Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC POWER SPEED (FAKE) - please help


  • This topic is locked This topic is locked
9 replies to this topic

#1 Homer Sims

Homer Sims

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 23 December 2012 - 01:48 PM

Helping a friend who is a senior, I warned her that this will take some time.

Here are my DDS logs... and attach.zip

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Tom Gibson at 13:38:43 on 2012-12-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.547 [GMT -5:00]
.
AV: Defense Center *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\24x7Help\App24x7Svc.exe
C:\Documents and Settings\Tom Gibson\Application Data\alotservice\alotservice.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Inbox Toolbar\Inbox.exe
C:\Program Files\24x7Help\App24x7Help.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Program Files\PCPowerSpeed\PCPowerTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\24x7Help\App24x7Hook.exe
C:\PROGRA~1\REBATE~1\REBATE~1.EXE
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\PCPowerSpeed\PCPowerSpeed.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80556&lng=en
uSearch Bar = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uSearch Page = hxxp://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=6070531
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - c:\program files\inbox toolbar\Inbox.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: <No Name>: {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - c:\program files\siteranker\SiteRank.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - LocalServer32 - <no file>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - c:\program files\appgraffiti\AppGraffiti.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120628222930.dll
BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: CAB Class: {C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A} - LocalServer32 - <no file>
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - c:\program files\rebateinformer\RebateI.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - c:\program files\inbox toolbar\Inbox.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmid2.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: midicairUSA Toolbar: {F3902028-4A21-4793-8E05-793E183D51C2} - c:\program files\midicairusa\prxtbmid2.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: midicairUSA Toolbar: {f3902028-4a21-4793-8e05-793e183d51c2} - c:\program files\midicairusa\prxtbmid2.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files\alotappbar\bin\ALOTHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [RebateInformer] c:\progra~1\rebate~1\REBATE~1.EXE /STARTUP
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [IndexSearch] "c:\paperport\IndexSearch.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [InboxToolbar] "c:\program files\inbox toolbar\Inbox.exe" /STARTUP
mRun: [24x7HELP] "c:\program files\24x7help\App24x7Help.exe" /STARTUP
mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
mRun: [PCPowerSpeed] "c:\program files\pcpowerspeed\PCPowerTray.exe" /startup
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
StartupFolder: c:\docume~1\tomgib~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\tomgib~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\program files\inbox toolbar\Inbox.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\program files\rebateinformer\RebateI.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-5-31 3456]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-5-31 565352]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-17 91168]
R2 24x7HelpSvc;24x7HelpService;c:\program files\24x7help\App24x7Svc.exe [2012-8-26 394392]
R2 AlotService;ALOT Update Service;c:\documents and settings\tom gibson\application data\alotservice\alotservice.exe [2012-10-12 255880]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-3-6 54752]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-17 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-17 203400]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-17 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-17 167344]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-5-31 234824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-17 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-15 84432]
S2 gupdate1ca441de2e6d740;Google Update Service (gupdate1ca441de2e6d740);c:\program files\google\update\GoogleUpdate.exe [2009-10-3 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-17 60480]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-26 146872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-5-31 65488]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-15 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-17 92192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-5-31 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-5-31 40552]
S4 emgtxdxx;emgtxdxx;c:\windows\system32\drivers\kckf.sys [2010-7-2 54016]
S4 essy;essy;c:\windows\system32\drivers\fcwfdle.sys [2010-7-2 54016]
S4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-17 167784]
S4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-17 167784]
S4 umefjub;umefjub;c:\windows\system32\drivers\dxywtrnc.sys [2010-7-2 54016]
.
=============== Created Last 30 ================
.
2012-12-21 12:46:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-15 22:40:09 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-12-12 10:07:44 6008832 ----a-w- c:\windows\system32\SET17E.tmp
.
==================== Find3M ====================
.
2012-12-11 17:40:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 17:40:42 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 11:56:16 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 11:53:02 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 11:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 11:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 11:51:12 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 11:50:20 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 11:50:00 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 11:49:40 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 11:49:10 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 13:39:43.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 AM

Posted 25 December 2012 - 10:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please let me know if she wants to remove Power Speed.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists.

#3 Homer Sims

Homer Sims
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 26 December 2012 - 03:34 PM

Dear Nasdaq

Thank you so much for helping me.

She definitely DOESNT want PC POWER SPEED, before you replied to my thread I uninstalled it - but have no idea if it worked or didn't work, it looked like it completed.

She also has another "dubious" program pinned to her taskbar "SpeedUpMyPC" - I would like to uninstall it but thought best to ask you first.

Here are the logs you asked me to post

I haven't tested anything yet..... (wanted to wait to se what you told me about SpeedUpMyPC

Regards

Homer

++++++++++++++
ComboFix.txt
+++++++++++++++
ComboFix 12-12-25.02 - Tom Gibson 26/12/2012 14:51:13.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.321 [GMT -5:00]
Running from: c:\documents and settings\Tom Gibson\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\10.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\12.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\16922.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\17095.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\1739.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\17672.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\17781.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\2256.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\2620.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\2636.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\3911.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\4350.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\4378.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\4436.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\450.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\5354.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\5766.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\6090.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\6783.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\7031.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\83.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\8901.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\9502.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\9752.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Tom Gibson\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Tom Gibson\GoToAssistDownloadHelper.exe
c:\program files\alotappbar\alotUninst.exe
c:\program files\alotappbar\bin\alotappbar.dll
c:\program files\alotappbar\bin\alothelper.dll
c:\program files\alotappbar\bin\alotwidgets.exe
c:\program files\alotappbar\bin\BHO\ALOTHelperBHO.dll
c:\windows\system32\SET17E.tmp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALOTSERVICE
-------\Legacy_PRAGMAccdxvrvjuc
-------\Legacy_PRAGMAEXYRTQIBCO
-------\Legacy_PRAGMAoqhxvcchwy
-------\Service_AlotService
-------\Service_PRAGMAccdxvrvjuc
-------\Service_PRAGMAexyrtqibco
-------\Service_PRAGMAoqhxvcchwy
.
.
((((((((((((((((((((((((( Files Created from 2012-11-26 to 2012-12-26 )))))))))))))))))))))))))))))))
.
.
2012-12-24 22:46 . 2012-12-26 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-12-24 22:46 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-24 22:46 . 2012-12-24 22:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-21 12:46 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-15 22:40 . 2012-11-09 11:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 17:40 . 2012-08-28 17:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 17:40 . 2011-09-08 18:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2004-08-11 22:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 11:56 . 2010-08-17 12:29 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 11:53 . 2010-08-17 12:29 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 11:52 . 2010-08-17 12:29 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 11:52 . 2010-08-17 12:29 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 11:51 . 2007-06-01 01:05 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 11:50 . 2010-08-17 12:29 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 11:50 . 2007-06-01 01:05 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 11:49 . 2007-06-01 01:05 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 11:49 . 2010-08-17 12:29 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-06 00:41 . 2004-08-11 22:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2004-08-11 22:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-11 22:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-11 22:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04 . 2004-08-11 22:00 58368 ----a-w- c:\windows\system32\synceng.dll
.
<pre>
c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2012-08-16 04:18 343296 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
c:\program files\alotappbar\bin\BHO\ALOTHelperBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files\alotappbar\bin\ALOTHelper.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [N/A]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"IndexSearch"="c:\paperport\IndexSearch.exe" [2007-03-14 46632]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-30 981656]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"InboxToolbar"="c:\program files\Inbox Toolbar\Inbox.exe" [2012-08-28 1647336]
"SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe" [2012-08-16 320000]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [N/A]
.
c:\documents and settings\Tom Gibson\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-9-29 333088]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [31/05/2007 7:39 PM 3456]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [17/08/2010 7:29 AM 91168]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15/06/2011 4:33 PM 249648]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [17/08/2010 7:29 AM 167784]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [17/08/2010 7:30 AM 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [17/08/2010 7:29 AM 167344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [24/12/2012 5:46 PM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [24/12/2012 5:46 PM 1369624]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [17/08/2010 7:29 AM 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [15/12/2012 5:40 PM 84432]
S2 gupdate1ca441de2e6d740;Google Update Service (gupdate1ca441de2e6d740);c:\program files\Google\Update\GoogleUpdate.exe [03/10/2009 6:37 AM 133104]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [24/12/2012 5:46 PM 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 PM 160944]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [07/07/2011 6:31 PM 195336]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [17/08/2010 7:29 AM 60480]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [26/10/2012 10:46 PM 146872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [05/09/2012 10:56 AM 234776]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [15/12/2012 5:40 PM 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [17/08/2010 7:29 AM 92192]
S4 emgtxdxx;emgtxdxx;c:\windows\system32\drivers\kckf.sys [02/07/2010 12:10 PM 54016]
S4 essy;essy;c:\windows\system32\drivers\fcwfdle.sys [02/07/2010 12:10 PM 54016]
S4 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [17/08/2010 7:29 AM 167784]
S4 umefjub;umefjub;c:\windows\system32\drivers\dxywtrnc.sys [02/07/2010 12:11 PM 54016]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 17:41]
.
2012-12-26 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-12-24 19:08]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 11:37]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 11:37]
.
2012-12-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-957248802-3589403475-1426994346-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-957248802-3589403475-1426994346-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-12-17 c:\windows\Tasks\ReclaimerUpdateXML_Tom Gibson.job
- c:\documents and settings\Tom Gibson\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-16 21:26]
.
2012-12-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-12-24 19:07]
.
2012-12-24 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-12-24 19:07]
.
2012-12-26 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\sump.exe [2012-11-19 00:44]
.
2012-12-26 c:\windows\Tasks\spmonitor.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-11-19 00:44]
.
2012-12-26 c:\windows\Tasks\User_Feed_Synchronization-{0271E082-F6B6-45EA-95F6-E86EB3446BB3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80556&lng=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-alotAppbar - c:\program files\alotappbar\alotUninst.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 - c:\program files\Uniblue\SpeedUpMyPC\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-26 15:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,ae,32,ec,93,80,fa,4b,bb,e3,c9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,ae,32,ec,93,80,fa,4b,bb,e3,c9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-12-26 15:06:48
ComboFix-quarantined-files.txt 2012-12-26 20:06
.
Pre-Run: 133,211,590,656 bytes free
Post-Run: 133,204,848,640 bytes free
.
- - End Of File - - C45B939D5B78D0BDC679453B13CE5BDE

+++++++++
From SecurityCheck.exe
checkup.txt
++++++++++
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 20
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 4
Java™ 6 Update 7
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
mcafee VIRUSS~1 mcvsshld.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````

++++++++++++++++
AdwCleaner
AdwCleaner[R1].txt
++++++++++++++
# AdwCleaner v2.103 - Logfile created 12/26/2012 at 15:21:24
# Updated 25/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Tom Gibson - D81CC1D1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Tom Gibson\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
File Found : C:\WINDOWS\Uninstall.exe
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\AppGraffiti
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\SiteRanker
Folder Found : C:\Documents and Settings\Tom Gibson\Application Data\AppGraffiti
Folder Found : C:\Documents and Settings\Tom Gibson\Application Data\Inbox Toolbar
Folder Found : C:\Documents and Settings\Tom Gibson\Application Data\SiteRanker
Folder Found : C:\Documents and Settings\Tom Gibson\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\AppGraffiti
Folder Found : C:\Program Files\Bandoo
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Inbox Toolbar
Folder Found : C:\Program Files\PriceGong
Folder Found : C:\Program Files\SiteRanker

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppGraffiti
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Inbox Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\AppGraffiti
Key Found : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3070524
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Inbox Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Found : HKLM\Software\TENCENT
Key Found : HKU\S-1-5-21-957248802-3589403475-1426994346-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-957248802-3589403475-1426994346-1005\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxToolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.inbox.com/homepage.aspx?tbid=80556&lng=en

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Tom Gibson\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7572 octets] - [26/12/2012 15:21:24]

########## EOF - C:\AdwCleaner[R1].txt - [7632 octets] ##########

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 AM

Posted 27 December 2012 - 09:52 AM

<pre>
c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon .exe
</pre>

Open notepad and copy/paste the text in the quote box below into it:

File::
c:\windows\Tasks\SpeedUpMyPC.job
c:\windows\Tasks\spmonitor.job
c:\windows\system32\drivers\kckf.sys
c:\windows\system32\drivers\fcwfdle.sys
c:\windows\system32\drivers\dxywtrnc.sys

Folder::
c:\program files\alotappbar
c:\program files\Uniblue\SpeedUpMyPC
c:\program files\Uniblue\DriverScanner

Driver::
emgtxdxx
essy;essy
umefjub

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
[-HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A531D99C-5A22-449b-83DA-872725C6D0ED}"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"=-

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===========

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 20
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 4
Java™ 6 Update 7


Java 7 update 10 introduces important new security controls
You can read about it here.
http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please post the logs and let me know what problem persists.

#5 Homer Sims

Homer Sims
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 27 December 2012 - 10:01 AM

Nasdaq - I am working on your instructions right now.

At the beginning of your last message you have the following.(bolded only for clarity).. (was there something I needed to do with that)?

<pre>
c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon .exe
</pre>



Regards

Homer

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 AM

Posted 27 December 2012 - 11:45 AM

At the beginning of your last message you have the following.(bolded only for clarity).. (was there something I needed to do with that)?

<pre>
c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon .exe
</pre>


Yes I forgot to add this to my ComboFix script.

RENV::
c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon .exe


Add these 2 line after this last instruction.

ClearJavaCache::

#7 Homer Sims

Homer Sims
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 27 December 2012 - 01:46 PM

No problem, I am going to re-run the entire script with the additional 2 lines.

#8 Homer Sims

Homer Sims
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 27 December 2012 - 06:37 PM

The new logs posted below, I will give the computer a thorough test tomorrow and let you know if the problems are gone.

Nasdaq thank you so much for your help.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
First ComboFix Log resulting from your customized script:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 12-12-25.02 - Tom Gibson 27/12/2012 10:06:49.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.495 [GMT -5:00]
Running from: c:\documents and settings\Tom Gibson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom Gibson\Desktop\cfscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\windows\system32\drivers\dxywtrnc.sys"
"c:\windows\system32\drivers\fcwfdle.sys"
"c:\windows\system32\drivers\kckf.sys"
"c:\windows\Tasks\SpeedUpMyPC.job"
"c:\windows\Tasks\spmonitor.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Uniblue\SpeedUpMyPC
c:\program files\Uniblue\SpeedUpMyPC\cwebpage.dll
c:\program files\Uniblue\SpeedUpMyPC\InstallerExtensions.dll
c:\program files\Uniblue\SpeedUpMyPC\intermediate_views.dat
c:\program files\Uniblue\SpeedUpMyPC\latest_scan_results.xsl
c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
c:\program files\Uniblue\SpeedUpMyPC\library.dat
c:\program files\Uniblue\SpeedUpMyPC\locale\br\br.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\br\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\de\de.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\de\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\dk\dk.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\dk\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\en\en.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\en\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\es\es.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\es\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\fi\fi.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\fi\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\fr\fr.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\fr\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\it\it.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\it\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\jp\jp.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\jp\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\nl\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\nl\nl.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\no\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\no\no.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\ru\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\ru\ru.dll
c:\program files\Uniblue\SpeedUpMyPC\locale\se\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\se\se.dll
c:\program files\Uniblue\SpeedUpMyPC\Microsoft.VC90.CRT.manifest
c:\program files\Uniblue\SpeedUpMyPC\msvcp90.dll
c:\program files\Uniblue\SpeedUpMyPC\msvcr90.dll
c:\program files\Uniblue\SpeedUpMyPC\repair_transform.xsl
c:\program files\Uniblue\SpeedUpMyPC\sp_move_serial.exe
c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe
c:\program files\Uniblue\SpeedUpMyPC\spnotifier.exe
c:\program files\Uniblue\SpeedUpMyPC\sump.exe
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\comtypes.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\cwebpage.dll.html
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\decorator.py.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\ordereddict.py.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\py2exe.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\python-changes.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\python.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\simplejson.txt
c:\program files\Uniblue\SpeedUpMyPC\Third Party Terms\wmi.txt
c:\program files\Uniblue\SpeedUpMyPC\unins001.dat
c:\program files\Uniblue\SpeedUpMyPC\unins001.exe
c:\program files\Uniblue\SpeedUpMyPC\unins001.msg
c:\program files\Uniblue\SpeedUpMyPC\views.dat
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\dxywtrnc.sys
c:\windows\system32\drivers\fcwfdle.sys
c:\windows\system32\drivers\kckf.sys
c:\windows\Tasks\SpeedUpMyPC.job
c:\windows\Tasks\spmonitor.job
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EMGTXDXX
-------\Legacy_UMEFJUB
-------\Service_emgtxdxx
-------\Service_umefjub
-------\Legacy_essy
-------\Service_essy
.
.
((((((((((((((((((((((((( Files Created from 2012-11-27 to 2012-12-27 )))))))))))))))))))))))))))))))
.
.
2012-12-27 15:16 . 2012-12-27 15:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-24 22:46 . 2012-12-26 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-12-24 22:46 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-24 22:46 . 2012-12-24 22:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-21 12:46 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-15 22:40 . 2012-11-09 11:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 17:40 . 2012-08-28 17:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 17:40 . 2011-09-08 18:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2004-08-11 22:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 11:56 . 2010-08-17 12:29 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 11:53 . 2010-08-17 12:29 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 11:52 . 2010-08-17 12:29 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 11:52 . 2010-08-17 12:29 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 11:51 . 2007-06-01 01:05 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 11:50 . 2010-08-17 12:29 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 11:50 . 2007-06-01 01:05 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 11:49 . 2007-06-01 01:05 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 11:49 . 2010-08-17 12:29 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-06 00:41 . 2004-08-11 22:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2004-08-11 22:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-11 22:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-11 22:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04 . 2004-08-11 22:00 58368 ----a-w- c:\windows\system32\synceng.dll
.
<pre>
c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2012-08-16 04:18 343296 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"IndexSearch"="c:\paperport\IndexSearch.exe" [2007-03-14 46632]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-30 981656]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"InboxToolbar"="c:\program files\Inbox Toolbar\Inbox.exe" [2012-08-28 1647336]
"SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe" [2012-08-16 320000]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [N/A]
.
c:\documents and settings\Tom Gibson\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-9-29 333088]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [31/05/2007 7:39 PM 3456]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [17/08/2010 7:29 AM 91168]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15/06/2011 4:33 PM 249648]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [17/08/2010 7:29 AM 167784]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [17/08/2010 7:30 AM 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [17/08/2010 7:29 AM 167344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [24/12/2012 5:46 PM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [24/12/2012 5:46 PM 1369624]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27/12/2012 10:16 AM 40776]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [17/08/2010 7:29 AM 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [15/12/2012 5:40 PM 84432]
S2 gupdate1ca441de2e6d740;Google Update Service (gupdate1ca441de2e6d740);c:\program files\Google\Update\GoogleUpdate.exe [03/10/2009 6:37 AM 133104]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [24/12/2012 5:46 PM 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 PM 160944]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [07/07/2011 6:31 PM 195336]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [17/08/2010 7:29 AM 60480]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [26/10/2012 10:46 PM 146872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [05/09/2012 10:56 AM 234776]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [15/12/2012 5:40 PM 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [17/08/2010 7:29 AM 92192]
S4 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [17/08/2010 7:29 AM 167784]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 17:41]
.
2012-12-27 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-12-24 19:08]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 11:37]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 11:37]
.
2012-12-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-957248802-3589403475-1426994346-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-957248802-3589403475-1426994346-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-12-17 c:\windows\Tasks\ReclaimerUpdateXML_Tom Gibson.job
- c:\documents and settings\Tom Gibson\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-16 21:26]
.
2012-12-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-12-24 19:07]
.
2012-12-24 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-12-24 19:07]
.
2012-12-27 c:\windows\Tasks\User_Feed_Synchronization-{0271E082-F6B6-45EA-95F6-E86EB3446BB3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80556&lng=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-27 10:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,ae,32,ec,93,80,fa,4b,bb,e3,c9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,ae,32,ec,93,80,fa,4b,bb,e3,c9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(144)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2012-12-27 10:21:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-27 15:21
ComboFix2.txt 2012-12-26 20:06
.
Pre-Run: 133,205,229,568 bytes free
Post-Run: 133,263,597,568 bytes free
.
- - End Of File - - 51E786815BDA20CA5CA31A864E6E3BBF

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Second ComboFix Log resulting from your customized script - after I added the 2 lines you indicated
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 12-12-25.02 - Tom Gibson 27/12/2012 13:50:15.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.534 [GMT -5:00]
Running from: c:\documents and settings\Tom Gibson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom Gibson\Desktop\cfscript2.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\windows\system32\drivers\dxywtrnc.sys"
"c:\windows\system32\drivers\fcwfdle.sys"
"c:\windows\system32\drivers\kckf.sys"
"c:\windows\Tasks\SpeedUpMyPC.job"
"c:\windows\Tasks\spmonitor.job"
.
.
((((((((((((((((((((((((( Files Created from 2012-11-27 to 2012-12-27 )))))))))))))))))))))))))))))))
.
.
2012-12-27 18:59 . 2012-12-27 18:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-27 18:34 . 2012-12-27 18:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-27 18:34 . 2012-12-27 18:34 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-27 18:34 . 2012-12-27 18:34 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-24 22:46 . 2012-12-26 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-12-24 22:46 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-24 22:46 . 2012-12-24 22:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-21 12:46 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-15 22:40 . 2012-11-09 11:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-27 18:34 . 2010-05-23 12:15 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-11 17:40 . 2012-08-28 17:24 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 17:40 . 2011-09-08 18:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2004-08-11 22:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 11:56 . 2010-08-17 12:29 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 11:53 . 2010-08-17 12:29 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 11:52 . 2010-08-17 12:29 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 11:52 . 2010-08-17 12:29 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 11:51 . 2007-06-01 01:05 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 11:50 . 2010-08-17 12:29 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 11:50 . 2007-06-01 01:05 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 11:49 . 2007-06-01 01:05 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 11:49 . 2010-08-17 12:29 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-06 00:41 . 2004-08-11 22:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2004-08-11 22:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-11 22:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-11 22:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04 . 2004-08-11 22:00 58368 ----a-w- c:\windows\system32\synceng.dll
.
<pre>
c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2012-08-16 04:18 343296 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"IndexSearch"="c:\paperport\IndexSearch.exe" [2007-03-14 46632]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-30 981656]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"InboxToolbar"="c:\program files\Inbox Toolbar\Inbox.exe" [2012-08-28 1647336]
"SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe" [2012-08-16 320000]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [N/A]
.
c:\documents and settings\Tom Gibson\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-9-29 333088]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [31/05/2007 7:39 PM 3456]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [17/08/2010 7:29 AM 91168]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15/06/2011 4:33 PM 249648]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [17/08/2010 7:29 AM 167784]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [17/08/2010 7:30 AM 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [17/08/2010 7:29 AM 167344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [24/12/2012 5:46 PM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [24/12/2012 5:46 PM 1369624]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27/12/2012 1:59 PM 40776]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [17/08/2010 7:29 AM 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [15/12/2012 5:40 PM 84432]
S2 gupdate1ca441de2e6d740;Google Update Service (gupdate1ca441de2e6d740);c:\program files\Google\Update\GoogleUpdate.exe [03/10/2009 6:37 AM 133104]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [24/12/2012 5:46 PM 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 PM 160944]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [07/07/2011 6:31 PM 195336]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [17/08/2010 7:29 AM 60480]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [26/10/2012 10:46 PM 146872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [05/09/2012 10:56 AM 234776]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [15/12/2012 5:40 PM 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [17/08/2010 7:29 AM 92192]
S4 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [17/08/2010 7:29 AM 167784]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 17:41]
.
2012-12-27 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-12-24 19:08]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 11:37]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 11:37]
.
2012-12-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-957248802-3589403475-1426994346-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-957248802-3589403475-1426994346-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2012-12-17 c:\windows\Tasks\ReclaimerUpdateXML_Tom Gibson.job
- c:\documents and settings\Tom Gibson\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-16 21:26]
.
2012-12-26 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-12-24 19:07]
.
2012-12-24 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-12-24 19:07]
.
2012-12-27 c:\windows\Tasks\User_Feed_Synchronization-{0271E082-F6B6-45EA-95F6-E86EB3446BB3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80556&lng=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-27 14:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,ae,32,ec,93,80,fa,4b,bb,e3,c9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,ae,32,ec,93,80,fa,4b,bb,e3,c9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\sirenacm.dll
.
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2012-12-27 14:51:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-27 19:51
ComboFix2.txt 2012-12-27 15:21
ComboFix3.txt 2012-12-26 20:06
.
Pre-Run: 133,232,058,368 bytes free
Post-Run: 133,230,026,752 bytes free
.
- - End Of File - - C826C98E00A9DA2D647820EF1962698D


+++++++++++++++++++++++++++++++++++++
ADWCLEANER LOG (LATEST)
+++++++++++++++++++++++++++++++++++++

# AdwCleaner v2.103 - Logfile created 12/27/2012 at 17:12:02
# Updated 25/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Tom Gibson - D81CC1D1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Tom Gibson\Desktop\howie\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppGraffiti
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Inbox Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Found : HKCU\Software\Softonic
Key Found : HKU\S-1-5-21-957248802-3589403475-1426994346-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-957248802-3589403475-1426994346-1005\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Tom Gibson\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7701 octets] - [26/12/2012 15:21:24]
AdwCleaner[R2].txt - [7761 octets] - [26/12/2012 15:22:46]
AdwCleaner[R3].txt - [3734 octets] - [27/12/2012 17:12:02]
AdwCleaner[S1].txt - [7706 octets] - [27/12/2012 14:57:16]

########## EOF - C:\AdwCleaner[R3].txt - [3854 octets] ##########

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 AM

Posted 28 December 2012 - 10:13 AM

<pre>
c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon .exe
</pre>


The file was not replaced. Note that there is a space before .exe
Normally ComboFix will replace the file if the same file exist without the space such as Stsmon.exe

It may be a glitch or a remnant of a previous infection.

If you have any problem with your this monitor have a look at this article.

http://driver-list.org/dell-mfp-1125-status-monitor-driver/drivers-dell/dell-cluster-20/

Before you proceed with their recommendation lets have a look if you have a good copy on the Hard Drive.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    Stsmon.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please post the logs for my review.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 AM

Posted 04 January 2013 - 02:01 PM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users