Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus, Trojan, Spyware


  • Please log in to reply
43 replies to this topic

#1 zooter

zooter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 17 November 2011 - 06:19 PM

I have contracted a Virus, Trojan, Spyware
I am getting these pop ups
I cannot attach the screenshot image as its telling me its too big
I am also getting security warnings telling me applications are infected
and there is a silver/blue shield in the bottom right tray that was never there before
please help
thanks

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,106 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:48 PM

Posted 18 November 2011 - 03:12 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 zooter

zooter
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 18 November 2011 - 12:41 PM

Ok thanks
here are the dds logs and the GMER Log
I wasnt able to attach them so had to paste them in here because it says (Used 507.7K of your 512K global upload quota) however I noticed on the help page athttp://www.bleepingcomputer.com/forums/topic34773.html
it shows as unlimited quota in step9. can mine be increased?
Hope this is ok for now anyway

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by M at 7:33:29 on 2011-11-18
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\M Iudice\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k intelusbs3
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common

files\mcafee\systemcore\ScriptSn.20110728155556.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DataLayer] c:\progra~1\common~1\pcsuite\datala~1\DATALA~1.EXE
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program

files\mcafee\spamkiller\mcapfbho.dll
LSP: mswsock.dll
Trusted Zone: linkshare.com\www
Trusted Zone: linksynergy.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} -

hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{75D862A1-5B6E-4602-AEAC-E9228C0E697B} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: intelsusb - ntusbw32.dll
Notify: ntusbw32 - ntusbw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\m \application data\mozilla\firefox\profiles\ng9kayko.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://zzzz.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\m iudice\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R? CamdDriverV32;CamdDriverV32
R? CamdVideo32;CamdVideo32
R? cfwids;McAfee Inc. cfwids
R? MBAMSwissArmy;MBAMSwissArmy
R? McMPFSvc;McAfee Personal Firewall Service
R? mfendisk;McAfee Core NDIS Intermediate Filter
R? mferkdet;McAfee Inc. mferkdet
R? mferkdk;McAfee Inc. mferkdk
R? mfesmfk;McAfee Inc. mfesmfk
R? MpKsl0131b22f;MpKsl0131b22f
R? MpKsl05dfcf8b;MpKsl05dfcf8b
R? MpKsl0f038f11;MpKsl0f038f11
R? MpKsl6b992504;MpKsl6b992504
R? MpKsl754d1f59;MpKsl754d1f59
R? MpKsl996cd87e;MpKsl996cd87e
R? MpKsla3bdf01b;MpKsla3bdf01b
R? MpKslc58f419c;MpKslc58f419c
R? MpKsld308d001;MpKsld308d001
R? MpKslf760fd9e;MpKslf760fd9e
S? !SASCORE;SAS Core Service
S? intelusb3;Intel USB3 Device Service
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? McProxy;McAfee Proxy Service
S? McrdSvc;Media Center Extender Service
S? McShield;McAfee McShield
S? mfeavfk;McAfee Inc. mfeavfk
S? mfebopk;McAfee Inc. mfebopk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfendiskmp;mfendiskmp
S? mfetdi2k;McAfee Inc. mfetdi2k
S? mfevtp;McAfee Validation Trust Protection Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2011-11-18 15:08:35 37888 ----a-w- c:\windows\system32\ntusbw32.dll
2011-11-18 15:08:35 162304 ----a-w- c:\windows\system32\inusbw32.dll
2011-11-17 22:28:56 -------- d-----w- c:\documents and settings\m iudice\application data\PonG4amH6W7E9Tq
2011-11-17 22:28:55 -------- d-----w- c:\documents and settings\m iudice\application data\FNtxA0uvSiFpGaJ
2011-11-17 20:29:31 -------- d-----w- c:\program files\ABE2D
2011-11-17 20:29:02 -------- d-----w- c:\documents and settings\m iudice\application data\RCelIBrzPyAuDoF
2011-11-17 20:29:01 -------- d-----w- c:\documents and settings\m iudice\application data\mqhYXwkUVlBx0c1
2011-11-17 20:12:13 -------- d-----w- c:\program files\LP
2011-11-17 20:12:13 -------- d-----w- c:\documents and settings\m iudice\application data\F02AB
2011-11-17 20:12:07 -------- d-----w- c:\documents and settings\m iudice\application data\vyxxA00uvS2bFpm
2011-11-17 20:12:05 -------- d-----w- c:\documents and settings\m iudice\application data\S444pmHH5s
.
==================== Find3M ====================
.
2011-11-17 19:22:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-12 23:40:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 01:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 7:35:05.81 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/30/2006 5:45:29 PM
System Uptime: 11/18/2011 7:25:33 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WJ770
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 25.926 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 8.206 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Flash Video MX Pro version 4.6.1.0
725plc32
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe CSI CS4
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Media Live Encoder 3.1
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Reader 9.4.5
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Camera Driver
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Connect
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.6
Dell CinePlayer
Dell Color Printer 725
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EducateU
ELIcon
ESPNMotion
Games, Music, & Photos Launcher
Google Earth
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Intuit SiteBuilder
Java Auto Updater
Java™ 6 Update 26
kuler
Learn2 Player (Uninstall Only)
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia FreeHand MXa
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee SecurityCenter
MCU
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Modem Helper
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Nokia PC Suite
Notepad++
OpenMG Secure Module 4.6.01
PC Connectivity Solution
PDF Settings
Photodex Presenter
Picasa 3
PL-2303 USB-to-Serial
Quicken 2008
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Rhapsody Player Engine
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SanDisk TransferMate
Sansa Updater
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SonicStage 4.2
SpywareBlaster 4.2
StuffIt Express
StuffIt Standard
Suite Shared Configuration CS4
SUPERAntiSpyware
SWiSH Max3
SWiSHmax
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WampServer 2.0
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip
WordPerfect Office 12
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
11/18/2011 7:22:53 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective

action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but

this action failed with the following error: An instance of the service is already running.
11/17/2011 5:28:50 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated

with the following error: The specified procedure could not be found.
11/17/2011 2:29:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee

SpamKiller Server service to connect.
11/17/2011 2:29:25 PM, error: Service Control Manager [7000] - The McAfee SpamKiller Server service failed to start

due to the following error: The service did not respond to the start or control request in a timely fashion.
11/17/2011 2:26:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the

dlcf_device service to connect.
11/17/2011 2:26:22 PM, error: Service Control Manager [7000] - The dlcf_device service failed to start due to the

following error: The service did not respond to the start or control request in a timely fashion.
11/17/2011 2:26:22 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcf_device with

arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
.
==== End Of File ===========================

#4 zooter

zooter
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 18 November 2011 - 08:11 PM

Here is the GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-18 16:37:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e HDS728080PLA380 rev.PF2OA63A
Running: gmer.exe; Driver: C:\DOCUME~1\MIUDIC~1\LOCALS~1\Temp\pwldapog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF8437D34]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF8437D48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!NtOpenProcess 8057F93A 5 Bytes JMP F8437D38 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 80596743 5 Bytes JMP F8437D4C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text redbook.sys F8624000 2 Bytes [C7, 45]
.text redbook.sys F8624003 91 Bytes JMP F8624243 \SystemRoot\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation)
.text redbook.sys F862405F 7 Bytes [EB, 07, C7, 45, E4, 00, 00]
.text redbook.sys F8624067 10 Bytes [00, 6A, 00, 8B, 45, 08, 50, ...]
.text redbook.sys F8624072 4 Bytes JMP F8624246 \SystemRoot\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation)
.text ...
? C:\WINDOWS\system32\DRIVERS\redbook.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F1000A
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F2000A
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F0000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat F72FED20
Device \FileSystem\Fastfat \Fat F73029F2

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) F81F9000-F8219000 (131072 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud@imagepath \systemroot\system32\drivers\SKYNETovvrjlqj.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main@aid 10096
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETovvrjlqj.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\modules@SKYNETcmd.dll \systemroot\system32\SKYNETkltpkylr.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\modules@SKYNETlog.dat \systemroot\system32\SKYNETtwipjncd.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\modules@SKYNETwsp.dll \systemroot\system32\SKYNETpypeqwbd.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETdpkkyxud\modules@SKYNET.dat \systemroot\system32\SKYNETvibnyklv.dat
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov@imagepath \systemroot\system32\drivers\gasfkyhxvvrimr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main@aid 20162
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main\delete@C:\DOCUME~1\MIUDIC~1\LOCALS~1\Temp\gasfkydttlxribcj.tmp
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main\delete@C:\DOCUME~1\MIUDIC~1\LOCALS~1\Temp\gasfkywipqsbnmjq.tmp
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkyhxvvrimr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules@gasfkycmd.dll \systemroot\system32\gasfkyjvbjkniq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules@gasfkylog.dat \systemroot\system32\gasfkykkwputoq.dat
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules@gasfkywsp.dll \systemroot\system32\gasfkyxyfmhtki.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules@gasfky.dat \systemroot\system32\gasfkypprvdytn.dat
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkylmlklrov\modules@gasfkywsp8.dll \systemroot\system32\gasfkydtcwyroy.dll

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\DEUQJ7MU.txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FJ3LYVY6\dref=http%253A%252F%252Fwww.education[1].com%252Fvideo%252Fspeakaboos%252Fbeauty-beast%252F 606 bytes

---- EOF - GMER 1.0.15 ----

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 22 November 2011 - 06:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/428315 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 zooter

zooter
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 22 November 2011 - 07:07 PM

Logs have been posted above
I am on windows xp
thanks

#7 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:48 PM

Posted 22 November 2011 - 08:53 PM

hi,

Your post is a few days old. If you still need help simply reply back.

How Can I Reduce My Risk to Malware?


#8 zooter

zooter
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 23 November 2011 - 12:58 AM

Yes I Do!
I clicked the link above that read
"in order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there."

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/428315 <<< CLICK THIS LINK

YES I still Need Help

Edited by zooter, 23 November 2011 - 12:59 AM.


#9 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:48 PM

Posted 23 November 2011 - 03:05 PM

ok. We will get a download to use. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the log and we will go from there.

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#10 zooter

zooter
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 23 November 2011 - 03:19 PM

ok
can i do the combofix in safemode? because thats the only way i can get the machine to run without it shutting down and giving me the blue screen windows error

#11 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:48 PM

Posted 23 November 2011 - 03:29 PM

Yes you can run it in safe mode. If it runs ok in safe mode then when done try runnning it again after a normal start up.

How Can I Reduce My Risk to Malware?


#12 zooter

zooter
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 23 November 2011 - 03:31 PM

ok going to run the combofix now and will post log once its done

#13 zooter

zooter
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 23 November 2011 - 03:44 PM

while running combofix initially i received a popup stating
"you are infected with Rootkit.ZeroAccess it has inserted itself into the tcp/ip stack. This is a difficult infection to remove. "
then it asked me to restart
I restarted and combofix is running again now

Edited by zooter, 23 November 2011 - 03:45 PM.


#14 zooter

zooter
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 23 November 2011 - 04:33 PM

While waiting for combofix to finish I received a pop up reading
Registry Error:
Cannot export C:\Qoobox\Quarantine\Registry_backups\Notify-i (division sign here) then 2 dashes on top of one another)
Xx(square box symbol) (copyright Symbol) division symbol again, OJ.reg.dat:
error opening the file
There may be a disk or file system error

where I wrote in parentheses , That is what appears as part of the error but I cannot type those symbols in
hope it makes sense

#15 zooter

zooter
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 23 November 2011 - 04:48 PM

Here is the combofix log

ComboFix 11-11-23.01 - M Iudice 11/23/2011 12:43:53.15.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.325 [GMT -8:00]
Running from: c:\documents and settings\M Iudice\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\M Iudice\Application Data\Adobe\shalom.exe
c:\documents and settings\M Iudice\Application Data\F02AB
c:\documents and settings\M Iudice\Application Data\F02AB\9D432.exe
c:\documents and settings\M Iudice\Application Data\F02AB\BE2D.02A
c:\program files\LP
c:\program files\LP\323F\1EE.tmp
c:\program files\LP\323F\49F.tmp
c:\program files\LP\323F\8.tmp
c:\program files\LP\323F\A.tmp
c:\windows\$NtUninstallKB8760$
c:\windows\$NtUninstallKB8760$\2702410539\@
c:\windows\$NtUninstallKB8760$\2702410539\bckfg.tmp
c:\windows\$NtUninstallKB8760$\2702410539\cfg.ini
c:\windows\$NtUninstallKB8760$\2702410539\Desktop.ini
c:\windows\$NtUninstallKB8760$\2702410539\keywords
c:\windows\$NtUninstallKB8760$\2702410539\kwrd.dll
c:\windows\$NtUninstallKB8760$\2702410539\L\pdmzmplg
c:\windows\$NtUninstallKB8760$\2702410539\lsflt7.ver
c:\windows\$NtUninstallKB8760$\2702410539\U\00000001.@
c:\windows\$NtUninstallKB8760$\2702410539\U\00000002.@
c:\windows\$NtUninstallKB8760$\2702410539\U\00000004.@
c:\windows\$NtUninstallKB8760$\2702410539\U\80000000.@
c:\windows\$NtUninstallKB8760$\2702410539\U\80000004.@
c:\windows\$NtUninstallKB8760$\2702410539\U\80000032.@
c:\windows\$NtUninstallKB8760$\364001919
c:\windows\CSC\d6
c:\windows\system32\c_98855.nl_
c:\windows\system32\c_98855.nls
c:\windows\system32\certstore.dat
c:\windows\system32\ntusbw32.dll
D:\AUTORUN.INF
.
Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 20:38 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-11-23 20:33 . 2011-11-23 20:33 32256 ----a-w- c:\windows\system32\X73J48G.com
2011-11-18 15:08 . 2011-11-18 15:08 162304 ----a-w- c:\windows\system32\inusbw32.dll
2011-11-17 22:28 . 2011-11-17 22:28 -------- d-----w- c:\documents and settings\M Iudice\Application Data\PonG4amH6W7E9Tq
2011-11-17 22:28 . 2011-11-17 22:28 -------- d-----w- c:\documents and settings\M Iudice\Application Data\FNtxA0uvSiFpGaJ
2011-11-17 20:46 . 2011-11-18 02:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-17 20:29 . 2011-11-17 20:30 -------- d-----w- c:\program files\ABE2D
2011-11-17 20:29 . 2011-11-17 20:29 -------- d-----w- c:\documents and settings\M Iudice\Application Data\RCelIBrzPyAuDoF
2011-11-17 20:29 . 2011-11-17 20:29 -------- d-----w- c:\documents and settings\M Iudice\Application Data\mqhYXwkUVlBx0c1
2011-11-17 20:12 . 2011-11-17 20:12 -------- d-----w- c:\documents and settings\M Iudice\Application Data\vyxxA00uvS2bFpm
2011-11-17 20:12 . 2011-11-17 20:12 -------- d-----w- c:\documents and settings\M Iudice\Application Data\S444pmHH5s
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 19:22 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-12 23:40 . 2011-05-26 16:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2005-08-16 09:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2005-08-16 09:18 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2005-08-16 09:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2005-08-16 09:18 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 01:00 . 2011-07-28 03:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 18:48 . 2011-07-28 00:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 472632]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-05 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-23 1306728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-24 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-08 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcfpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/27/2011 9:11 AM 89368]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 9:54 AM 116608]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [7/27/2011 9:12 AM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [7/27/2011 9:05 AM 148520]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/27/2011 9:11 AM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/27/2011 9:11 AM 83688]
S1 MpKsl0131b22f;MpKsl0131b22f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A779E97-46CB-43B7-BB43-C4C8791A4533}\MpKsl0131b22f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A779E97-46CB-43B7-BB43-C4C8791A4533}\MpKsl0131b22f.sys [?]
S1 MpKsl05dfcf8b;MpKsl05dfcf8b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0904F10F-EC25-4B66-A874-F6D788668CFE}\MpKsl05dfcf8b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0904F10F-EC25-4B66-A874-F6D788668CFE}\MpKsl05dfcf8b.sys [?]
S1 MpKsl0f038f11;MpKsl0f038f11;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EAAD1EFB-587A-4BA2-A678-4167E6684950}\MpKsl0f038f11.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EAAD1EFB-587A-4BA2-A678-4167E6684950}\MpKsl0f038f11.sys [?]
S1 MpKsl6b992504;MpKsl6b992504;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1CFB736-615A-47E3-9D6C-7BE49DDEB843}\MpKsl6b992504.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C1CFB736-615A-47E3-9D6C-7BE49DDEB843}\MpKsl6b992504.sys [?]
S1 MpKsl754d1f59;MpKsl754d1f59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DA71E3A-AA14-4A5B-BCBD-41D200203434}\MpKsl754d1f59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DA71E3A-AA14-4A5B-BCBD-41D200203434}\MpKsl754d1f59.sys [?]
S1 MpKsl996cd87e;MpKsl996cd87e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED80C082-ECF0-46C9-997D-FF29ECFE059E}\MpKsl996cd87e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED80C082-ECF0-46C9-997D-FF29ECFE059E}\MpKsl996cd87e.sys [?]
S1 MpKsla3bdf01b;MpKsla3bdf01b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DB046BA-02A2-4BD3-AD5F-9E2A708971DA}\MpKsla3bdf01b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DB046BA-02A2-4BD3-AD5F-9E2A708971DA}\MpKsla3bdf01b.sys [?]
S1 MpKslc58f419c;MpKslc58f419c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED80C082-ECF0-46C9-997D-FF29ECFE059E}\MpKslc58f419c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED80C082-ECF0-46C9-997D-FF29ECFE059E}\MpKslc58f419c.sys [?]
S1 MpKsld308d001;MpKsld308d001;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4529143-D309-4242-BCF5-92959EDE731A}\MpKsld308d001.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E4529143-D309-4242-BCF5-92959EDE731A}\MpKsld308d001.sys [?]
S1 MpKslf760fd9e;MpKslf760fd9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{658CD0C2-344E-4D86-BDE9-1C12E3751965}\MpKslf760fd9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{658CD0C2-344E-4D86-BDE9-1C12E3751965}\MpKslf760fd9e.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [7/12/2011 1:55 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
S2 intelusb3;Intel USB3 Device Service;c:\windows\System32\svchost.exe -k intelusbs3 [8/16/2005 1:18 AM 14336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/3/2008 7:03 PM 94880]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/27/2011 9:11 AM 214904]
S3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [7/24/2008 1:23 PM 508544]
S3 CamdVideo32;CamdVideo32;c:\windows\system32\drivers\CamdVideo32.sys [7/24/2008 1:23 PM 3768]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/27/2011 9:11 AM 57432]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/27/2011 9:11 AM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/27/2011 9:11 AM 85984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
intelusbs3 REG_MULTI_SZ intelusb3
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-11-16 c:\windows\Tasks\Backup.job
- c:\windows\system32\ntbackup.exe [2005-08-16 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.solsticeweb.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: linkshare.com\www
Trusted Zone: linksynergy.com\www
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\M Iudice\Application Data\Mozilla\Firefox\Profiles\ng9kayko.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://mail.solsticeweb.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-=ntusbw32 - (no file)
Notify-intelsusb - ntusbw32.dll
Notify-KERNEL32 - (no file)
Notify-ntusbw32 - ntusbw32.dll
Notify-Service Pack 3 - Asynchronous
Notify-WlLogonEvent - ntusbw32.dll
Notify-¡÷¦Xxnaw§©÷ÔJ - ntusbw32.dll
AddRemove-Coupon Printer for Windows4.0 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 13:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\l3codeca.acm
.
- - - - - - - > 'explorer.exe'(1456)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2011-11-23 13:28:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-23 21:28
.
Pre-Run: 27,312,394,240 bytes free
Post-Run: 27,663,093,760 bytes free
.
- - End Of File - - FE85C929CB94D147AF2B5FA58ACE1410




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users