Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection(s)


  • This topic is locked This topic is locked
25 replies to this topic

#1 sisterrita

sisterrita

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:11:45 PM

Posted 17 August 2009 - 11:53 PM

I had posted in the "Am I Infected" on 8-13-09. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/249461/lost-system-restore/ "Have a need to do a system restore however when System Restore opens I get a blank page. It was there 2 days ago now nothing. Also my home page has gotten lost in space now. I open IE and
[url=http://runonce.msn.com/runonce3.aspx]http://runonce.msn.com/runonce3.aspx[/url]
comes up in the address bar and the page is blank. Did I get jacked? I had Mcafee set up but it now has disappeared also and I can't seem to re-install it."
Now I cannot get to my e-mail either. If I get lucky and do get one of my sites to open I cannot do anything, can't post on facebook, etc., pages are not complete either. Also my User Accounts page is blank.

After several attempts nothing has fixed the issues. Things already done are: (both in normal and in safe mode)
ran Malwarebytes Anti-Malware 4 times (quick and complete scans)
ran SUPERAntiSypware 4 times (and ATF Cleaner)
ran Dr.Web CureIt 4 times
ran Spybot S&D several times
downloaded ResetTeaTimer.zip (cannot unzip files)
downloaded Restore/Enable System Restore -did not work

Following are the last reports but nothing has helped.

Malwarebytes' Anti-Malware 1.40
Database version: 2636
Windows 5.1.2600 Service Pack 3

8/16/2009 1:19:00 PM
mbam-log-2009-08-16 (13-19-00).txt

Scan type: Full Scan (C:\|)
Objects scanned: 208707
Time elapsed: 26 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP263\A0081016.exe (Rogue.WindowsProtectionSuite) -> Quarantined and deleted successfully.

=========================================
Dr. Web

RegUBP2b-Rita Birdsong.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;


I don't know what else to do except post this HJT log and hope you can see what the issue(s) is/are.


==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.4
Amazing Adventures Around the World™
AOLIcon
Apple Software Update
Avalanche
Blood Ties
Bricks of Egypt 2
Brickshooter Egypt
Browser Address Error Redirector
Can You See What I See
Cate West - The Velvet Keys™
Chainz
Chainz 2 - Relinked
Compact Wireless-G USB Adapter
Conexant D850 56K V.9x DFVc Modem
Cradle of Persia
Dell DataSafe Online
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
Digital Line Detect
Documentation & Support Launcher
ERUNT 1.1j
Flip Words
G.H.O.S.T. Hunters
Games, Music, & Photos Launcher
GearDrvs
Get Medieval
Hidden Relics
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hoyle Classic Games II
Hoyle Slots 3
Hyperballoid
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Interpol - The Trail of Dr. Chaos
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 15
Karu
Keys to Manhattan™
Learn2 Player (Uninstall Only)
Lexmark 4300 Series
Little Shop - Memories
Little Shop - Road Trip
Little Shop of Treasures
Luxor 2
Mahjongg Madness
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
Monopoly Tycoon
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Mysteries of Horus
Mystery P.I. - The Lottery Ticket
Mystery P.I.™ - The Vegas Heist
Mysteryville 2
NetWaiting
Picasa 3
PowerDVD
QBeez 2
QuickTime
RealArcade
RealPlayer
Realtek High Definition Audio Driver
Rebound Lost Worlds - Recharged
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Scientific-Atlanta WebSTAR 2000 series Cable Modem
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shape Shifter
Sonic Activation Module
Sparkle
Spybot - Search & Destroy
Sunset Studio - Love on the High Seas
Super Collapse! II
Super GameHouse Solitaire Volume 3
Super Gem Drop
SUPERAntiSpyware Free Edition
The Legend of El Dorado
The Magician's Handbook - Cursed Valley
The Mystery of the Crystal Portal
The Nightshift Code
Top Ten Solitaire
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
Walls of Jericho
WebFldrs XP
Wild West Quest
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Zuma Deluxe

==== End Of File ===========================

DDS (Ver_09-07-30.01) - NTFSx86
Run by Rita Birdsong at 21:29:08.42 on Mon 08/17/2009
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: []
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LXCECATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCEtime.dll,_RunDLLEntry@16
mRun: [lxcemon.exe] "c:\program files\lexmark 4300 series\lxcemon.exe"
mRun: [EzPrint] "c:\program files\lexmark 4300 series\ezprint.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: firefox.com\www
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: mypage.com\www.myway
Trusted Zone: myway.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-17 18:38 -cd-h--- c:\windows\ie8
2009-08-17 18:37 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-17 18:37 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-15 16:18 --d----- c:\documents and settings\rita birdsong\DoctorWeb
2009-08-14 08:22 --d----- c:\program files\common files\Wise Installation Wizard
2009-08-14 07:40 -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-14 07:40 --d----- c:\program files\SUPERAntiSpyware
2009-08-14 07:40 --d----- c:\docume~1\ritabi~1\applic~1\SUPERAntiSpyware.com
2009-08-13 23:04 --d----- c:\docume~1\ritabi~1\applic~1\Malwarebytes
2009-08-13 23:04 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-13 23:04 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-13 23:04 -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-13 23:04 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-13 21:32 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-13 21:32 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-13 16:32 --d----- c:\windows\system32\wbem\Repository
2009-08-13 16:26 --d----- c:\program files\common files\McAfee
2009-08-13 16:23 2,523 a------- c:\windows\system32\Config.MPF
2009-08-13 16:20 --d----- c:\program files\common files\McAfee(2)
2009-08-13 15:40 -cd----- C:\ADWARE_LOG(2)
2009-08-13 13:11 -cd----- c:\docume~1\alluse~1\applic~1\f6dda5c
2009-08-13 11:34 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 11:34 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-12 15:11 --d----- c:\docume~1\ritabi~1\applic~1\Flood Light Games
2009-08-10 15:44 22 a------- c:\windows\kodakpcd.Rita Birdsong.ini
2009-08-10 15:41 446,003 ac------ C:\EasyShare.dmp
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-02 13:26 103,720 a------- c:\documents and settings\rita birdsong\GoToAssistDownloadHelper.exe
2009-07-27 10:51 3,380 a------- c:\windows\system32\OEMINFO.PNF
2009-07-20 10:22 --d----- c:\program files\common files\xing shared

==================== Find3M ====================

2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 06:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl(2).dll
2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 10:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 10:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 10:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 10:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 10:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 10:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 10:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 10:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 10:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 04:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-07-01 00:08 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-29 09:12 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 04:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-24 04:18 92,928 a------- c:\windows\system32\drivers\ksecdd.sys
2009-06-24 04:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 05:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 07:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc(2).dll
2009-06-09 23:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 12:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2008-07-11 21:12 156 ac------ c:\docume~1\ritabi~1\applic~1\wklnhst.dat
2008-02-19 14:05 774,144 ac------ c:\program files\RngInterstitial.dll
2008-09-26 00:28 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092620080927\index.dat

============= FINISH: 21:29:33.26 ===============

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/17 21:34
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8E4A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A1D000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7BED000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\rita birdsong\local settings\temp\~df72b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\rita birdsong\local settings\temp\~dfd2c6.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\corey\local settings\history\history.ie5\mshist012009081020090817\index.dat
Status: Allocation size mismatch (API: 12288, Raw: 4096)

Path: c:\documents and settings\corey\local settings\application data\identities\{dff16927-88e6-4eaa-a097-460b7e65289b}\microsoft\outlook express\outbox.dbx
Status: Allocation size mismatch (API: 16384, Raw: 24576)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\chainz 2 - relinked\chainz2.ini
Status: Allocation size mismatch (API: 4096, Raw: 640)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\karu\karu.css
Status: Allocation size mismatch (API: 4096, Raw: 712)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\brickshooter egypt\userdata\userdata.xml
Status: Allocation size mismatch (API: 4096, Raw: 664)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\g.h.o.s.t. hunters\ghost_hunter\main.cs.dso
Status: Allocation size mismatch (API: 4096, Raw: 536)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\karu\manual\bg2.gif
Status: Allocation size mismatch (API: 4096, Raw: 688)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\little shop - memories\properties\resource_11_bar_ani.xml
Status: Allocation size mismatch (API: 4096, Raw: 472)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\little shop - memories\properties\resource_4_rec_ani.xml
Status: Allocation size mismatch (API: 4096, Raw: 544)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteries of horus\images\blank.jpg
Status: Allocation size mismatch (API: 4096, Raw: 632)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\rebound lost worlds - recharged\readme_files\image004.jpg
Status: Allocation size mismatch (API: 4096, Raw: 616)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\rebound lost worlds - recharged\readme_files\image013.jpg
Status: Allocation size mismatch (API: 4096, Raw: 696)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\rebound lost worlds - recharged\readme_files\image015.jpg
Status: Allocation size mismatch (API: 4096, Raw: 664)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\rebound lost worlds - recharged\readme_files\image040.jpg
Status: Allocation size mismatch (API: 4096, Raw: 696)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\rebound lost worlds - recharged\readme_files\vssver.scc
Status: Allocation size mismatch (API: 4096, Raw: 672)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\keys to manhattan™\data\missionsettings.txt
Status: Allocation size mismatch (API: 4096, Raw: 520)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\little shop - memories\images\blitz\gra_best_time.png
Status: Allocation size mismatch (API: 4096, Raw: 528)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\little shop - memories\images\scenemain\scratch_light_flickr.jpg
Status: Allocation size mismatch (API: 4096, Raw: 520)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\monopoly tycoon\scripts\scenariobonus\hub.lua
Status: Allocation size mismatch (API: 4096, Raw: 648)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\monopoly tycoon\scripts\emptylevel\hub.lua
Status: Allocation size mismatch (API: 4096, Raw: 720)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\monopoly tycoon\scripts\scenario15\initialpref.lua
Status: Allocation size mismatch (API: 4096, Raw: 488)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\monopoly tycoon\scripts\scenario16\initialpref.lua
Status: Allocation size mismatch (API: 4096, Raw: 488)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\monopoly tycoon\scripts\tutorial12\initialpref.lua
Status: Allocation size mismatch (API: 4096, Raw: 496)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteries of horus\images\gui\hintback_.gif
Status: Allocation size mismatch (API: 4096, Raw: 536)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteries of horus\images\gui\slider_.gif
Status: Allocation size mismatch (API: 4096, Raw: 648)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteryville 2\data\effects\fieldeffect.par
Status: Allocation size mismatch (API: 4096, Raw: 560)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteryville 2\data\effects\gametipclick.par
Status: Allocation size mismatch (API: 4096, Raw: 568)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteryville 2\data\effects\timebegin.par
Status: Allocation size mismatch (API: 4096, Raw: 576)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\sunset studio - love on the high seas\data\properties\default.xml
Status: Allocation size mismatch (API: 4096, Raw: 672)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\sunset studio - love on the high seas\data\properties\resource_galley_scene_ani.xml
Status: Allocation size mismatch (API: 4096, Raw: 512)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\sunset studio - love on the high seas\data\properties\resource_ship_bridge_ani.xml
Status: Allocation size mismatch (API: 4096, Raw: 504)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\keys to manhattan™\gfx\item\match.png
Status: Allocation size mismatch (API: 4096, Raw: 712)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\g.h.o.s.t. hunters\ghost_hunter\gui\images\hint1.xpng
Status: Allocation size mismatch (API: 4096, Raw: 560)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\g.h.o.s.t. hunters\ghost_hunter\gui\images\investigator_tab.xpng
Status: Allocation size mismatch (API: 4096, Raw: 512)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteries of horus\images\game\shapes\border28.png
Status: Allocation size mismatch (API: 4096, Raw: 656)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteries of horus\images\game\shapes\hole28.png
Status: Allocation size mismatch (API: 4096, Raw: 712)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteries of horus\images\game\shapes\mask15.png
Status: Allocation size mismatch (API: 4096, Raw: 680)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteries of horus\images\game\shapes\mask16.png
Status: Allocation size mismatch (API: 4096, Raw: 664)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteries of horus\images\game\shapes\mask26.png
Status: Allocation size mismatch (API: 4096, Raw: 632)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteries of horus\images\game\shapes\mask41.png
Status: Allocation size mismatch (API: 4096, Raw: 688)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteries of horus\images\game\shapes\mask55.png
Status: Allocation size mismatch (API: 4096, Raw: 680)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\mysteries of horus\images\gui\cursors\drag_.gif
Status: Allocation size mismatch (API: 4096, Raw: 704)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\sunset studio - love on the high seas\data\images\gui\cursor_hot.png
Status: Allocation size mismatch (API: 4096, Raw: 536)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\sunset studio - love on the high seas\data\images\scenegame\pda_light.png
Status: Allocation size mismatch (API: 4096, Raw: 520)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\sunset studio - love on the high seas\data\images\scenegame\powerupnumbers.png
Status: Allocation size mismatch (API: 4096, Raw: 488)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\eyeblaster\button_skip.png
Status: Allocation size mismatch (API: 4096, Raw: 496)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\eyeblaster\button_windows.png
Status: Allocation size mismatch (API: 4096, Raw: 496)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\gamescene\time_fire.png
Status: Allocation size mismatch (API: 4096, Raw: 552)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\gamescene\time_fire_red.png
Status: Allocation size mismatch (API: 4096, Raw: 552)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\mapscene\laser_ball_size2.png
Status: Allocation size mismatch (API: 4096, Raw: 464)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\get medieval\medieval.vrz\player\sounds\sorceress\hit1.mp3
Status: Allocation size mismatch (API: 4096, Raw: 632)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\get medieval\medieval.vrz\players\sounds\barbarian\hit8.mp3
Status: Allocation size mismatch (API: 4096, Raw: 632)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\get medieval\medieval.vrz\players\sounds\sorceress\hit1.mp3
Status: Allocation size mismatch (API: 4096, Raw: 632)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\gui\defaultdialog\bottom_3.png
Status: Allocation size mismatch (API: 4096, Raw: 640)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\gui\defaultdialog\left_4.png
Status: Allocation size mismatch (API: 4096, Raw: 648)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\gui\defaultdialog\right_3.png
Status: Allocation size mismatch (API: 4096, Raw: 720)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\gui\defaultdialog\top_3.png
Status: Allocation size mismatch (API: 4096, Raw: 696)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\gui\hintdialog\bottom_right.png
Status: Allocation size mismatch (API: 4096, Raw: 528)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\ingame\assets\asset_0_33.png
Status: Allocation size mismatch (API: 4096, Raw: 496)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\ingame\assets\asset_0_46.png
Status: Allocation size mismatch (API: 4096, Raw: 528)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\ingame\assets\asset_0_47.png
Status: Allocation size mismatch (API: 4096, Raw: 504)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\ingame\assets\asset_0_32.png
Status: Allocation size mismatch (API: 4096, Raw: 512)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\ingame\bonusses\time.png
Status: Allocation size mismatch (API: 4096, Raw: 640)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\mapscene\temple2\reflector.png
Status: Allocation size mismatch (API: 4096, Raw: 520)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\mapscene\templedoor\goldglow01.png
Status: Allocation size mismatch (API: 4096, Raw: 560)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\mapscene\templedoor\gold_flubber_04.png
Status: Allocation size mismatch (API: 4096, Raw: 520)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\ingame\effects\explosions\flame_down_left_4.png
Status: Allocation size mismatch (API: 4096, Raw: 520)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\ingame\effects\explosions\flame_down_right_2.png
Status: Allocation size mismatch (API: 4096, Raw: 464)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\ingame\effects\explosions\flame_down_right_4.png
Status: Allocation size mismatch (API: 4096, Raw: 472)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\ingame\effects\explosions\flame_up_right_2.png
Status: Allocation size mismatch (API: 4096, Raw: 488)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\the legend of el dorado\media\images\ingame\effects\explosions\flame_up_right_4.png
Status: Allocation size mismatch (API: 4096, Raw: 504)

Path: c:\documents and settings\rita birdsong\local settings\application data\microsoft\cd burning\my games\keys to manhattan™\gfx\bg\stagescreens\stage08\bonusitems\bonusitem1\clock0002.png
Status: Allocation size mismatch (API: 4096, Raw: 592)

==EOF==

Edited by Orange Blossom, 18 August 2009 - 08:53 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 30 August 2009 - 07:36 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 sisterrita

sisterrita
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:11:45 PM

Posted 31 August 2009 - 04:15 PM

Thank you for your notification.

I believe the problem is solved, I copied all photos and files onto a cd then ran scans about another 8-9 times. I still don't know how or why it happened but machine seems to be working correctly now.

Again thank you.

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 31 August 2009 - 05:35 PM

Would you like to continue to ensure the machine is clean? Or are you content with the way everything is now and would like the thread closed? Please let me know in the next few days. If you'd like us to check, please post a DDS log. Up to you, but I want to make sure you get what you need. Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 sisterrita

sisterrita
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:11:45 PM

Posted 01 September 2009 - 12:48 AM

It won't hurt to have it checked by someone like you who knows whats what. It gave me 2 logs and both are below.



DDS (Ver_09-07-30.01) - NTFSx86
Run by Rita Birdsong at 22:41:35.62 on Mon 08/31/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.276 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku115.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Sukoku\sukoku.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Rita Birdsong\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uStart Page = hxxp://my.myway.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LXCECATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCEtime.dll,_RunDLLEntry@16
mRun: [lxcemon.exe] "c:\program files\lexmark 4300 series\lxcemon.exe"
mRun: [EzPrint] "c:\program files\lexmark 4300 series\ezprint.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\ritabi~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: firefox.com\www
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: mypage.com\www.myway
Trusted Zone: myway.com\www
Trusted Zone: realarcade.com\my
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ritabi~1\applic~1\mozilla\firefox\profiles\zktly9mn.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/
FF - component: c:\program files\internet saving optimizer\3.7.0.4550\ff\components\NPFFAddOn.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\media access startup\1.5.6.910\ff\components\HPFFAddOn.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-26 214024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-26 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-8-26 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-26 144704]
R2 Sukoku Service;Sukoku Service;c:\documents and settings\all users\application data\sukoku\sukoku115.exe [2009-8-26 54760]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-26 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-26 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-26 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-26 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-26 34248]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]

=============== Created Last 30 ================

2009-08-30 08:31 <DIR> --d----- c:\windows\system32\NtmsData
2009-08-26 12:42 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Gamers Digital
2009-08-26 12:42 <DIR> --d----- c:\docume~1\ritabi~1\applic~1\Gamers Digital
2009-08-26 12:38 <DIR> --d----- c:\program files\common files\xing shared
2009-08-26 11:34 7,741 a------- c:\windows\system32\Config.MPF
2009-08-26 10:56 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-08-26 10:56 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-08-26 10:56 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-08-26 10:56 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-08-26 10:56 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-08-26 10:55 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-08-26 10:55 <DIR> --d----- c:\program files\McAfee.com
2009-08-26 10:54 <DIR> --d----- c:\program files\McAfee
2009-08-25 20:29 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\MumboJumbo
2009-08-25 00:41 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Sukoku
2009-08-25 00:41 <DIR> --d----- c:\program files\Sukoku
2009-08-25 00:41 <DIR> --d----- c:\program files\Media Access Startup
2009-08-25 00:41 <DIR> --d----- c:\program files\Internet Saving Optimizer
2009-08-25 00:41 <DIR> --d----- c:\program files\System Search Dispatcher
2009-08-25 00:41 <DIR> --d----- c:\program files\DoubleD
2009-08-24 22:27 <DIR> --d----- c:\program files\AskBarDis
2009-08-24 13:52 <DIR> --d----- c:\program files\common files\Jasc Software Inc
2009-08-24 13:51 <DIR> --d----- c:\program files\Jasc Software Inc
2009-08-20 00:12 <DIR> --d----- c:\docume~1\ritabi~1\applic~1\GameHousev1001
2009-08-19 14:10 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\RealArcade
2009-08-18 19:59 <DIR> --d----- c:\program files\Yahoo!
2009-08-18 17:23 <DIR> --d----- c:\program files\Microsoft
2009-08-18 17:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-18 14:14 98,304 a------- c:\windows\system32\dllcache\a3d.dll
2009-08-18 14:14 689,216 a------- c:\windows\system32\dllcache\3dfxvs.dll
2009-08-18 14:14 148,352 a------- c:\windows\system32\dllcache\3dfxvsm.sys
2009-08-18 14:14 48,128 a------- c:\windows\system32\dllcache\61883.sys
2009-08-18 14:14 38,400 a------- c:\windows\system32\dllcache\8514a.dll
2009-08-18 14:14 12,288 a------- c:\windows\system32\dllcache\4mmdat.sys
2009-08-18 14:14 762,780 a------- c:\windows\system32\dllcache\3cwmcru.sys
2009-08-18 14:14 53,376 a------- c:\windows\system32\dllcache\1394bus.sys
2009-08-18 14:14 11,264 a------- c:\windows\system32\dllcache\1394vdbg.sys
2009-08-18 14:05 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-08-18 13:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-08-18 12:13 <DIR> --d----- c:\windows\system32\vmm32
2009-08-17 18:38 <DIR> -cd-h--- c:\windows\ie8
2009-08-17 18:37 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-17 18:37 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-15 16:18 <DIR> --d----- c:\documents and settings\rita birdsong\DoctorWeb
2009-08-14 08:22 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-14 07:40 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-14 07:40 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-14 07:40 <DIR> --d----- c:\docume~1\ritabi~1\applic~1\SUPERAntiSpyware.com
2009-08-13 23:04 <DIR> --d----- c:\docume~1\ritabi~1\applic~1\Malwarebytes
2009-08-13 23:04 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-13 23:04 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-13 23:04 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-13 23:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-13 21:32 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-13 16:32 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-13 16:26 <DIR> --d----- c:\program files\common files\McAfee
2009-08-13 16:20 <DIR> --d----- c:\program files\common files\McAfee(2)
2009-08-13 15:40 <DIR> -cd----- C:\ADWARE_LOG(2)
2009-08-13 13:11 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\f6dda5c
2009-08-13 11:34 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 11:34 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-12 15:11 <DIR> --d----- c:\docume~1\ritabi~1\applic~1\Flood Light Games
2009-08-10 15:44 22 a------- c:\windows\kodakpcd.Rita Birdsong.ini
2009-08-10 15:41 446,003 ac------ C:\EasyShare.dmp
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-02 13:26 103,720 a------- c:\documents and settings\rita birdsong\GoToAssistDownloadHelper.exe

==================== Find3M ====================

2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 06:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl(2).dll
2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 10:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 10:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 10:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 10:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 10:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 10:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 10:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 10:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 04:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-07-01 00:08 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-29 09:12 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 04:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-24 04:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 05:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 07:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc(2).dll
2009-06-09 23:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 12:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2008-07-11 21:12 156 ac------ c:\docume~1\ritabi~1\applic~1\wklnhst.dat
2008-02-19 14:05 774,144 ac------ c:\program files\RngInterstitial.dll
2008-09-26 00:28 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092620080927\index.dat

============= FINISH: 22:42:37.90 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/19/2008 1:49:14 PM
System Uptime: 8/31/2009 10:38:49 PM (0 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | Socket 775 | 1795/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 295 GiB total, 277.756 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP172: 6/6/2009 10:05:28 AM - Norton 360 Registry Clean
RP173: 6/7/2009 10:16:49 AM - Software Distribution Service 3.0
RP174: 6/7/2009 10:42:53 AM - Printer Driver Microsoft XPS Document Writer Installed
RP175: 6/7/2009 11:57:52 AM - Restore Operation
RP176: 6/7/2009 3:21:13 PM - Restore Operation
RP177: 6/7/2009 4:44:12 PM - Software Distribution Service 3.0
RP178: 6/8/2009 9:22:06 PM - System Checkpoint
RP179: 6/9/2009 9:42:12 PM - System Checkpoint
RP180: 5/10/2009 2:12:26 PM - System Checkpoint
RP181: 5/11/2009 5:11:45 PM - Norton 360 Registry Clean
RP182: 5/12/2009 6:09:15 PM - Software Distribution Service 3.0
RP183: 5/13/2009 9:04:54 PM - System Checkpoint
RP184: 5/15/2009 12:00:16 PM - System Checkpoint
RP185: 5/16/2009 12:54:51 PM - System Checkpoint
RP186: 5/17/2009 3:44:12 PM - System Checkpoint
RP187: 5/19/2009 7:06:42 PM - System Checkpoint
RP188: 5/21/2009 3:19:52 PM - System Checkpoint
RP189: 5/22/2009 6:10:44 PM - System Checkpoint
RP190: 5/23/2009 9:25:28 PM - System Checkpoint
RP191: 5/24/2009 10:33:01 PM - System Checkpoint
RP192: 5/25/2009 10:53:53 PM - System Checkpoint
RP193: 5/26/2009 7:52:41 PM - Software Distribution Service 3.0
RP194: 5/28/2009 4:17:11 PM - System Checkpoint
RP195: 5/29/2009 4:31:59 PM - System Checkpoint
RP196: 5/31/2009 2:35:35 PM - System Checkpoint
RP197: 6/2/2009 8:26:27 AM - System Checkpoint
RP198: 6/3/2009 2:24:09 PM - System Checkpoint
RP199: 6/4/2009 2:46:50 PM - System Checkpoint
RP200: 6/5/2009 3:05:22 PM - System Checkpoint
RP201: 6/7/2009 11:11:42 AM - System Checkpoint
RP202: 6/8/2009 4:01:59 PM - System Checkpoint
RP203: 6/10/2009 6:31:47 PM - System Checkpoint
RP204: 6/11/2009 1:08:20 PM - Software Distribution Service 3.0
RP205: 6/12/2009 5:29:26 PM - System Checkpoint
RP206: 6/13/2009 7:30:52 PM - System Checkpoint
RP207: 6/14/2009 7:50:15 PM - System Checkpoint
RP208: 6/15/2009 7:50:47 PM - System Checkpoint
RP209: 6/16/2009 8:39:14 PM - System Checkpoint
RP210: 6/18/2009 11:56:58 AM - System Checkpoint
RP211: 6/19/2009 12:20:05 PM - System Checkpoint
RP212: 6/20/2009 4:39:31 PM - System Checkpoint
RP213: 6/21/2009 4:51:23 PM - System Checkpoint
RP214: 6/22/2009 6:52:11 PM - System Checkpoint
RP215: 6/23/2009 9:40:03 PM - System Checkpoint
RP216: 6/24/2009 11:21:38 PM - Software Distribution Service 3.0
RP217: 6/26/2009 1:02:39 PM - System Checkpoint
RP218: 6/27/2009 3:57:03 PM - System Checkpoint
RP219: 6/28/2009 4:47:19 PM - System Checkpoint
RP220: 6/29/2009 4:51:00 PM - System Checkpoint
RP221: 6/30/2009 5:17:56 PM - System Checkpoint
RP222: 7/1/2009 7:18:18 PM - System Checkpoint
RP223: 7/2/2009 10:17:07 PM - System Checkpoint
RP224: 7/3/2009 11:15:54 PM - System Checkpoint
RP225: 7/5/2009 10:27:08 AM - System Checkpoint
RP226: 7/6/2009 2:43:17 PM - System Checkpoint
RP227: 7/7/2009 3:38:45 PM - System Checkpoint
RP228: 7/9/2009 9:50:12 AM - Restore Operation
RP229: 7/10/2009 4:03:06 PM - System Checkpoint
RP230: 7/11/2009 4:49:35 PM - System Checkpoint
RP231: 7/12/2009 9:19:41 PM - System Checkpoint
RP232: 7/13/2009 2:31:44 PM - Restore Operation
RP233: 7/13/2009 2:36:02 PM - Restore Operation
RP234: 7/14/2009 3:41:47 PM - System Checkpoint
RP235: 7/15/2009 12:42:54 PM - Software Distribution Service 3.0
RP236: 7/15/2009 5:13:34 PM - Installed DirectX
RP237: 7/15/2009 7:50:27 PM - Restore Operation
RP238: 7/15/2009 8:38:09 PM - Software Distribution Service 3.0
RP239: 7/16/2009 8:58:22 PM - System Checkpoint
RP240: 7/19/2009 11:06:20 AM - System Checkpoint
RP241: 7/20/2009 2:07:09 PM - System Checkpoint
RP242: 7/21/2009 5:56:30 PM - System Checkpoint
RP243: 7/22/2009 7:46:52 PM - System Checkpoint
RP244: 7/23/2009 8:51:53 PM - System Checkpoint
RP245: 7/24/2009 9:11:59 PM - System Checkpoint
RP246: 7/25/2009 10:26:23 PM - System Checkpoint
RP247: 7/26/2009 6:35:40 PM - Installed Steam
RP248: 7/28/2009 1:51:06 AM - System Checkpoint
RP249: 7/28/2009 3:13:21 PM - Software Distribution Service 3.0
RP250: 7/29/2009 8:58:16 PM - System Checkpoint
RP251: 7/30/2009 10:47:24 PM - System Checkpoint
RP252: 7/31/2009 11:17:59 PM - System Checkpoint
RP253: 8/2/2009 11:28:27 AM - Restore Operation
RP254: 8/2/2009 12:42:00 PM - Restore Operation
RP255: 8/3/2009 9:21:18 PM - System Checkpoint
RP256: 8/5/2009 9:00:41 AM - System Checkpoint
RP257: 8/8/2009 6:54:04 PM - System Checkpoint
RP258: 8/9/2009 7:35:21 PM - System Checkpoint
RP259: 8/11/2009 8:06:56 AM - System Checkpoint
RP260: 8/12/2009 3:03:47 PM - System Checkpoint
RP261: 8/12/2009 7:26:05 PM - Restore Operation
RP262: 8/13/2009 3:41:43 PM - Software Distribution Service 3.0
RP263: 8/13/2009 4:24:35 PM - Restore Operation
RP264: 8/13/2009 4:31:43 PM - Restore Operation
RP265: 8/13/2009 4:35:07 PM - Software Distribution Service 3.0
RP266: 8/13/2009 6:22:01 PM - Installed Windows XP KB915865.
RP267: 8/13/2009 6:22:29 PM - Installed Windows NLSDownlevelMapping.
RP268: 8/13/2009 6:22:46 PM - Installed Windows IDNMitigationAPIs.
RP269: 8/13/2009 6:22:59 PM - Installed Windows Internet Explorer 7.
RP270: 8/13/2009 7:12:34 PM - Installed Windows XP KB915865.
RP271: 8/13/2009 7:13:00 PM - Installed Windows NLSDownlevelMapping.
RP272: 8/13/2009 7:13:17 PM - Installed Windows IDNMitigationAPIs.
RP273: 8/13/2009 7:13:30 PM - Installed Windows Internet Explorer 7.
RP274: 8/13/2009 7:13:40 PM - Software Distribution Service 3.0
RP275: 8/13/2009 7:16:52 PM - Software Distribution Service 3.0
RP276: 8/13/2009 9:31:57 PM - Installed Java™ 6 Update 15
RP277: 8/13/2009 10:02:26 PM - Installed Windows XP KB915865.
RP278: 8/13/2009 10:02:53 PM - Installed Windows NLSDownlevelMapping.
RP279: 8/13/2009 10:03:10 PM - Installed Windows IDNMitigationAPIs.
RP280: 8/13/2009 10:03:24 PM - Installed Windows Internet Explorer 7.
RP281: 8/14/2009 7:40:22 AM - Installed SUPERAntiSpyware Free Edition
RP282: 8/14/2009 8:03:36 AM - Removed SUPERAntiSpyware Free Edition
RP283: 8/14/2009 8:23:19 AM - Installed SUPERAntiSpyware Free Edition
RP284: 8/14/2009 10:00:38 AM - Software Distribution Service 3.0
RP285: 8/14/2009 11:15:07 AM - Installed Windows XP KB915865.
RP286: 8/14/2009 11:15:34 AM - Installed Windows NLSDownlevelMapping.
RP287: 8/14/2009 11:15:51 AM - Installed Windows IDNMitigationAPIs.
RP288: 8/14/2009 11:16:04 AM - Installed Windows Internet Explorer 7.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Amazing Adventures Around the World™
Amazing Heists™ - Dillinger
AOLIcon
Apple Software Update
Ask Toolbar
Avalanche
Blood Ties
Bricks of Egypt 2
Brickshooter Egypt
Browser Address Error Redirector
Can You See What I See
Cate West - The Velvet Keys™
Chainz
Chainz 2 - Relinked
Compact Wireless-G USB Adapter
Conexant D850 56K V.9x DFVc Modem
Cradle of Persia
Dell DataSafe Online
Dell Driver Reset Tool
Dell Resource CD
Dell Support Center (Support Software)
Dell System Restore
Digital Line Detect
Documentation & Support Launcher
ERUNT 1.1j
Flip Words
G.H.O.S.T. Hunters
Games, Music, & Photos Launcher
GearDrvs
Get Medieval
Hidden Relics
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hoyle Classic Games II
Hoyle Slots 3
Hyperballoid
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Interpol - The Trail of Dr. Chaos
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album 5
Java™ 6 Update 15
Karu
Keys to Manhattan™
Learn2 Player (Uninstall Only)
Lexmark 4300 Series
Little Shop - Memories
Little Shop - Road Trip
Little Shop of Treasures
Luxor 2
Mahjongg Madness
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Media Access Startup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
Monopoly Tycoon
Mozilla Firefox (3.5.2)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Mysteries of Horus
Mystery P.I. - The Lottery Ticket
Mystery P.I.™ - The Vegas Heist
Mysteryville 2
NetWaiting
Picasa 3
PowerDVD
QBeez 2
QuickTime
RealArcade
RealPlayer
Realtek High Definition Audio Driver
Rebound Lost Worlds - Recharged
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Scientific-Atlanta WebSTAR 2000 series Cable Modem
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shape Shifter
Sonic Activation Module
Sparkle
Spybot - Search & Destroy
Sukoku 1.0 build 115
Sunset Studio - Love on the High Seas
Super Collapse! II
Super GameHouse Solitaire Volume 3
Super Gem Drop
SUPERAntiSpyware Free Edition
System Search Dispatcher
The Legend of El Dorado
The Magician's Handbook - Cursed Valley
The Mystery of the Crystal Portal
The Nightshift Code
Top Ten Solitaire
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
Walls of Jericho
WebFldrs XP
Wild West Quest
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

8/30/2009 5:34:53 PM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
8/29/2009 11:47:55 AM, error: Print [6161] - The document 4 x 6 in. cutout prints owned by Rita Birdsong failed to print on printer Lexmark 4300 Series. Data type: LEMF. Size of the spool file in bytes: 140627842. Number of bytes printed: 140627842. Total number of pages in the document: 4. Number of pages printed: 0. Client machine: \\BIGRED. Win32 error code returned by the print processor: 6 (0x6).
8/26/2009 6:34:37 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000006, parameter2 00000002, parameter3 00000000, parameter4 f715f508.
8/26/2009 11:15:56 AM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 11 time(s).
8/26/2009 11:12:45 AM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 10 time(s).
8/26/2009 11:12:35 AM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 9 time(s).
8/26/2009 11:07:31 AM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 8 time(s).
8/26/2009 11:07:21 AM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 7 time(s).
8/26/2009 11:06:32 AM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 6 time(s).
8/26/2009 11:06:32 AM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 5 time(s).
8/26/2009 11:02:21 AM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 4 time(s).
8/26/2009 11:00:49 AM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
8/26/2009 11:00:18 AM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/26/2009 10:59:45 AM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/26/2009 10:55:20 AM, error: DCOM [10001] - Unable to start a DCOM Server: {6A972E27-93E2-4F98-8367-4101B2073814} as /. The error: "%2" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
8/26/2009 10:30:53 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/26/2009 10:30:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk MPFP
8/26/2009 10:30:29 AM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified.
8/26/2009 10:30:29 AM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the path specified.
8/26/2009 10:30:29 AM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
8/26/2009 10:30:29 AM, error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The system cannot find the file specified.
8/26/2009 10:30:29 AM, error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The system cannot find the path specified.
8/26/2009 10:30:29 AM, error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 05 September 2009 - 05:20 PM

Hello.

Let's run a scan with Malwarebytes followed by RootRepeal...

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.
  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Posted Image tab at the bottom.
  • Now press the Posted Image button.
  • A box will pop up, check the boxes beside All Seven options/scan area
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.
Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 sisterrita

sisterrita
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:11:45 PM

Posted 05 September 2009 - 11:58 PM

Here are the logs.



Malwarebytes' Anti-Malware 1.40
Database version: 2747
Windows 5.1.2600 Service Pack 3

9/5/2009 9:23:56 PM
mbam-log-2009-09-05 (21-23-56).txt

Scan type: Quick Scan
Objects scanned: 122870
Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

===========================

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/05 21:34
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA987A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79FF000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA900E000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\temp\sqlite_gjtrmmn5sqewbza
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_4vkhburmxm7ub9d
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_8samvc16z8v8faz
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_o5ns37qvhn7ozui
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_fj5wbzxmu04baz9
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_ntsw9gxwrhhdxht
Status: Allocation size mismatch (API: 4096, Raw: 0)

==EOF==

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 06 September 2009 - 09:51 AM

Hello.

That looks okay.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply.


Also, is your computer running okay? I know you are just checking up to make sure all is okay, but just want to confirm this.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 sisterrita

sisterrita
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:11:45 PM

Posted 06 September 2009 - 02:30 PM

Seems to be running fine. Thank you for your assistance.



Malwarebytes' Anti-Malware 1.40
Database version: 2747
Windows 5.1.2600 Service Pack 3 (Safe Mode)

9/6/2009 11:20:49 AM
mbam-log-2009-09-06 (11-20-48).txt

Scan type: Quick Scan
Objects scanned: 121031
Time elapsed: 7 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




**************************

DDS (Ver_09-07-30.01) - NTFSx86 MINIMAL
Run by Rita Birdsong at 12:19:21.29 on Sun 09/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.633 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rita Birdsong\Desktop\Unused Desktop Shortcuts\cleaner files\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uStart Page = hxxp://my.myway.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LXCECATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCEtime.dll,_RunDLLEntry@16
mRun: [lxcemon.exe] "c:\program files\lexmark 4300 series\lxcemon.exe"
mRun: [EzPrint] "c:\program files\lexmark 4300 series\ezprint.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\ritabi~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: firefox.com\www
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: mypage.com\www.myway
Trusted Zone: myway.com\www
Trusted Zone: realarcade.com\my
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ritabi~1\applic~1\mozilla\firefox\profiles\zktly9mn.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-8-26 214024]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-26 210216]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-8-26 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-26 144704]
S2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-26 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-26 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-26 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-26 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-26 606736]

=============== Created Last 30 ================

2009-09-06 11:06 8,212 a------- c:\windows\mfebcdata
2009-09-05 21:05 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-05 21:05 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-03 16:59 <DIR> --d----- c:\docume~1\ritabi~1\applic~1\Fuel Industries
2009-09-02 00:15 <DIR> --d----- c:\docume~1\ritabi~1\applic~1\IronCode
2009-08-30 08:31 <DIR> --d----- c:\windows\system32\NtmsData
2009-08-26 12:42 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Gamers Digital
2009-08-26 12:42 <DIR> --d----- c:\docume~1\ritabi~1\applic~1\Gamers Digital
2009-08-26 12:38 <DIR> --d----- c:\program files\common files\xing shared
2009-08-26 11:34 9,361 a------- c:\windows\system32\Config.MPF
2009-08-26 10:56 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-08-26 10:56 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-08-26 10:56 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-08-26 10:56 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-08-26 10:56 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-08-26 10:55 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-08-26 10:55 <DIR> --d----- c:\program files\McAfee.com
2009-08-26 10:54 <DIR> --d----- c:\program files\McAfee
2009-08-25 20:29 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\MumboJumbo
2009-08-25 00:41 <DIR> --d----- c:\program files\Sukoku
2009-08-24 22:27 <DIR> --d----- c:\program files\AskBarDis
2009-08-24 13:52 <DIR> --d----- c:\program files\common files\Jasc Software Inc
2009-08-24 13:51 <DIR> --d----- c:\program files\Jasc Software Inc
2009-08-20 00:12 <DIR> --d----- c:\docume~1\ritabi~1\applic~1\GameHousev1001
2009-08-19 14:10 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\RealArcade
2009-08-18 19:59 <DIR> --d----- c:\program files\Yahoo!
2009-08-18 17:23 <DIR> --d----- c:\program files\Microsoft
2009-08-18 17:22 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-18 14:14 98,304 a------- c:\windows\system32\dllcache\a3d.dll
2009-08-18 14:14 689,216 a------- c:\windows\system32\dllcache\3dfxvs.dll
2009-08-18 14:14 148,352 a------- c:\windows\system32\dllcache\3dfxvsm.sys
2009-08-18 14:14 48,128 a------- c:\windows\system32\dllcache\61883.sys
2009-08-18 14:14 38,400 a------- c:\windows\system32\dllcache\8514a.dll
2009-08-18 14:14 12,288 a------- c:\windows\system32\dllcache\4mmdat.sys
2009-08-18 14:14 762,780 a------- c:\windows\system32\dllcache\3cwmcru.sys
2009-08-18 14:14 53,376 a------- c:\windows\system32\dllcache\1394bus.sys
2009-08-18 14:14 11,264 a------- c:\windows\system32\dllcache\1394vdbg.sys
2009-08-18 14:05 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-08-18 13:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-08-18 12:13 <DIR> --d----- c:\windows\system32\vmm32
2009-08-17 18:38 <DIR> -cd-h--- c:\windows\ie8
2009-08-17 18:37 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-08-17 18:37 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-08-15 16:18 <DIR> --d----- c:\documents and settings\rita birdsong\DoctorWeb
2009-08-14 08:22 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-14 07:40 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-14 07:40 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-14 07:40 <DIR> --d----- c:\docume~1\ritabi~1\applic~1\SUPERAntiSpyware.com
2009-08-13 23:04 <DIR> --d----- c:\docume~1\ritabi~1\applic~1\Malwarebytes
2009-08-13 23:04 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-13 21:32 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-13 16:32 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-13 16:26 <DIR> --d----- c:\program files\common files\McAfee
2009-08-13 16:20 <DIR> --d----- c:\program files\common files\McAfee(2)
2009-08-13 15:40 <DIR> -cd----- C:\ADWARE_LOG(2)
2009-08-13 13:11 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\f6dda5c
2009-08-13 11:34 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 11:34 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-12 15:11 <DIR> --d----- c:\docume~1\ritabi~1\applic~1\Flood Light Games
2009-08-10 15:44 22 a------- c:\windows\kodakpcd.Rita Birdsong.ini
2009-08-10 15:41 446,003 ac------ C:\EasyShare.dmp

==================== Find3M ====================

2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-02 13:26 103,720 a------- c:\documents and settings\rita birdsong\GoToAssistDownloadHelper.exe
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 06:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl(2).dll
2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 10:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 10:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 10:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 10:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 10:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 10:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 10:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 10:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 04:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-07-01 00:08 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-29 09:12 133,120 -------- c:\windows\system32\dllcache\extmgr.dll
2009-06-29 04:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-24 04:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 05:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 07:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc(2).dll
2009-06-09 23:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2008-07-11 21:12 156 ac------ c:\docume~1\ritabi~1\applic~1\wklnhst.dat
2008-02-19 14:05 774,144 ac------ c:\program files\RngInterstitial.dll
2008-09-26 00:28 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092620080927\index.dat

============= FINISH: 12:19:49.73 ===============

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 06 September 2009 - 04:35 PM

Hello.

Let's run an online scan and see what may be left still.

Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 sisterrita

sisterrita
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:11:45 PM

Posted 07 September 2009 - 11:32 AM

According to Kaspersky I should uninstall any other antivirus program before installing Kaspersky. Does this mean I should uninstall my McAfee, Malwarebytes and S&D first? And since I do have McAfee do I still need S&D?

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 07 September 2009 - 11:43 AM

Hello.

No. You can just disable them. This one is just a Kaspersky online scan.

Spybot is just another anti-spyware program. I don't find it very necessary to have anymore. You can keep it if you wish. Malwarebytes and Superanti-spyware are better anti-malware programs now.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 sisterrita

sisterrita
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:11:45 PM

Posted 07 September 2009 - 12:10 PM

Ok. I have both Malwarebytes and Superanti-spyware because you have had me using it. I'll get rid of S&D. Will continue with the scanning in a couple of hours (gotta get some things done) and I'll be back.

Thanks so much for your help.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 AM

Posted 07 September 2009 - 12:36 PM

Sure. Thanks for letting me know.

Edited by extremeboy, 07 September 2009 - 12:36 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 sisterrita

sisterrita
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:AZ
  • Local time:11:45 PM

Posted 07 September 2009 - 02:53 PM

here are the most recent logs.

Monday, September 7, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 07, 2009 18:31:34
Records in database: 2756973
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Objects scanned 85586
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 01:27:32

No threats found. Scanned area is clean.
Selected area has been scanned.

***********

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/19/2008 1:49:14 PM
System Uptime: 9/7/2009 9:11:21 AM (3 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | Socket 775 | 1795/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 295 GiB total, 277.476 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users