Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Logs


  • This topic is locked This topic is locked
17 replies to this topic

#1 blockisle9

blockisle9

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 23 January 2010 - 07:58 PM

Hi every one,
Brand new here.
I would like to have my logs looked at to see if everything looks okay and to see what is starting up automaticly and see what can be disabled. I hope I did everything correctly
Thanks in advance
Lenny

DDS (Ver_09-12-01.01) - NTFSX64
Run by Lenny at 19:34:05.64 on Sat 01/23/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2617 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PrintCtrl.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files (x86)\USB_video_device\Driver\Driver32\emmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Lenny\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.my.yahoo.com/
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [CinemaNowMediaManagerApp] c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowShell.exe -start
mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r
mRun: [HControlUser] c:\program files (x86)\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files (x86)\asus\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files (x86)\asus\atk media\DMedia.exe
mRun: [YMailAdvisor] "c:\program files (x86)\yahoo!\common\YMailAdvisor.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CLMLServer] "c:\program files (x86)\cyberlink\power2go\CLMLSvc.exe"
mRun: [ADSMTray] c:\program files (x86)\asus\asus data security manager\ADSMTray.exe
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [UVS10 Preload] c:\program files (x86)\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~2\mcafee\mhn\McENUI.exe /hide
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\emmon.lnk - c:\program files (x86)\usb_video_device\driver\driver32\emmon.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{f0df4513-3c4c-4eb8-8012-2c5f70af3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: cinemanow.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://204.249.169.90:8080/activex/AxisCamControl.ocx
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [AmIcoSinglun64] c:\program files (x86)\amicosinglun\AmIcoSinglun64.exe
mRun-x64: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [PrintDisp] c:\windows\system32\PrintDisp.exe

============= SERVICES / DRIVERS ===============

R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-9-4 15928]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-14 308296]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-9-4 355968]
R2 ASMMAP64;ASMMAP64;c:\program files\atkgfnex\ASMMAP64.sys [2009-9-4 14904]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-10-30 128376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe [2010-1-15 110312]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-14 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-14 155456]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-7-8 140800]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-1-14 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-14 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-14 49480]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-9 1222144]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S2 0133401263490642mcinstcleanup;McAfee Application Installer Cleanup (0133401263490642);c:\users\lenny\appdata\local\temp\013340~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\lenny\appdata\local\temp\013340~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-21 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-14 40904]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSG664.sys [2009-6-10 56832]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

=============== Created Last 30 ================

2010-01-24 00:11:13 0 d-----w- c:\program files (x86)\Trend Micro
2010-01-23 23:47:20 0 d-----w- c:\windows\pss
2010-01-22 17:20:51 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-22 17:20:51 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-22 17:20:50 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-22 17:20:50 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-22 17:20:50 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-22 17:20:50 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-22 17:20:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-01-14 17:54:15 12852 ----a-w- c:\windows\system32\Config.MPF
2010-01-14 17:38:49 0 d-----w- c:\programdata\SiteAdvisor
2010-01-14 17:37:28 40904 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-14 17:37:26 49480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-14 17:37:26 308296 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-01-14 17:37:26 102472 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-14 17:37:25 176144 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-14 17:37:08 0 d-----w- c:\program files (x86)\common files\McAfee
2010-01-14 17:37:07 0 d-----w- c:\program files\McAfee
2010-01-14 17:37:06 0 d-----w- c:\program files\common files\McAfee
2010-01-14 17:37:05 0 d-----w- c:\program files (x86)\McAfee.com
2010-01-14 17:37:03 0 d-----w- c:\program files (x86)\McAfee
2010-01-14 17:24:28 0 d-----w- c:\programdata\McAfee
2010-01-14 16:55:32 0 d-----w- c:\windows\PCHEALTH
2010-01-13 11:33:11 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-13 11:33:11 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 11:33:11 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-13 11:33:11 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 02:01:14 0 d-----w- c:\users\lenny\New folder

==================== Find3M ====================

2010-01-14 16:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
2009-12-23 16:40:46 45056 ----a-w- c:\windows\system32\acovcnt.exe
2009-11-22 17:35:30 225796 ----a-w- c:\windows\hpwins20.dat
2009-11-22 16:55:47 3977 ----a-w- c:\programdata\actmask.log.zip
2009-11-11 15:47:10 1170944 ----a-w- c:\windows\system32\PrtClient.exe
2009-11-11 15:29:30 825344 ----a-w- c:\windows\system32\SetupDrv.exe
2009-11-10 14:15:52 882176 ----a-w- c:\windows\system32\PrintDisp.exe
2009-11-10 08:16:02 375296 ----a-w- c:\windows\system32\SetPrinter.exe
2009-10-29 16:59:48 65536 ----a-w- c:\windows\system32\PrintCtrl.exe
2009-10-29 07:48:16 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 07:22:37 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-08 17:31:56 106496 ----a-w- c:\program files (x86)\common files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- c:\program files (x86)\common files\MSIactionall.dll
2008-05-22 15:35:54 51962 ----a-w- c:\program files (x86)\common files\banner.jpg
2007-06-12 16:34:50 35822 ----a-w- c:\program files (x86)\common files\ASPG_icon.ico
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:35:22.07 ===============

Edited by blockisle9, 23 January 2010 - 08:57 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 29 January 2010 - 07:15 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

Do you still require help?

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 01 February 2010 - 12:42 PM

Hello.

Are you still there? Do you still require help?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 blockisle9

blockisle9
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 01 February 2010 - 02:39 PM

Thanks for the reply, Yes I still seem to have an issue, Every now and then I will get a pop up window stating my pc is infected and to click here to clean my pc. I never clicked on what they tell me to do, I just close the window by starting the task manager and click close. The pc seems to run ok (maybe a bit slower) It also seems to have alot of start up programs.
I was not able to post a rootrepeal log, says it does not suport 64 bit systems
Thank You
Lenny


DDS (Ver_09-12-01.01) - NTFSX64
Run by Lenny at 14:18:05.08 on Mon 02/01/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2111 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\PrintCtrl.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files (x86)\USB_video_device\Driver\Driver32\emmon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Lenny\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.my.yahoo.com/
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [CinemaNowMediaManagerApp] c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowShell.exe -start
mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r
mRun: [HControlUser] c:\program files (x86)\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files (x86)\asus\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files (x86)\asus\atk media\DMedia.exe
mRun: [YMailAdvisor] "c:\program files (x86)\yahoo!\common\YMailAdvisor.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CLMLServer] "c:\program files (x86)\cyberlink\power2go\CLMLSvc.exe"
mRun: [ADSMTray] c:\program files (x86)\asus\asus data security manager\ADSMTray.exe
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [UVS10 Preload] c:\program files (x86)\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~2\mcafee\mhn\McENUI.exe /hide
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\emmon.lnk - c:\program files (x86)\usb_video_device\driver\driver32\emmon.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{f0df4513-3c4c-4eb8-8012-2c5f70af3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: cinemanow.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://204.249.169.90:8080/activex/AxisCamControl.ocx
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [AmIcoSinglun64] c:\program files (x86)\amicosinglun\AmIcoSinglun64.exe
mRun-x64: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [PrintDisp] c:\windows\system32\PrintDisp.exe

============= SERVICES / DRIVERS ===============

R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-9-4 15928]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-14 308296]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-9-4 355968]
R2 ASMMAP64;ASMMAP64;c:\program files\atkgfnex\ASMMAP64.sys [2009-9-4 14904]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-10-30 128376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe [2010-1-15 110312]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-14 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-14 155456]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-11-22 65536]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-7-8 140800]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-1-14 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-14 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-14 49480]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-9 1222144]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S2 0133401263490642mcinstcleanup;McAfee Application Installer Cleanup (0133401263490642);c:\users\lenny\appdata\local\temp\013340~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\lenny\appdata\local\temp\013340~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-21 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-14 40904]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSG664.sys [2009-6-10 56832]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

=============== Created Last 30 ================

2010-01-27 10:37:16 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 10:37:16 2870272 ----a-w- c:\windows\explorer.exe
2010-01-27 10:37:16 2614272 ----a-w- c:\windows\syswow64\explorer.exe
2010-01-24 00:11:13 0 d-----w- c:\program files (x86)\Trend Micro
2010-01-23 23:47:20 0 d-----w- c:\windows\pss
2010-01-22 17:20:51 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-22 17:20:51 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-22 17:20:50 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-22 17:20:50 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-22 17:20:50 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-22 17:20:50 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-22 17:20:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-01-14 17:54:15 13148 ----a-w- c:\windows\system32\Config.MPF
2010-01-14 17:38:49 0 d-----w- c:\programdata\SiteAdvisor
2010-01-14 17:37:28 40904 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-14 17:37:26 49480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-14 17:37:26 308296 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-01-14 17:37:26 102472 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-14 17:37:25 176144 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-14 17:37:08 0 d-----w- c:\program files (x86)\common files\McAfee
2010-01-14 17:37:07 0 d-----w- c:\program files\McAfee
2010-01-14 17:37:06 0 d-----w- c:\program files\common files\McAfee
2010-01-14 17:37:05 0 d-----w- c:\program files (x86)\McAfee.com
2010-01-14 17:37:03 0 d-----w- c:\program files (x86)\McAfee
2010-01-14 17:24:28 0 d-----w- c:\programdata\McAfee
2010-01-14 16:55:32 0 d-----w- c:\windows\PCHEALTH
2010-01-13 11:33:11 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-13 11:33:11 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 11:33:11 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-13 11:33:11 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 02:01:14 0 d-----w- c:\users\lenny\New folder

==================== Find3M ====================

2010-01-28 23:02:35 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-01-14 16:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
2009-11-22 17:35:30 225796 ----a-w- c:\windows\hpwins20.dat
2009-11-22 16:55:47 3977 ----a-w- c:\programdata\actmask.log.zip
2009-11-11 15:47:10 1170944 ----a-w- c:\windows\system32\PrtClient.exe
2009-11-11 15:29:30 825344 ----a-w- c:\windows\system32\SetupDrv.exe
2009-11-10 14:15:52 882176 ----a-w- c:\windows\system32\PrintDisp.exe
2009-11-10 08:16:02 375296 ----a-w- c:\windows\system32\SetPrinter.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-08 17:31:56 106496 ----a-w- c:\program files (x86)\common files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- c:\program files (x86)\common files\MSIactionall.dll
2008-05-22 15:35:54 51962 ----a-w- c:\program files (x86)\common files\banner.jpg
2007-06-12 16:34:50 35822 ----a-w- c:\program files (x86)\common files\ASPG_icon.ico
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:19:22.19 ===============

Attached Files



#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 01 February 2010 - 02:46 PM

Hello.

Okay, let's see what we can do there first.

Let's start with Malwarewbytes Anti-Malware.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post that log once it's done.

Take a new DDS run and post back with just the DDS.txt log
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 blockisle9

blockisle9
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 01 February 2010 - 03:15 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3674
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/1/2010 3:02:48 PM
mbam-log-2010-02-01 (15-02-48).txt

Scan type: Quick Scan
Objects scanned: 100203
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



DDS (Ver_09-12-01.01) - NTFSX64
Run by Lenny at 15:13:59.86 on Mon 02/01/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2502 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\SysWOW64\ACEngSvr.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PrintCtrl.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files (x86)\USB_video_device\Driver\Driver32\emmon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Lenny\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.my.yahoo.com/
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [CinemaNowMediaManagerApp] c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowShell.exe -start
mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r
mRun: [HControlUser] c:\program files (x86)\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files (x86)\asus\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files (x86)\asus\atk media\DMedia.exe
mRun: [YMailAdvisor] "c:\program files (x86)\yahoo!\common\YMailAdvisor.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CLMLServer] "c:\program files (x86)\cyberlink\power2go\CLMLSvc.exe"
mRun: [ADSMTray] c:\program files (x86)\asus\asus data security manager\ADSMTray.exe
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [UVS10 Preload] c:\program files (x86)\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~2\mcafee\mhn\McENUI.exe /hide
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\emmon.lnk - c:\program files (x86)\usb_video_device\driver\driver32\emmon.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{f0df4513-3c4c-4eb8-8012-2c5f70af3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: cinemanow.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://204.249.169.90:8080/activex/AxisCamControl.ocx
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [AmIcoSinglun64] c:\program files (x86)\amicosinglun\AmIcoSinglun64.exe
mRun-x64: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [PrintDisp] c:\windows\system32\PrintDisp.exe

============= SERVICES / DRIVERS ===============

R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-9-4 15928]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-14 308296]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-9-4 355968]
R2 ASMMAP64;ASMMAP64;c:\program files\atkgfnex\ASMMAP64.sys [2009-9-4 14904]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-10-30 128376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe [2010-1-15 110312]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-14 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-14 155456]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-11-22 65536]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-7-8 140800]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-1-14 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-14 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-14 49480]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-9 1222144]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S2 0133401263490642mcinstcleanup;McAfee Application Installer Cleanup (0133401263490642);c:\users\lenny\appdata\local\temp\013340~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\lenny\appdata\local\temp\013340~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-21 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-14 40904]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSG664.sys [2009-6-10 56832]

=============== Created Last 30 ================

2010-02-01 19:54:07 0 d-----w- c:\users\lenny\appdata\roaming\Malwarebytes
2010-02-01 19:54:01 0 d-----w- c:\programdata\Malwarebytes
2010-02-01 19:54:00 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 19:54:00 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-01-27 10:37:16 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 10:37:16 2870272 ----a-w- c:\windows\explorer.exe
2010-01-27 10:37:16 2614272 ----a-w- c:\windows\syswow64\explorer.exe
2010-01-24 00:11:13 0 d-----w- c:\program files (x86)\Trend Micro
2010-01-23 23:47:20 0 d-----w- c:\windows\pss
2010-01-22 17:20:51 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-22 17:20:51 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-22 17:20:50 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-22 17:20:50 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-22 17:20:50 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-22 17:20:50 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-22 17:20:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-01-14 17:54:15 13336 ----a-w- c:\windows\system32\Config.MPF
2010-01-14 17:38:49 0 d-----w- c:\programdata\SiteAdvisor
2010-01-14 17:37:28 40904 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-14 17:37:26 49480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-14 17:37:26 308296 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-01-14 17:37:26 102472 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-14 17:37:25 176144 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-14 17:37:08 0 d-----w- c:\program files (x86)\common files\McAfee
2010-01-14 17:37:07 0 d-----w- c:\program files\McAfee
2010-01-14 17:37:06 0 d-----w- c:\program files\common files\McAfee
2010-01-14 17:37:05 0 d-----w- c:\program files (x86)\McAfee.com
2010-01-14 17:37:03 0 d-----w- c:\program files (x86)\McAfee
2010-01-14 17:24:28 0 d-----w- c:\programdata\McAfee
2010-01-14 16:55:32 0 d-----w- c:\windows\PCHEALTH
2010-01-13 11:33:11 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-13 11:33:11 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 11:33:11 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-13 11:33:11 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 02:01:14 0 d-----w- c:\users\lenny\New folder

==================== Find3M ====================

2010-01-28 23:02:35 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-01-14 16:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
2009-11-22 17:35:30 225796 ----a-w- c:\windows\hpwins20.dat
2009-11-22 16:55:47 3977 ----a-w- c:\programdata\actmask.log.zip
2009-11-11 15:47:10 1170944 ----a-w- c:\windows\system32\PrtClient.exe
2009-11-11 15:29:30 825344 ----a-w- c:\windows\system32\SetupDrv.exe
2009-11-10 14:15:52 882176 ----a-w- c:\windows\system32\PrintDisp.exe
2009-11-10 08:16:02 375296 ----a-w- c:\windows\system32\SetPrinter.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-08 17:31:56 106496 ----a-w- c:\program files (x86)\common files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- c:\program files (x86)\common files\MSIactionall.dll
2008-05-22 15:35:54 51962 ----a-w- c:\program files (x86)\common files\banner.jpg
2007-06-12 16:34:50 35822 ----a-w- c:\program files (x86)\common files\ASPG_icon.ico
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:15:11.53 ===============


#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 01 February 2010 - 08:10 PM

Hello.

let's get an online scan done.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 blockisle9

blockisle9
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 04 February 2010 - 03:22 PM

The scan came back clean, nothing found. Maybe the issue is gone. I havent had any problems latly. One last thing, can you look at my log to see what starts automaticly when I start my pc? I would like to stop the ones that are not needed from starting, please advice me on what I can turn off using MSCONFIG?
Thank You
Lenny

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 05 February 2010 - 07:50 PM

Okay, I can do that but take a new DDS run for me and post the logs for me to see and we can fix it or you can manually remove those unnecessary startup entries using msconfig.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 blockisle9

blockisle9
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 06 February 2010 - 09:12 AM

Thank You Very Much.


DDS (Ver_09-12-01.01) - NTFSX64
Run by Lenny at 9:07:38.45 on Sat 02/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2041 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Windows\SysWOW64\ACEngSvr.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Windows\system32\PrintCtrl.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files (x86)\USB_video_device\Driver\Driver32\emmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lenny\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.my.yahoo.com/
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [CinemaNowMediaManagerApp] c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowShell.exe -start
mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r
mRun: [HControlUser] c:\program files (x86)\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files (x86)\asus\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files (x86)\asus\atk media\DMedia.exe
mRun: [YMailAdvisor] "c:\program files (x86)\yahoo!\common\YMailAdvisor.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CLMLServer] "c:\program files (x86)\cyberlink\power2go\CLMLSvc.exe"
mRun: [ADSMTray] c:\program files (x86)\asus\asus data security manager\ADSMTray.exe
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [UVS10 Preload] c:\program files (x86)\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~2\mcafee\mhn\McENUI.exe /hide
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\emmon.lnk - c:\program files (x86)\usb_video_device\driver\driver32\emmon.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{f0df4513-3c4c-4eb8-8012-2c5f70af3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: cinemanow.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://204.249.169.90:8080/activex/AxisCamControl.ocx
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [AmIcoSinglun64] c:\program files (x86)\amicosinglun\AmIcoSinglun64.exe
mRun-x64: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [PrintDisp] c:\windows\system32\PrintDisp.exe

============= SERVICES / DRIVERS ===============

R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-9-4 15928]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-14 308296]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-9-4 355968]
R2 ASMMAP64;ASMMAP64;c:\program files\atkgfnex\ASMMAP64.sys [2009-9-4 14904]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-10-30 128376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe [2010-1-15 110312]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-14 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-14 155456]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-11-22 65536]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-7-8 140800]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-1-14 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-14 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-14 49480]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-9 1222144]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S2 0133401263490642mcinstcleanup;McAfee Application Installer Cleanup (0133401263490642);c:\users\lenny\appdata\local\temp\013340~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\lenny\appdata\local\temp\013340~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-1-21 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-14 40904]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSG664.sys [2009-6-10 56832]

=============== Created Last 30 ================

2010-02-03 20:47:15 0 d-----w- c:\programdata\Sun
2010-02-03 20:46:56 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2010-02-03 20:46:56 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-02-03 20:46:56 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-02-03 20:46:56 145184 ----a-w- c:\windows\syswow64\java.exe
2010-02-01 19:54:07 0 d-----w- c:\users\lenny\appdata\roaming\Malwarebytes
2010-02-01 19:54:01 0 d-----w- c:\programdata\Malwarebytes
2010-02-01 19:54:00 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 19:54:00 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-01-27 10:37:16 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 10:37:16 2870272 ----a-w- c:\windows\explorer.exe
2010-01-27 10:37:16 2614272 ----a-w- c:\windows\syswow64\explorer.exe
2010-01-24 00:11:13 0 d-----w- c:\program files (x86)\Trend Micro
2010-01-23 23:47:20 0 d-----w- c:\windows\pss
2010-01-22 17:20:51 5961728 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-22 17:20:51 10976768 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-22 17:20:50 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-22 17:20:50 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-22 17:20:50 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-22 17:20:50 1224704 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-22 17:20:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-01-14 17:54:15 14168 ----a-w- c:\windows\system32\Config.MPF
2010-01-14 17:38:49 0 d-----w- c:\programdata\SiteAdvisor
2010-01-14 17:37:28 40904 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-14 17:37:26 49480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-01-14 17:37:26 308296 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-01-14 17:37:26 102472 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-01-14 17:37:25 176144 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-14 17:37:08 0 d-----w- c:\program files (x86)\common files\McAfee
2010-01-14 17:37:07 0 d-----w- c:\program files\McAfee
2010-01-14 17:37:06 0 d-----w- c:\program files\common files\McAfee
2010-01-14 17:37:05 0 d-----w- c:\program files (x86)\McAfee.com
2010-01-14 17:37:03 0 d-----w- c:\program files (x86)\McAfee
2010-01-14 17:24:28 0 d-----w- c:\programdata\McAfee
2010-01-14 16:55:32 0 d-----w- c:\windows\PCHEALTH
2010-01-13 11:33:11 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-13 11:33:11 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 11:33:11 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-13 11:33:11 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 02:01:14 0 d-----w- c:\users\lenny\New folder

==================== Find3M ====================

2010-01-28 23:02:35 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-01-14 16:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
2009-11-22 17:35:30 225796 ----a-w- c:\windows\hpwins20.dat
2009-11-22 16:55:47 3977 ----a-w- c:\programdata\actmask.log.zip
2009-11-11 15:47:10 1170944 ----a-w- c:\windows\system32\PrtClient.exe
2009-11-11 15:29:30 825344 ----a-w- c:\windows\system32\SetupDrv.exe
2009-11-10 14:15:52 882176 ----a-w- c:\windows\system32\PrintDisp.exe
2009-11-10 08:16:02 375296 ----a-w- c:\windows\system32\SetPrinter.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-08 17:31:56 106496 ----a-w- c:\program files (x86)\common files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- c:\program files (x86)\common files\MSIactionall.dll
2008-05-22 15:35:54 51962 ----a-w- c:\program files (x86)\common files\banner.jpg
2007-06-12 16:34:50 35822 ----a-w- c:\program files (x86)\common files\ASPG_icon.ico
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:08:45.09 ===============

Attached Files



#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 07 February 2010 - 02:13 PM

Hello.

Yes I do see a few things. However, there's this tool that can automatically do it for you and give a description of what's needed/not needed. It can be found below...

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

Edited by extremeboy, 07 February 2010 - 02:13 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 blockisle9

blockisle9
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 07 February 2010 - 03:31 PM

Thanks,
The program only listed 3 items that was safe to disable:
HP Updater
Java Auto update
Quiktime
In your opinion, what else can I keep from loading?
Thanks again
Lenny

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 08 February 2010 - 08:23 PM

You can look up some of the startup items over here: http://www.bleepingcomputer.com/startups/ <- Read the description and see if you need it or not.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 blockisle9

blockisle9
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 10 February 2010 - 09:33 AM

Thank You for all your help!
As for your advice, I used the list and found a few. However there was alot that wasnt listed, I couldnt even find anything using google.
I just hope they are ok and not using a lot of system resorces.
Thanks again
Lenny

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 11 February 2010 - 08:15 PM

What are those that you couldn't find anything up in question?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users