Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    WordPress Websites Compromised by the Thousands Redirect to Tech-Support Scams

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

Photo

UNKNOWN VIRUS :(

Started by disizbri , Dec 03 2010 01:46 AM

  • This topic is locked This topic is locked
3 replies to this topic

#1 disizbri

disizbri

  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:08:24 AM

Posted 03 December 2010 - 01:46 AM

I was online and a pop up came up telling me that I had a virus the whole fake scanner picture. I thought I had clicked out of it but apparently I didn't and it downloaded something to my computer. I'm sure that's what the problem is because since then my task manager's list of programs running has changed. I scanned it's with Malwarebytes and every time I tried to remove the files I would restart my computer and they'd come right back! Here's the log. PLEASE HELP :(



DDS (Ver_10-11-27.01) - NTFS_AMD64 NETWORK
Run by iStarrah at 1:37:06.12 on Fri 12/03/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4085.2999 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\iStarrah\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\iStarrah\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mystart.com/?pr=oovoo2_0
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: C:\Windows\SysWow64\drnxgns4.dll: {b1b220c1-a503-59bd-f413-03b53a2c8954} - C:\Windows\SysWow64\drnxgns4.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - C:\Program Files (x86)\oovootb\oovoodx.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "C:\Users\iStarrah\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Lvjpdiejlotc] C:\Users\iStarrah\AppData\Local\Temp\hexdump.exe
uRun: [LvjpdiejlsPc] C:\Users\iStarrah\AppData\Local\Temp\nvsvc32.exe
uRun: [Lvjpdiejlqb] C:\Users\iStarrah\AppData\Local\Temp\winamp.exe
uRun: [Lvjpdiejlqf] C:\Users\iStarrah\AppData\Local\Temp\user.exe
uRun: [Lvjpdiejlk+] C:\Users\iStarrah\AppData\Local\Temp\gdi32.exe
uRun: [Lvjpdiejlqf (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Users\iStarrah\AppData\Local\Temp\user.exe
uRun: [Lvjpdiejlk+ (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Users\iStarrah\AppData\Local\Temp\gdi32.exe
uRun: [Lvjpdiejlupc] C:\Users\iStarrah\AppData\Local\Temp\sysedit.exe
uRun: [Lvjpdiejl92warrah\AppData\Local\Temp\4236867004.exe] C:\Users\iStarrah\AppData\Local\Temp\4236867004.exe
uRun: [Lvjpdiejlprc] C:\Users\iStarrah\AppData\Local\Temp\install.exe
uRun: [LvjpdiejlqW] C:\Users\iStarrah\AppData\Local\Temp\drweb.exe
uRun: [Lvjpdiejlmc] C:\Users\iStarrah\AppData\Local\Temp\mdm.exe
uRun: [Lvjpdiejlqe] C:\Users\iStarrah\AppData\Local\Temp\setup.exe
uRun: [Lvjpdiejlna] C:\Users\iStarrah\AppData\Local\Temp\login.exe
uRun: [Lvjpdiejlhb] C:\Users\iStarrah\AppData\Local\Temp\debug.exe
uRun: [Mqmn10Aows\Temp\2948035869.exe] C:\Windows\Temp\2948035869.exe
uRun: [Lvjpdiejl7y0arrah\AppData\Local\Temp\2102016495.exe] C:\Users\iStarrah\AppData\Local\Temp\2102016495.exe
uRun: [Lvjpdiejl+00arrah\AppData\Local\Temp\2679370847.exe] C:\Users\iStarrah\AppData\Local\Temp\2679370847.exe
uRun: [Lvjpdiejl7y0(Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0] C:\Users\iStarrah\AppData\Local\Temp\2102016495.exe
uRun: [Lvjpdiejlqc] C:\Users\iStarrah\AppData\Local\Temp\win.exe
uRun: [Lvjpdiejlkc] C:\Users\iStarrah\AppData\Local\Temp\cmd.exe
uRun: [Mqvre] C:\Windows\wininst.exe
uRun: [Mqqoc] C:\Windows\debug.exe
uRun: [Mquuf] C:\Windows\spoolsv.exe
uRun: [Mqrtc] C:\Windows\hexdump.exe
uRun: [Mquxe] C:\Windows\system.exe
uRun: [Lvjpdiejlrxc] C:\Users\iStarrah\AppData\Local\Temp\spoolsv.exe
uRun: [Mqmn10/ows\Temp\3269197165.exe] C:\Windows\Temp\3269197165.exe
uRun: [Mqsrc] C:\Windows\login.exe
uRun: [Mquvc] C:\Windows\setup.exe
uRun: [Lvjpdiejlo+] C:\Users\iStarrah\AppData\Local\Temp\avp32.exe
uRun: [MqsZ] C:\Windows\mdm.exe
uRun: [Lvjpdiejlqvc] C:\Users\iStarrah\AppData\Local\Temp\svchost.exe
uRun: [Lvjpdiejlq+] C:\Users\iStarrah\AppData\Local\Temp\win32.exe
uRun: [Mqug] C:\Windows\smss.exe
uRun: [Lvjpdiejlora] C:\Users\iStarrah\AppData\Local\Temp\iexplarer.exe
uRun: [MqvPc] C:\Windows\win32.exe
uRun: [Mqpe] C:\Windows\avp.exe
uRun: [Lvjpdiejlrf] C:\Users\iStarrah\AppData\Local\Temp\smss.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Lvjpdiejlotc] C:\Users\iStarrah\AppData\Local\Temp\hexdump.exe
mRun: [LvjpdiejlsPc] C:\Users\iStarrah\AppData\Local\Temp\nvsvc32.exe
mRun: [Lvjpdiejlqb] C:\Users\iStarrah\AppData\Local\Temp\winamp.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MqmP02/ows\TEMP\1288859474.exe] C:\Windows\TEMP\1288859474.exe
mRun: [Lvjpdiejlqf] C:\Users\iStarrah\AppData\Local\Temp\user.exe
mRun: [Lvjpdiejlk+] C:\Users\iStarrah\AppData\Local\Temp\gdi32.exe
mRun: [Lvjpdiejlqf (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Users\iStarrah\AppData\Local\Temp\user.exe
mRun: [Lvjpdiejlk+ (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\Users\iStarrah\AppData\Local\Temp\gdi32.exe
mRun: [Lvjpdiejlupc] C:\Users\iStarrah\AppData\Local\Temp\sysedit.exe
mRun: [Lvjpdiejl92warrah\AppData\Local\Temp\4236867004.exe] C:\Users\iStarrah\AppData\Local\Temp\4236867004.exe
mRun: [Lvjpdiejlprc] C:\Users\iStarrah\AppData\Local\Temp\install.exe
mRun: [LvjpdiejlqW] C:\Users\iStarrah\AppData\Local\Temp\drweb.exe
mRun: [MqmP10/ows\TEMP\3269197165.exe] C:\Windows\TEMP\3269197165.exe
mRun: [Lvjpdiejlmc] C:\Users\iStarrah\AppData\Local\Temp\mdm.exe
mRun: [MqmP10Aows\TEMP\2948035869.exe] C:\Windows\TEMP\2948035869.exe
mRun: [Lvjpdiejlqe] C:\Users\iStarrah\AppData\Local\Temp\setup.exe
mRun: [Lvjpdiejlna] C:\Users\iStarrah\AppData\Local\Temp\login.exe
mRun: [Lvjpdiejlhb] C:\Users\iStarrah\AppData\Local\Temp\debug.exe
mRun: [Mqmn10Aows\Temp\2948035869.exe] C:\Windows\Temp\2948035869.exe
mRun: [Lvjpdiejl7y0arrah\AppData\Local\Temp\2102016495.exe] C:\Users\iStarrah\AppData\Local\Temp\2102016495.exe
mRun: [Lvjpdiejl+00arrah\AppData\Local\Temp\2679370847.exe] C:\Users\iStarrah\AppData\Local\Temp\2679370847.exe
mRun: [Lvjpdiejl7y0(Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0] C:\Users\iStarrah\AppData\Local\Temp\2102016495.exe
mRun: [Lvjpdiejlqc] C:\Users\iStarrah\AppData\Local\Temp\win.exe
mRun: [Lvjpdiejlkc] C:\Users\iStarrah\AppData\Local\Temp\cmd.exe
mRun: [Mqvre] C:\Windows\wininst.exe
mRun: [Mqqoc] C:\Windows\debug.exe
mRun: [Mquuf] C:\Windows\spoolsv.exe
mRun: [Mqrtc] C:\Windows\hexdump.exe
mRun: [Mquxe] C:\Windows\system.exe
mRun: [Lvjpdiejlrxc] C:\Users\iStarrah\AppData\Local\Temp\spoolsv.exe
mRun: [Mqmn10/ows\Temp\3269197165.exe] C:\Windows\Temp\3269197165.exe
mRun: [Mqsrc] C:\Windows\login.exe
mRun: [Mquvc] C:\Windows\setup.exe
mRun: [Lvjpdiejlo+] C:\Users\iStarrah\AppData\Local\Temp\avp32.exe
mRun: [MqsZ] C:\Windows\mdm.exe
mRun: [Lvjpdiejlqvc] C:\Users\iStarrah\AppData\Local\Temp\svchost.exe
mRun: [Lvjpdiejlq+] C:\Users\iStarrah\AppData\Local\Temp\win32.exe
mRun: [Mqug] C:\Windows\smss.exe
mRun: [Lvjpdiejlora] C:\Users\iStarrah\AppData\Local\Temp\iexplarer.exe
mRun: [MqvPc] C:\Windows\win32.exe
mRun: [Mqpe] C:\Windows\avp.exe
mRun: [Lvjpdiejlrf] C:\Users\iStarrah\AppData\Local\Temp\smss.exe
mRunOnce: [<NO NAME>]
mRunOnce: [Wrapper] runonce
mRunOnce: [GrpConv] grpconv -o
dRun: [MqmP02/ows\TEMP\1288859474.exe] C:\Windows\TEMP\1288859474.exe
dRun: [MqmP10/ows\TEMP\3269197165.exe] C:\Windows\TEMP\3269197165.exe
dRun: [MqmP10Aows\TEMP\2948035869.exe] C:\Windows\TEMP\2948035869.exe
dRun: [lpc] rundll32.exe"C:\Users\iStarrah\AppData\Roaming\Sun\stbsg2.dll", RegisterDll
StartupFolder: C:\Users\iStarrah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106011328.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\iStarrah\AppData\Roaming\Mozilla\Firefox\Profiles\74ke1tex.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\iStarrah\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\iStarrah\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: C:\Users\iStarrah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\iStarrah\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\iStarrah\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {7ABCB8D5-1AAB-4D36-8119-21E8611541FD} - C:\Users\iStarrah\AppData\Local\{7ABCB8D5-1AAB-4D36-8119-21E8611541FD}
FF - HiddenExtension: XULRunner: {30991365-D31A-4CC1-B14C-CC3D65F67842} - C:\Windows\system32\config\systemprofile\AppData\Local\{30991365-D31A-4CC1-B14C-CC3D65F67842}\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - C:\Program Files (x86)\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor
FF - Extension: XULRunner: {7ABCB8D5-1AAB-4D36-8119-21E8611541FD} - C:\Users\iStarrah\AppData\Local\{7ABCB8D5-1AAB-4D36-8119-21E8611541FD}
FF - Extension: XULRunner: {30991365-D31A-4CC1-B14C-CC3D65F67842} - C:\Windows\system32\config\systemprofile\AppData\Local\{30991365-D31A-4CC1-B14C-CC3D65F67842}
FF - Extension: Personas: personas@christopher.beard - C:\Users\iStarrah\AppData\Roaming\Mozilla\Firefox\Profiles\74ke1tex.default\extensions\personas@christopher.beard
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - C:\Users\iStarrah\AppData\Roaming\Mozilla\Firefox\Profiles\74ke1tex.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - C:\Users\iStarrah\AppData\Roaming\Mozilla\Firefox\Profiles\74ke1tex.default\extensions\youtube2mp3@mondayx.de

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 529128]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-5-6 55856]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-2-22 75032]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-2-22 283360]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-6-12 355440]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-2-22 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-2-22 149032]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-2-22 441328]
S2 AERTFilters;Andrea RT Filters Service;C:\Windows\System32\AERTSr64.exe [2009-5-6 86016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 gupdate1ca044d560f8cc8;Google Update Service (gupdate1ca044d560f8cc8);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-14 133104]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-6-12 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-6-12 355440]
S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-6-12 355440]
S2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-2-22 200056]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" --> C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-2-22 62800]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-2-22 190136]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-2-22 94864]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-11-26 38992]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-5 1255736]

=============== Created Last 30 ================

2010-12-03 01:45:50 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2010-12-03 01:45:50 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2010-12-03 01:45:50 -------- d-----w- C:\PROGRA~3\STOPzilla!
2010-12-03 01:38:02 54276 ---h--w- C:\Windows\setup.exe
2010-12-03 01:38:01 54276 ---h--w- C:\Windows\smss.exe
2010-12-03 01:38:01 54276 ---h--w- C:\Windows\mdm.exe
2010-12-03 01:38:00 54276 ---h--w- C:\Windows\system.exe
2010-12-03 01:38:00 54276 ---h--w- C:\Windows\hexdump.exe
2010-12-03 01:38:00 54276 ------w- C:\Windows\login.exe
2010-12-03 01:37:41 54276 ---h--w- C:\Windows\spoolsv.exe
2010-12-03 01:37:41 54276 ------w- C:\Windows\avp.exe
2010-12-03 01:37:40 54276 ---h--w- C:\Windows\wininst.exe
2010-12-03 01:37:40 54276 ---h--w- C:\Windows\win32.exe
2010-12-03 01:37:40 54276 ---h--w- C:\Windows\debug.exe
2010-12-02 06:46:52 -------- d-----w- C:\Users\iStarrah\AppData\Roaming\Malwarebytes
2010-12-02 06:38:26 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-02 06:38:23 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-02 06:38:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-01 19:25:34 -------- d-----w- C:\Program Files (x86)\TweetDeck
2010-11-30 06:21:23 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{7A8C9750-6A91-4D28-9815-ADCCBC88E004}\mpengine.dll
2010-11-30 02:10:21 0 ----a-w- C:\Windows\SysWow64\lsp9B29.tmp
2010-11-30 02:09:24 30000 ----a-w- C:\Windows\SysWow64\drnxgns4.dll
2010-11-29 22:13:10 -------- d-----w- C:\Users\iStarrah\AppData\Roaming\56B912FA0C0FD7DDD9E093943503F8CA
2010-11-24 11:08:30 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 11:08:30 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-22 21:56:42 546256 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2010-11-22 21:56:42 452048 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2010-11-22 21:56:42 398800 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2010-11-22 21:56:42 28624 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2010-11-22 21:56:42 22992 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2010-11-22 21:56:42 132560 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2010-11-22 21:56:40 99792 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2010-11-22 21:56:40 99792 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2010-11-22 21:56:40 738768 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2010-11-22 21:56:40 67024 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2010-11-22 21:56:40 390608 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2010-11-22 21:56:40 230864 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2010-11-06 16:37:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 16:37:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

==================== Find3M ====================

2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-14 02:28:54 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2010-10-14 02:28:54 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2010-10-14 02:28:54 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2010-10-14 02:28:54 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2010-10-14 02:28:54 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2010-10-14 02:28:54 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2010-10-14 02:28:54 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2010-10-14 02:28:54 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2010-10-14 02:28:54 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 1:37:58.45 ===============

BC AdBot (Login to Remove)

 

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 10 December 2010 - 03:51 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply



information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 13 December 2010 - 06:01 AM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 16 December 2010 - 12:18 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.

With Regards,
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·