Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Invalid Security Certificate Problem


  • This topic is locked This topic is locked
15 replies to this topic

#1 lost42

lost42

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 14 January 2010 - 03:56 PM

Hello,

About a month or two ago I had my computer cleaned of malware with the help of a user from a different forum. However, when I try to access certain sites (sites I know I can trust like google.com, gmail or facebook) I will occasionally (and frustratingly) be told that "this may not be the site you are looking for. At first I thought it was a fluke, but it seems to be happening much too often for that. I get the error on every browser I try to access the site with (IE, chrome, and firefox). When the site works on one browser, it works on all of them, and when it does not work, it does not work on all browsers. (when I click proceed as normal, I get an error or the site just doesn't load). Other than this, my computer seems to be working normally.

I will attach a screenshot of the specific message I recieve (from firefox). I don't understand why a site like google would not be safe to visit, and I would like to know if a virus is responsible!

Thanks in advance for all your help!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Jason at 14:19:18.00 on Thu 01/14/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.352 [GMT -6:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: McAfee SiteAdvisor: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\jason\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup & record\uBBMonitor.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v50/jeopardy/jeopardy.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jason\applic~1\mozilla\firefox\profiles\ck7txf7f.default\
FF - component: c:\documents and settings\jason\application data\mozilla\firefox\profiles\ck7txf7f.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\jason\application data\mozilla\firefox\profiles\ck7txf7f.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\jason\application data\mozilla\firefox\profiles\ck7txf7f.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: c:\documents and settings\jason\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jason\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-1 343664]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-11-8 47640]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-5-5 231424]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2009-8-31 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-8-31 146448]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-8-31 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-12-29 70728]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-1 24652]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-1 91672]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-1 43288]
S3 cpuz130;cpuz130;\??\c:\docume~1\jason\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\jason\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-12-29 65448]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-1 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-1 40552]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-01-14 06:43:29 0 d-----w- c:\program files\Trend Micro
2009-12-31 07:21:59 0 d-----w- c:\windows\Performance
2009-12-31 07:20:51 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-12-31 07:04:07 0 d-----r- c:\program files\Skype
2009-12-31 06:00:31 0 d-----w- c:\docume~1\jason\applic~1\QuickScan
2009-12-29 20:57:40 75704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-12-29 20:57:40 70728 ----a-w- c:\windows\system32\mfevtps.exe
2009-12-29 20:57:40 65448 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2009-12-29 20:57:40 63728 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-12-29 20:57:16 0 d-----w- c:\program files\common files\McAfee
2009-12-29 20:56:56 0 d-----w- c:\program files\common files\Cisco Systems
2009-12-29 20:56:31 0 d-----w- c:\program files\McAfee
2009-12-27 07:10:24 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-27 07:10:24 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-27 07:10:24 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-27 07:10:23 159232 ----a-w- c:\windows\system32\ptpusd.dll

==================== Find3M ====================

2010-01-14 06:32:00 12913 ----a-w- c:\windows\system32\tablet.dat
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-09 04:47:24 25130 ----a-w- c:\docume~1\jason\applic~1\wklnhst.dat
2009-12-03 22:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2009-11-13 22:57:16 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57:16 922112 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2009-11-13 22:57:16 62592 ------w- c:\windows\system32\dllcache\cdrom.sys
2009-11-13 22:57:16 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-13 22:57:16 426496 ------w- c:\windows\system32\dllcache\imapi2.dll
2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2008-07-01 21:37:39 251 ----a-w- c:\program files\wt3d.ini
2009-06-10 10:58:18 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-05-15 23:45:02 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051520090516\index.dat

============= FINISH: 14:20:22.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 AM

Posted 14 January 2010 - 05:34 PM

Hi lost42,

Welcome to BC HijackThis forum.

Go to start > Control Panel > internet options.
  • Under General tab press Delete... then make sure all the sections are checked and click Delete.
  • Under Advanced tab click Restore advanced settings

Now please check those sites once more and tell me if you have any trouble with them.

Regards,
farbar

#3 lost42

lost42
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 15 January 2010 - 03:48 PM

Thank you for your response, Farbar. I followed your instructions and everything seemed to be working fine (I could access the sites with no problems). However, I just tried to log in to facebook and got the same error as before. I will attach a screenshot of the error.

As usual, I will probably be able to log in a bit later..but I just wonder why it only works at certain times?


Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 AM

Posted 15 January 2010 - 04:12 PM

Is this the only site (facebook) giving you that warning?

Edited by farbar, 15 January 2010 - 04:35 PM.


#5 lost42

lost42
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 15 January 2010 - 05:02 PM

I have gotten the warning from gmail, google, and facebook. I don't get the warnings at the same time though.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 AM

Posted 15 January 2010 - 05:38 PM

If you Google facebook log inand a248.e.akamai.net there are plenty of people with the same issue. I'm not sure if this is malware related.

We can take a deeper look into your system to make sure:
  1. This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

      Note: Please don't use the registry cleaner of CCleaner or any other registry cleaner unless you know what you are doing.

  2. Download the GMER Rootkit Scanner exe file from here and save it to your desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
      • Sections
      • IAT/EAT
      • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
      • Show All (this one also should be unchecked)
    • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
    • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
    • Save the file as gmer.log and copy/paste the contents in your next reply. Please post the log then proceed with the next step.

  3. Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#7 lost42

lost42
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 16 January 2010 - 11:35 AM

I'm posting the gmer log and will now proceed with combofix.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-16 09:47:47
Windows 5.1.2600 Service Pack 3
Running: y5glm9g6.exe; Driver: C:\DOCUME~1\Jason\LOCALS~1\Temp\awrdapog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF723D7B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF723D676]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF723D610]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF723D624]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF723D68A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF723D6B6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF723D724]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF723D70E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF723D73A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF723D7F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF723D766]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF723D662]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF723D5D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF723D5E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF723D7CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF723D7A2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF723D6F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF723D6E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF723D6A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF723D78E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF723D77A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF723D64E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF723D63A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF723D6CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF723D827]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xF723D750]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF723D80E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF723D7E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----


#8 lost42

lost42
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 16 January 2010 - 12:18 PM

ComboFix 10-01-16.01 - Jason 01/16/2010 11:10:38.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.578 [GMT -6:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-16 16:36 . 2010-01-16 16:36 -------- d-----w- C:\QUARANTINE
2010-01-15 23:04 . 2010-01-15 23:04 -------- d-----w- c:\program files\CCleaner
2010-01-14 06:43 . 2010-01-14 06:43 -------- d-----w- c:\program files\Trend Micro
2010-01-14 06:29 . 2010-01-14 06:29 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-14 06:07 . 2010-01-14 06:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-02 23:48 . 2010-01-02 23:48 188 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1E5C99259F07D1D31AAFDBCE4ACE0851.dll
2010-01-02 23:48 . 2010-01-02 23:48 1725 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D5F7A7571A9F5CD478830C3AC156B88C.dll
2010-01-02 23:48 . 2010-01-02 23:48 46 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_AB4C301D509FA7340894BD4267B3EB63.dll
2010-01-02 23:48 . 2010-01-02 23:48 147 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8C2F50BA806Fb304591EDFA8FDCA3DE1.dll
2010-01-02 23:48 . 2010-01-02 23:48 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
2010-01-02 23:48 . 2010-01-02 23:48 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA746454382080000000030.dll
2010-01-02 23:48 . 2010-01-02 23:48 744 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7448A3100000030.dll
2010-01-02 23:48 . 2010-01-02 23:48 1475 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_30ECB7411F0CF9C41875A6986B2D9D37.dll
2010-01-02 23:48 . 2010-01-02 23:48 662 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_13E39F430A1EC124E868CB7F4C91A319.dll
2010-01-02 23:48 . 2010-01-02 23:48 207 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0F5739B0CADA3484AAFFAB7B8D43B00E.dll
2010-01-02 23:48 . 2010-01-02 23:48 146 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0CAED145D3F56E547BBC49CE3F9B7684.dll
2009-12-31 07:21 . 2009-12-31 07:21 -------- d-----w- c:\windows\Performance
2009-12-31 07:21 . 2009-12-31 07:21 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Microsoft Corporation
2009-12-31 07:20 . 2009-12-31 07:20 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-12-31 07:04 . 2009-12-31 07:04 -------- d-----w- c:\program files\Common Files\Skype
2009-12-31 07:04 . 2009-12-31 07:04 -------- d-----r- c:\program files\Skype
2009-12-31 06:00 . 2010-01-14 19:50 -------- d-----w- c:\documents and settings\Jason\Application Data\QuickScan
2009-12-31 06:00 . 2009-12-31 01:05 788808 ----a-w- c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\ck7txf7f.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-31 06:00 . 2009-12-31 01:05 697160 ----a-w- c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\ck7txf7f.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-30 20:57 . 2009-12-30 20:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-12-29 20:57 . 2009-09-01 02:07 75704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-12-29 20:57 . 2009-09-01 02:07 70728 ----a-w- c:\windows\system32\mfevtps.exe
2009-12-29 20:57 . 2009-09-01 02:07 65448 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2009-12-29 20:57 . 2009-09-01 02:07 63728 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-12-29 20:57 . 2009-12-29 20:57 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-29 20:56 . 2009-12-29 20:56 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-12-29 20:56 . 2009-12-29 20:57 -------- d-----w- c:\program files\McAfee
2009-12-29 20:11 . 2009-12-29 20:11 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-27 07:10 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-27 07:10 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-27 07:10 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-27 07:10 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 17:02 . 2008-07-04 02:10 12913 ----a-w- c:\windows\system32\tablet.dat
2010-01-16 16:30 . 2008-07-07 00:58 -------- d-----w- c:\documents and settings\Adam\Application Data\Gtek
2010-01-16 16:30 . 2008-07-02 05:04 -------- d-----w- c:\documents and settings\Jenna\Application Data\Gtek
2010-01-16 16:30 . 2008-07-01 14:11 -------- d--h--w- c:\documents and settings\Jason\Application Data\Gtek
2010-01-16 16:30 . 2005-09-14 14:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Gtek
2010-01-16 16:30 . 2005-09-14 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
2010-01-16 08:07 . 2009-11-09 01:23 -------- d-----w- c:\program files\LogMeIn
2010-01-16 05:31 . 2008-07-01 19:21 25276 ----a-w- c:\documents and settings\Jason\Application Data\wklnhst.dat
2010-01-16 02:16 . 2008-07-04 02:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-03 00:05 . 2009-11-07 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-12-31 08:42 . 2005-09-14 14:05 -------- d-----w- c:\program files\America Online 9.0
2009-12-31 08:42 . 2005-09-14 14:05 -------- d-----w- c:\program files\Common Files\AOL
2009-12-31 08:38 . 2005-09-14 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-12-31 08:10 . 2008-09-16 02:24 -------- d-----w- c:\documents and settings\Jason\Application Data\Skype
2009-12-31 08:01 . 2008-07-01 14:11 -------- d-----w- c:\documents and settings\Jason\Application Data\Jasc Software Inc
2009-12-31 07:59 . 2005-09-14 13:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 07:04 . 2008-09-16 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-30 18:09 . 2008-07-01 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-29 20:11 . 2009-11-08 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 19:39 . 2009-06-02 18:27 -------- d-----w- c:\program files\Electronic Arts
2009-12-27 07:11 . 2008-09-16 02:23 -------- d-----w- c:\program files\Google
2009-12-25 14:08 . 2008-09-16 02:25 -------- d-----w- c:\documents and settings\Jason\Application Data\skypePM
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 00:39 . 2009-12-14 00:39 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-12-14 00:13 . 2009-12-13 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-12-13 21:21 . 2009-12-13 21:21 -------- d-----w- c:\program files\Pando Networks
2009-12-07 03:45 . 2009-12-07 03:45 -------- d-----w- c:\program files\Disney
2009-12-04 16:03 . 2009-12-04 16:03 251376 ----a-w- c:\documents and settings\Jason\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-03 22:14 . 2009-11-08 17:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-11-08 17:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 15:51 . 2004-08-19 20:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-10 15:08 . 2009-11-10 15:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-09 01:24 . 2009-11-09 01:24 152576 -c--a-w- c:\documents and settings\Jason\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-07 07:04 . 2009-11-07 07:04 1507 -c--a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D33A333FC5212A23D8ECC5D54132E172.dll
2009-11-07 07:04 . 2009-11-07 07:04 623 -c--a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
2009-11-07 06:40 . 2009-11-07 06:40 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 07:45 . 2004-08-19 20:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-19 20:49 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-19 20:49 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2008-07-01 21:37 . 2008-07-01 21:37 251 ----a-w- c:\program files\wt3d.ini
2009-09-01 02:07 . 2009-12-29 20:57 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-16 68856]
"Google Update"="c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-27 133104]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-09-01 124240]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-9-14 156784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-7-3 114688]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-8-18 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 01:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-09-14 14:06 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Endangered Species Trial Version\\zt.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"58245:TCP"= 58245:TCP:Pando Media Booster
"58245:UDP"= 58245:UDP:Pando Media Booster

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [11/8/2009 7:24 PM 47640]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [8/31/2009 8:07 PM 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/29/2009 2:57 PM 70728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/1/2008 3:04 PM 24652]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 3:47 AM 98304]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [5/5/2009 1:06 PM 231424]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 2:40 AM 118784]
S3 cpuz130;cpuz130;\??\c:\docume~1\Jason\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Jason\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/29/2009 2:57 PM 65448]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382098085-1571426774-1010936345-1005Core.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-27 21:23]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382098085-1571426774-1010936345-1005UA.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-27 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\ck7txf7f.default\
FF - component: c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\ck7txf7f.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\ck7txf7f.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\ck7txf7f.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: c:\documents and settings\Jason\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(5188)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-01-16 11:17:37
ComboFix-quarantined-files.txt 2010-01-16 17:17
ComboFix2.txt 2009-11-08 05:55

Pre-Run: 91,427,815,424 bytes free
Post-Run: 91,383,521,280 bytes free

- - End Of File - - FC198E4D47F062A28AD49EC4D9477D28


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 AM

Posted 16 January 2010 - 07:22 PM

GMER log is not showing anything bad.

But this is the log of the second run of ComboFix. Have you run ComboFix more than once?

I need to see the log of the first run of ComboFix. Please go to start -> Run.
  • Copy and paste the bold line in the run-box and click OK: C:\Qoobox\ComboFix2.txt
  • A text file opens up, copy and paste the content to your reply.




#10 lost42

lost42
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 16 January 2010 - 07:27 PM

I ran combofix a few months ago when my computer was infected (as instructed by a member of a different forum).




ComboFix 09-11-07.02 - Jason 11/07/2009 23:32.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.428 [GMT -6:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Data
c:\windows\system32\lenipuna.dll
c:\windows\system32\notulani.dll
c:\windows\Tasks\bckccoam.job

.
((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-07 07:04 . 2009-11-07 07:04 1507 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D33A333FC5212A23D8ECC5D54132E172.dll
2009-11-07 07:04 . 2009-11-07 07:04 623 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
2009-11-07 06:40 . 2009-11-07 06:40 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-07 06:38 . 2009-11-07 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-07 06:26 . 2009-11-07 06:26 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Help
2009-11-07 06:16 . 2009-02-09 12:10 714752 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\_enviewlist.dll
2009-11-07 06:16 . 2009-02-09 12:10 617472 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll
2009-11-06 08:12 . 2009-11-06 08:12 -------- d-----w- c:\documents and settings\Jason\Application Data\Malwarebytes
2009-11-06 08:11 . 2009-11-06 08:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-17 01:35 . 2009-10-17 01:35 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\AIM
2009-10-15 20:00 . 2009-10-15 20:00 67168 ----a-w- c:\documents and settings\Jenna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 20:00 . 2009-10-15 20:00 -------- d-----w- c:\documents and settings\Jenna\Local Settings\Application Data\ATI
2009-10-15 20:00 . 2009-10-15 20:00 -------- d-----w- c:\documents and settings\Jenna\Application Data\ATI
2009-10-15 19:59 . 2009-10-15 19:59 -------- d-sh--w- c:\documents and settings\Jenna\IETldCache
2009-10-15 08:28 . 2009-10-15 08:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 05:43 . 2008-07-04 02:10 12913 ----a-w- c:\windows\system32\tablet.dat
2009-11-07 07:07 . 2009-11-07 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-11-07 06:42 . 2009-05-02 05:30 -------- d-----w- c:\program files\McAfee
2009-11-06 04:49 . 2008-09-16 02:24 -------- d-----w- c:\documents and settings\Jason\Application Data\Skype
2009-11-05 01:05 . 2008-07-01 19:21 23808 ----a-w- c:\documents and settings\Jason\Application Data\wklnhst.dat
2009-11-04 22:00 . 2008-09-16 02:25 -------- d-----w- c:\documents and settings\Jason\Application Data\skypePM
2009-09-22 03:58 . 2009-09-22 03:58 48852 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-20 21:46 . 2008-07-30 23:27 -------- d-----w- c:\documents and settings\Jason\Application Data\Apple Computer
2009-09-20 21:32 . 2009-09-20 21:31 -------- d-----w- c:\program files\iTunes
2009-09-20 21:32 . 2009-09-20 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-20 21:31 . 2009-09-20 21:31 -------- d-----w- c:\program files\iPod
2009-09-20 21:31 . 2008-07-30 23:25 -------- d-----w- c:\program files\Common Files\Apple
2009-09-20 21:29 . 2009-09-20 21:29 -------- d-----w- c:\program files\Bonjour
2009-09-20 21:28 . 2009-09-20 21:27 -------- d-----w- c:\program files\QuickTime
2009-09-16 15:22 . 2009-05-02 05:30 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2009-05-02 05:30 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2009-05-02 05:30 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2009-05-02 05:30 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 15:22 . 2009-05-02 05:30 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2004-08-19 20:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 02:43 . 2009-09-09 02:43 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-05 20:31 . 2009-09-05 20:31 413696 ----a-w- c:\documents and settings\Jason\Application Data\yoclient\native\OpenAL32.dll
2009-09-05 20:31 . 2009-09-05 20:31 153600 ----a-w- c:\documents and settings\Jason\Application Data\yoclient\native\lwjgl.dll
2009-09-04 21:03 . 2004-08-19 20:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-19 20:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 00:42 . 2009-09-20 21:24 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:42 . 2008-07-30 23:26 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2004-08-19 20:50 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 22:04 . 2009-08-14 22:04 239088 ----a-w- c:\documents and settings\Jason\Application Data\Mozilla\plugins\npgoogletalk.dll
2008-07-01 21:37 . 2008-07-01 21:37 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-16 68856]
"Google Update"="c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-27 133104]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-14 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-9-14 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-14 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-7-3 114688]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-8-18 270336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Endangered Species Trial Version\\zt.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"67:UDP"= 67:UDP:DHCP Discovery Service

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/1/2008 3:04 PM 24652]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 3:47 AM 98304]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 2:40 AM 118784]
S3 cpuz130;cpuz130;\??\c:\docume~1\Jason\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Jason\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382098085-1571426774-1010936345-1005Core.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-27 21:23]

2009-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2382098085-1571426774-1010936345-1005UA.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-27 21:23]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-02 18:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-02 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\ck7txf7f.default\
FF - plugin: c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\ck7txf7f.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: c:\documents and settings\Jason\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
SharedTaskScheduler-{a55bc99a-eb19-41fd-b49c-fe3db897dbdb} - c:\windows\system32\witudili.dll
SharedTaskScheduler-{2d579bad-f6cb-452c-9f06-f1d765b41508} - (no file)
SSODL-jeraburev-{a55bc99a-eb19-41fd-b49c-fe3db897dbdb} - c:\windows\system32\witudili.dll
SSODL-doleyibeg-{2d579bad-f6cb-452c-9f06-f1d765b41508} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 23:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3388)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\Rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\dllhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-11-08 23:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-08 05:55

Pre-Run: 94,290,997,248 bytes free
Post-Run: 95,271,317,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 642F5D5A6888072A32CE783E098F2930


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 AM

Posted 17 January 2010 - 07:37 AM

  1. I see on the log My Way Search Assistant is installed on your computer:

    This program is known to be bundled with adware/spyware. You may read more about My Way Search Assistant here:
    http://www.bleepingcomputer.com/uninstall/...-Assistant.html

    To uninstall My Way Search Assistant:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    My Way Search Assistant

    Also remove the folder in bold: C:\Program Files\MyWay

  2. If you don't use a Dial-up connection you may uninstall the following program:

    NetWaiting

  3. Could you try to log in Facebook or Gmail on another computer and see if you get the same warning?

  4. Also you can try to create a new Facebook or Gmail account and see if you get the same warning with the new accounts too.


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 AM

Posted 22 January 2010 - 06:16 PM

Are you still there?

#13 lost42

lost42
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 23 January 2010 - 03:21 PM

Yes, I apologize for not getting back to you sooner. I've been busy moving back to school this past week. I will try the steps above and get back to you later today.

#14 lost42

lost42
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 23 January 2010 - 04:41 PM

I have uninstalled myway search assistant and netwaiting. I am not currently receiving the error but it might happen later on. Also, regarding creating a new account, my siblings and I have all tried logging in on that computer and we have all received the error at some point. (That is, if one account is getting the error, all accounts get the error)

When we log in on that computer and receive the error, we can go to a different computer where we won't get the error, so I feel it is not related to our particular accounts.

I will keep an eye out for the error

Thanks again for your continued support!

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 AM

Posted 24 January 2010 - 06:47 AM

QUOTE
When we log in on that computer and receive the error, we can go to a different computer where we won't get the error

Yes it confirms that the warning is not account related. But it doesn't confirm that the warning is malicious.

Let's have a full scan of the system:


Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users