Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spy-agent.bw!.mem


  • This topic is locked This topic is locked
2 replies to this topic

#1 Bridget Howard

Bridget Howard

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 16 July 2009 - 07:10 AM

My computer has been running really slow and McAfee virus scan has identified the above virus. I have run the DDS scan and the COmbofix one as posted below:

DDS


DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 09/04/2005 10:08:15
System Uptime: 16/07/2009 10:31:32 (2 hours ago)

Motherboard: Dell Computer Corp. | | 0R8060
Processor: Intel® Celeron® CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 72 GiB total, 48.913 GiB free.
D: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe® Photoshop® Album Starter Edition 3.2
Brother MFL-Pro Suite
Dell Driver Reset Tool
Dell Media Experience
Dell System Restore
getPlus®_ocx
Google Earth
Google Toolbar for Internet Explorer
Gutterball
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Photo Album
Java 2 Runtime Environment, SE v1.4.2_03
Learning Ladder Preschool
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office XP Professional with FrontPage
Microsoft Works 7.0
Modem Event Monitor
Modem Helper
Modem On Hold
MP3 Player Utilities 3.68
Orange Search Toolbar
PaperPort
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Sky Broadband
Spybot - Search & Destroy 1.4
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

16/07/2009 12:07:13, error: Service Control Manager [7034] - The McAfee SystemGuards service terminated unexpectedly. It has done this 3 time(s).
16/07/2009 11:37:10, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
16/07/2009 10:34:04, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows User Mode Driver Framework service to connect.
16/07/2009 10:34:04, error: Service Control Manager [7000] - The Windows User Mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/07/2009 10:22:57, error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s).
16/07/2009 10:22:57, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/07/2009 08:33:56, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
15/07/2009 08:22:58, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
15/07/2009 08:22:26, error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s).
15/07/2009 08:22:26, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/07/2009 08:22:26, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/07/2009 08:22:26, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/07/2009 08:22:26, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
15/07/2009 08:22:26, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/07/2009 08:22:26, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
15/07/2009 08:11:05, error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).
15/07/2009 08:11:05, error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).
15/07/2009 08:11:04, error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
15/07/2009 08:11:04, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
15/07/2009 08:11:03, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
15/07/2009 08:08:14, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
15/07/2009 08:07:02, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/07/2009 08:07:02, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/07/2009 08:07:02, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/07/2009 08:07:02, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
15/07/2009 08:07:02, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/07/2009 07:06:36, error: Print [6161] - The document http://www.bleepingcomputer.com/combofix/how-to-use-combofix owned by Bridget Howard failed to print on printer Brother MFC-410CN USB Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 7753568. Number of bytes printed: 0. Total number of pages in the document: 9. Number of pages printed: 0. Client machine: \\HOWARDS. Win32 error code returned by the print processor: 2 (0x2).
10/07/2009 09:43:54, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
10/07/2009 09:43:54, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/07/2009 16:24:52, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
09/07/2009 16:24:03, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.

==== End Of File ===========================



COMBOFIX SCAN:

ComboFix 09-07-14.08 - Bridget Howard 16/07/2009 12:01.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.149 [GMT 1:00]
Running from: c:\documents and settings\Bridget Howard\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-03 10:06 . 2009-07-03 10:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-03 10:06 . 2009-07-03 10:06 -------- d-sh--w- c:\documents and settings\Bridget Howard\PrivacIE
2009-07-03 09:54 . 2009-07-03 09:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-03 09:53 . 2009-07-03 09:53 -------- d-sh--w- c:\documents and settings\Bridget Howard\IETldCache
2009-07-03 09:43 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-03 09:42 . 2009-07-03 09:42 -------- d-----w- c:\windows\ie8updates
2009-07-03 09:40 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 09:40 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 09:35 . 2009-07-03 09:37 -------- dc-h--w- c:\windows\ie8
2009-06-16 14:36 . 2009-06-16 14:36 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36 . 2009-06-16 14:36 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 12:42 . 2005-04-13 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-13 12:04 . 2006-05-26 16:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-10 08:41 . 2009-06-05 10:08 -------- d-----w- c:\program files\McAfee
2009-07-07 11:03 . 2008-10-07 05:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-16 14:36 . 2004-08-04 05:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 05:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-09 17:35 . 2009-06-09 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-06-08 12:21 . 2006-05-26 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-05 10:10 . 2009-06-05 10:09 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-05 10:09 . 2005-03-15 21:33 -------- d-----w- c:\program files\McAfee.com
2009-06-03 19:09 . 2004-08-04 05:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 08:42 . 2009-05-19 08:42 80896 ---ha-w- c:\windows\internat.exe
2009-05-13 05:15 . 2004-08-04 05:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 05:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-04 05:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2007-03-15 06:36 . 2007-03-15 06:36 5154816 ----a-w- c:\program files\WindowsDefender.msi
.

((((((((((((((((((((((((((((( SnapShot@2009-07-15_07.24.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-04-09 08:52 . 2009-07-16 10:49 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-04-09 08:52 . 2009-07-15 07:20 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-04-09 08:52 . 2009-07-16 10:49 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-04-09 08:52 . 2009-07-15 07:20 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-04-09 08:52 . 2009-07-15 07:20 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2005-04-09 08:52 . 2009-07-16 10:49 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2009-07-03 09:54 . 2009-07-16 09:46 245760 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat
- 2009-07-03 09:54 . 2009-07-15 07:20 245760 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\SYSTEM32\DLLCACHE\quartz.dll
+ 2005-10-26 19:01 . 2009-07-07 15:10 24539592 c:\windows\SYSTEM32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-15 98304]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2005-4-13 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\pavuppad.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=c_460621.nls
"aux2"=c_460621.nls
"mixer2"=c_460621.nls
"midi1"=c_460621.nls
"mixer1"=c_460621.nls
"midi2"=c_460621.nls
"wave2"=c_460621.nls
"aux1"=c_460621.nls

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 EcpFax;Team MFP Com Redirector;c:\windows\SYSTEM32\DRIVERS\Ecpfax.sys [29/09/2008 17:37 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [05/06/2009 11:18 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2005-04-09 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-05 09:53]

2009-06-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-05 09:53]

2009-07-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-07-16 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-06-08 00:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.speedtouch.co.uk/support_index.asp?menuCurrPos=5.
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
Trusted Zone: gomyhit.com
Trusted Zone: imagesrvr.com
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: imagesrvr.com
Trusted Zone: onerateld.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusschlacht.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 12:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\wininet.dll

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(2140)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-07-16 12:23
ComboFix-quarantined-files.txt 2009-07-16 11:23
ComboFix2.txt 2009-07-15 07:54

Pre-Run: 52,536,344,576 bytes free
Post-Run: 52,506,726,400 bytes free

181 --- E O F --- 2009-07-16 02:08

Attached Files

  • Attached File  dds.txt   12.29KB   1 downloads


BC AdBot (Login to Remove)

 


m

#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:28 AM

Posted 26 July 2009 - 09:49 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,703 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:28 PM

Posted 31 July 2009 - 07:41 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users