Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Tool virus


  • Please log in to reply
3 replies to this topic

#1 Roger323

Roger323

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 28 February 2011 - 12:51 PM

I need help. I have a System Tool spyware in my PC and I can't remove it. I tried Windows XP Repair Install to no avail. System Restore won't work as well. Please help.

But this is the thing. I have 2 user accounts in my computer. The other the System Tool spyware will appear. The other it will not. THe internet in the infected one will not work even with the LAN settings uncheck. In the other the internet will work. Can I do the preparation in the uninfected one and run the DDs and Gmer there? Thanks. Also I already did that and then suddenly the Gmer froze the PC so I have to restart again.

This a new topic from a previous one wherein somebody helped me to prepare but as I just said the PC froze. Should I continue again and also in the other user account?

THanks.

Hi,

I need help to remove the System Tool spyware in my PC. Everytime I boot my PC it starts and just take over the screen with the scanner screen also that scans for viruses. It would'nt let me start any spyware software and also disables my anti-virus. Attached here is the DDs log and the attach.txt. I had problems running the gmer.exe because 4x I run and 4x the PC froze. I actually left the PC running for half a day but it froze. Last time it froze it was in the c:\\Windows\system32\netdrivers\biosys... It always freezes in the netdrivers folder.



DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Bong at 9:51:29.20 on Tue 03/01/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2037.1391 [GMT -8:00]

AV: ZoneAlarm Security Suite Antivirus *Disabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Firewall *Enabled*
FW: ZoneAlarm Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bong\Desktop\Defogger.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Bong\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110226151849.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Esuxabamomigobab] rundll32.exe "c:\windows\hdmdbdg.dll",Startup
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
uRun: [Google Update] "c:\documents and settings\bong\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239759009515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: text/html - {c1b9b36a-8630-44d9-8426-1b1d9ee62f92} -
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 fcbcaw.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bong\applic~1\mozilla\firefox\profiles\gzzmpuwp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\bong\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\bong\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\bong\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {CAF31525-EC33-4B60-869B-F6BCFD7CADC4} - c:\documents and settings\bong\local settings\application data\{CAF31525-EC33-4B60-869B-F6BCFD7CADC4}
FF - Ext: XULRunner: {F4B12305-9199-4AC5-AA95-F627DEED1CD7} - c:\documents and settings\sleeping dragon\local settings\application data\{F4B12305-9199-4AC5-AA95-F627DEED1CD7}
FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitDefender QuickScanner: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: Veoh Web Player Video Finder: web@veoh.com - c:\program files\veoh networks\veohwebplayer\FFVideoFinder

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-27 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-26 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-26 84072]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-14 353672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1228208]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-2-26 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-26 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-26 141792]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-26 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-26 88544]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
S1 MpKsl4e62c5d8;MpKsl4e62c5d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6a4cf053-cbbb-4261-978a-eaf80a7f14d3}\mpksl4e62c5d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6a4cf053-cbbb-4261-978a-eaf80a7f14d3}\MpKsl4e62c5d8.sys [?]
S1 MpKsl7ad48fc7;MpKsl7ad48fc7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{370008c3-803a-4a88-a8f0-48564191d085}\MpKsl7ad48fc7.sys [2011-2-27 28752]
S1 MpKsl838a7c57;MpKsl838a7c57;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09373e01-4b29-481f-85af-a6b7e7d7cc44}\mpksl838a7c57.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{09373e01-4b29-481f-85af-a6b7e7d7cc44}\MpKsl838a7c57.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-28 133104]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-14 93320]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-2-26 271480]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-2-26 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-26 171168]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-26 55840]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2005-8-3 4736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-26 152960]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-26 52104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-26 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-26 84264]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2005-8-3 8960]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2011-03-01 12:11:46 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-02-28 11:43:44 -------- d-----w- c:\windows\system32\NtmsData
2011-02-27 23:24:06 98816 ----a-w- c:\windows\sed.exe
2011-02-27 23:24:06 89088 ----a-w- c:\windows\MBR.exe
2011-02-27 23:24:06 256512 ----a-w- c:\windows\PEV.exe
2011-02-27 23:24:06 161792 ----a-w- c:\windows\SWREG.exe
2011-02-27 23:23:57 -------- dcs---w- C:\ComboFix
2011-02-27 22:56:30 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-02-27 20:30:59 6144 -c--a-w- c:\windows\system32\dllcache\kbdax2.dll
2011-02-27 20:27:54 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-02-27 20:27:54 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-02-27 20:15:50 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-02-27 20:15:50 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-02-27 20:15:50 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-02-27 20:15:50 13312 ----a-w- c:\windows\system32\irclass.dll
2011-02-27 20:15:41 10559 ----a-r- c:\windows\SET141.tmp
2011-02-27 20:15:40 22339 ----a-r- c:\windows\SET140.tmp
2011-02-27 20:15:33 13753 ----a-r- c:\windows\SET10D.tmp
2011-02-27 20:15:30 1086058 ----a-r- c:\windows\SET100.tmp
2011-02-27 20:15:28 1042903 ----a-r- c:\windows\SETFD.tmp
2011-02-27 11:15:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 11:15:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 10:18:35 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{370008c3-803a-4a88-a8f0-48564191d085}\MpKsl7ad48fc7.sys
2011-02-27 10:15:55 -------- d--h--w- c:\windows\PIF
2011-02-27 09:49:23 -------- d-----w- c:\program files\SpywareBlaster
2011-02-27 09:10:59 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{370008c3-803a-4a88-a8f0-48564191d085}\MpKsla6037a07.sys
2011-02-27 08:41:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\dDfIlIa17702
2011-02-26 23:18:49 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-02-26 23:18:48 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-02-26 23:18:30 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-02-26 23:18:25 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-02-26 23:18:25 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-02-26 23:18:25 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-02-26 23:18:24 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-02-26 23:18:24 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-02-26 23:18:24 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-02-26 23:18:24 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-02-26 23:18:24 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-02-26 23:18:23 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-02-26 21:07:42 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{370008c3-803a-4a88-a8f0-48564191d085}\mpengine.dll
2011-02-10 10:09:30 -------- d-----w- c:\windows\system32\scripting
2011-02-10 10:09:30 -------- d-----w- c:\windows\l2schemas
2011-02-10 10:09:29 -------- d-----w- c:\windows\system32\en
2011-02-10 10:09:29 -------- d-----w- c:\windows\system32\bits
2011-02-10 10:01:19 -------- d-----w- c:\windows\network diagnostic
2011-02-10 09:54:39 -------- d-----w- c:\windows\EHome

==================== Find3M ====================

2010-12-21 03:52:42 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

============= FINISH: 9:55:00.71 ===============

EDIT: Topcis and posts merged ~BP

Attached Files


Edited by Budapest, 02 March 2011 - 04:29 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:07 AM

Posted 06 March 2011 - 08:34 AM

hi,

Your post is a few days old. If you still need help just reply back.

How Can I Reduce My Risk to Malware?


#3 Roger323

Roger323
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:07 AM

Posted 06 March 2011 - 09:48 AM

Hi,

Thanks Shelf life but I was able to fix the said System Tool. Somehow it got killed by MBAM and Rkill. It never appeared anymore during startup. THanks.

Sincerely,

#4 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:07 AM

Posted 06 March 2011 - 01:14 PM

Ok then. Happy safe surfing

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users