


Warning against P2P Programs. Please uninstall UTorrent.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case UTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Let me know how all goes, and if all is well, we will wrap up and clean our mess next post :step4:

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 31 May 2009 - 08:55 AM

Hello.

Are you still with me?

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 Joffa_d

Joffa_d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 31 May 2009 - 09:02 AM

Sorry for the delay, i've just mulling over the deletion of all of my emails, trying to figure out if there was someway to store them. And unless i can, i don't really want to go ahead and delete everything. Thanks for your help, but i think my next idea might be a format and clean install, don't install live mail and see how i get on. If the problem persists then i know it's definately a graphic card issue rather than a malware one. Again, thanks for all of your help. Regards, J.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 31 May 2009 - 09:37 AM

You're welcome then.

Good luck on the format. I'll go ahead and close this one now.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users