Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown. No .exe, cut, paste, no taskbar


  • This topic is locked This topic is locked
3 replies to this topic

#1 rlruark

rlruark

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 21 April 2010 - 04:43 PM

I think I may have gotten a virus from Facebook. My Mcaffee did not catch it. Or it did, but couldn't delete it. Malwarebytes will not open because it is saying it has an outdated file. Internet Explorer will not open, my taskbar is minimized and I can't maximize it. I cannot access my start menu.

I am running Windows XP Professional with McAfee Enterprise for business. I've tried a couple of things but to no avail. I followed the guide for malware removal and such. I got the DDS report (Attached below) I attached the Ark.txt. I tried doing the GMER log and it crashed on me. I hope I have enough info for some help. Contact me if not. Thanks.
Rob


DDS (Ver_10-03-17.01) - NTFSx86
Run by RRuark at 15:17:16.09 on Wed 04/21/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

============== Running Processes ===============

C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\etlisrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora10\bin\omtsreco.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\PROGRA~1\Novadigm\radexecd.exe
c:\PROGRA~1\Novadigm\radsched.exe
c:\PROGRA~1\Novadigm\Radstgms.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Timbuktu Pro\Tb2Logon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\PROGRA~1\Novadigm\radtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Connected\CBSysTray.exe
C:\WINDOWS\system32\etlitr50.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\New Folder\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://hub.slb.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - g:\xbox\flashxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TLogonPath] "c:\program files\timbuktu pro\Tb2Logon.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [RUNRADTRAY] c:\progra~1\novadigm\radtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [FTL Email Agent] d:\program files\ftl\FTLAgent.exe
mRun: [FTL Connected Agent] d:\program files\ftl\FTLAgent.Net.exe /d:10
mRun: [EFS] c:\windows\system32\wscript.exe c:\progra~1\novadigm\SLB_EFS.VBS
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-system: DisableChangePassword = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\art\office11\REFIEBAR.DLL
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Trusted Zone: abbeyinternational.com
Trusted Zone: atosorigin-asp.com
Trusted Zone: atosorigin-asp.com\*.slb
Trusted Zone: books24x7.com
Trusted Zone: citibank.com
Trusted Zone: dell.com
Trusted Zone: etrade.com
Trusted Zone: facebook.com
Trusted Zone: geoquest.com
Trusted Zone: Hotmail.com
Trusted Zone: Hotmail.com\www
Trusted Zone: intouchsupport.com
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: live.com
Trusted Zone: microsoft.com
Trusted Zone: ml.com
Trusted Zone: msn.com
Trusted Zone: mydexa.com
Trusted Zone: passport.com
Trusted Zone: skillport.com
Trusted Zone: slb.com\*.aodc
Trusted Zone: slb.com\www.personnel
Trusted Zone: smartforce.com
Trusted Zone: standardchartered.com\webbank
Trusted Zone: stormofaces.com\www
Trusted Zone: sun.com
Trusted Zone: tenderfoot.com
Trusted Zone: virtualbranches.com
Trusted Zone: westerngeco.com
Trusted Zone: wildwestonline.com
Trusted Zone: wildwestonline.com\gunfighter
Trusted Zone: wildwestonline.com\www
Trusted Zone: windowslivehelp.com
Trusted Zone: abbeyinternational.com
Trusted Zone: atosorigin-asp.com
Trusted Zone: atosorigin-asp.com\*.slb
Trusted Zone: books24x7.com
Trusted Zone: citibank.com
Trusted Zone: dell.com
Trusted Zone: etrade.com
Trusted Zone: geoquest.com
Trusted Zone: intouchsupport.com
Trusted Zone: microsoft.com
Trusted Zone: ml.com
Trusted Zone: mydexa.com
Trusted Zone: skillport.com
Trusted Zone: slb.com\*.aodc
Trusted Zone: standardchartered.com\webbank
Trusted Zone: virtualbranches.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fubar.com/imgs/ImageUploader5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160078438704
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://www.gateway.slb.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\controls\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\controls\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\ievony\Skype4COM.dll
Notify: slbScCertProp - c:\windows\system32\ScCertProp.dll
Notify: Timbuktu Pro - c:\program files\timbuktu pro\Hook32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\inf\wmactedp.inf,PerUserStub,,4

============= SERVICES / DRIVERS ===============

R? a320raid;a320raid
R? aac;PERC 320/DC SCSI RAID Miniport Driver
R? Egatecard;Egatecard
R? ETDSVC;Entrust/TrueDelete™
R? gupdate;Google Update Service (gupdate)
R? LicCtrlService;LicCtrl Service
R? McAfeeFramework;McAfee Framework Service
R? mferkdet;McAfee Inc. mferkdet
R? mferkdk;VSCore mferkdk
R? R20_W2K;Reflex 20 Smart card reader
R? R72_NT4;R72_NT4
R? R72V2NT4;R72V2NT4
R? SCM488C;SCM Microsystems SCR120 PCMCIA Smart Card Reader
R? vmscsi;vmscsi
S? aarich;aarich
S? Egatebus;Egatebus
S? Egaterdr;Egaterdr
S? ETFSDNT;Entrust File System Hook
S? McAfeeEngineService;McAfee Engine Service
S? McShield;McAfee McShield
S? McTaskManager;McAfee Task Manager
S? megasas;DELL PERC RAID Driver
S? mfeavfk;McAfee Inc. mfeavfk
S? mfebopk;McAfee Inc. mfebopk
S? mfehidk;McAfee Inc. mfehidk
S? mfevtp;McAfee Validation Trust Protection Service
S? NEOFLTR_600_13073;Juniper Networks TDI Filter Driver (NEOFLTR_600_13073)
S? radexecd;HP OVCM Notify Daemon
S? radsched;HP OVCM Scheduler Daemon
S? Radstgms;HP OVCM MSI Redirector
S? Tb2Device;TB2 Remote Control Driver
S? Tb2MirrorSys;TB2 Remote Control Mirror Driver
S? vddidecr;Digital Delivery Decrypting Device

=============== Created Last 30 ================

2010-04-21 20:17:11 0 d-----w- c:\temp\E.tmp
2010-04-21 20:16:18 0 ----a-w- c:\documents and settings\rruark\defogger_reenable
2010-04-21 19:24:57 0 d-----w- c:\temp\wz0021
2010-04-21 18:54:08 0 d-s---w- C:\ComboFix
2010-04-21 18:44:50 0 d-----w- c:\temp\WPDNSE
2010-04-21 17:58:13 77312 ----a-w- c:\windows\MBR.exe
2010-04-21 17:58:10 98816 ----a-w- c:\windows\sed.exe
2010-04-21 17:58:10 261632 ----a-w- c:\windows\PEV.exe
2010-04-21 17:58:10 161792 ----a-w- c:\windows\SWREG.exe
2010-04-21 17:30:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 16:10:51 0 d-----w- c:\temp\Acrobat Distiller 8

==================== Find3M ====================

2010-04-09 17:09:12 119675 ----a-w- c:\windows\system32\nvModes.dat
2010-03-15 21:17:42 32384 -c--a-w- c:\docume~1\rruark\applic~1\GDIPFONTCACHEV1.DAT
2010-03-14 23:11:27 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2010-03-14 23:11:25 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-12 05:41:02 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-07 00:21:47 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-07 00:21:47 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-23 14:46:15 696832 ----a-w- c:\windows\isRS-000.tmp
2008-08-10 15:32:28 769 --sha-w- c:\windows\system32\mmf.sys

============= FINISH: 15:17:49.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rlruark

rlruark
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 22 April 2010 - 10:44 PM

I got the GMER file to finally work and have attached it. This thing is driving me nuts. Using my desktop, which is better. But I still like my laptop for work...any help would be much appreciated.

Thanks

Edited by rlruark, 23 April 2010 - 10:10 AM.


#3 rlruark

rlruark
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 23 April 2010 - 10:09 AM

All, I have corrected the problem. It was the McAffee dat file update on the 21st of April. I hear that a lot of McAffe Enterprise users were affected. I searched through some of my logs and found the supposed culprit, researched it through McAffe and found the bulletin.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:56 AM

Posted 23 April 2010 - 11:25 AM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send a Private Message to any one of the moderating team member or myself. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users