Hello,

I have been dealing with a virus riddled computer for months now, and I'm looking to try to clean it up a bit. I have had Spybot Search and Destroy for over a year, and I have frequently done scans which have resulted in Smitfraud-C being brought up as a problem. I then attempt to correct it and delete the files, but it does no good. I'm aware that there are other threads regarding this topic, but I thought it would be a better idea to ask for help as my case might be different. I'm also afraid that there are various other viruses on my computer, but I'm unsure how to fix them.

Thank you for your time.

And I apologize for not posting my log in the first post. Thanks again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:33 AM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Bradford Networks\Client Security Agent\bncsaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Client Security Agent\bncsaui.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [mSpotAlltelRemix] "C:\Program Files\Alltel Music Connect\Remix\msptcmd.exe" /runcheck
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://vpn.cascadeng.com/XTSAC.cab
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://vpn.cascadeng.com/NELX.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Client Security Agent Service (BNPagent) - Bradford Networks - C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11863 bytes

hi shebeingbrand,

if you still need help, we will start with a download:

Please download Malwarebytes' Anti-Malware to your desktop:



http://www.malwarebytes.org/mbam.php



* Double-click mbam-setup.exe and follow the prompts to install the program.

* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform FULL SCAN, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt



please post the MBAM log in reply

Hello again,

Thank you for your assistance. I added the program but did not receive an update. Smithfraud didn't come up in the list, at least not by that name, however a bunch of other junk did (which is a relief to be rid of). Here is the log:

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/24/2008 11:18:04 PM
mbam-log-2008-12-24 (23-18-04).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 239020
Time elapsed: 1 hour(s), 40 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00ebb3b3-dead-4440-b1f8-b09dddb89ef3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tapee (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tapee (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tapee (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tapee (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trcTMP (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\slNew (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iTmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Vb1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xcsDd01 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drivers\tapee.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\lbcd64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda Joseph\Local Settings\Temp\winvsnet.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda Joseph\Local Settings\Temp\nsi112.tmp\ns114.tmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda Joseph\Local Settings\Temp\nso2B8.tmp\ns2BA.tmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda Joseph\Local Settings\Temp\nsp1B.tmp\ns1D.tmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda Joseph\Local Settings\Temp\nsp5A.tmp\ns5C.tmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster\asm.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster\del.bat (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lbbd32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda Joseph\Local Settings\Temp\pey6FC.tmp (Backdoor.ProRat) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda Joseph\Local Settings\Temp\opr29D.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda Joseph\Local Settings\Temp\opr4CE.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amanda Joseph\Local Settings\Temp\laf42.tmp (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on reboot.

hi,

ok good.


I added the program but did not receive an update
when you start MBAM, there is a tab that says "update" try that and this is how you will have to do it all the time. Its dosnt update automatically except once during the install process.
if updates install please re-run MBAM once more.

after the above, we will get another download to use. Its called combofix. there is a guide you should read before using it. Looks like a lot but really there is a lot of pictures. Read the guide, download and follow the prompts. post the combofix log in your reply.

the guide:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Here's the ComboFix log:

ComboFix 08-12-24.01 - Amanda Joseph 2008-12-25 11:00:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.395 [GMT -5:00]
Running from: c:\documents and settings\Amanda Joseph\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\system32\mvx.dat

.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-25 09:38 . 2008-12-25 09:38 <DIR> d-------- c:\program files\Seagate
2008-12-25 09:38 . 2008-12-25 09:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Seagate
2008-12-25 09:36 . 2008-12-25 09:36 <DIR> d--hs---- c:\windows\ftpcache
2008-12-24 21:18 . 2008-12-24 21:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-24 21:18 . 2008-12-24 21:18 <DIR> d-------- c:\documents and settings\Amanda Joseph\Application Data\Malwarebytes
2008-12-24 21:18 . 2008-12-24 21:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-24 21:18 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-24 21:18 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-25 22:27 . 2008-11-25 22:55 <DIR> d-------- c:\documents and settings\Amanda Joseph\Alltel Music Connect
2008-11-25 22:25 . 2008-11-25 22:31 <DIR> d-------- c:\program files\Alltel Music Connect

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 15:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 14:31 --------- d-----w c:\documents and settings\Amanda Joseph\Application Data\AVG7
2008-12-25 13:59 --------- d-----w c:\documents and settings\Amanda Joseph\Application Data\U3
2008-12-16 06:55 --------- d-----w c:\program files\Trend Micro
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-06-26 15:10 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-06-26 15:10 125,848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-12-25 04:57 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-25 04:57 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-25 04:57 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-25 04:57 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-25 04:57 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-08-21 18:04 56 --sh--r c:\windows\system32\BFF4FD03FD.sys
2006-07-07 23:02 88 --sh--r c:\windows\system32\FD03FDF4BF.sys
2006-08-21 18:04 6,580 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-07-29 14:09 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072920080730\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"mSpotAlltelRemix"="c:\program files\Alltel Music Connect\Remix\msptcmd.exe" [2008-06-13 1531904]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-04-29 158624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-24 282624]
"bncsaui.exe"="c:\program files\Bradford Networks\Client Security Agent\bncsaui.exe" [2008-02-23 1924488]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-24 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2005-08-25 1474635]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-08-25 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]

[X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 10:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 05:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 03:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 10:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 02:24 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-24 02:24 282624 c:\program files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Bradford Networks\Client Security Agent\bndaemon.exe"= c:\program files\Bradford Networks\Client Security Agent\bndaemon.exe
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 BNPagent;Client Security Agent Service;"c:\program files\Bradford Networks\Client Security Agent\bndaemon.exe" [2008-02-23 2645384]
R2 FreeAgentGoNext Service;Seagate Service;"c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe" [2008-10-28 156968]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
S3 Hide;Hide;\??\c:\windows\system32\drivers\systemin.sys []
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2008-01-16 19376]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25e3d87f-8e6e-11dd-9218-001422a43742}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{391bc0f8-73b7-11dd-91f6-001422a43742}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{585da748-35fc-11db-9045-00038a000015}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86fe4256-0654-11dd-91b9-001422a43742}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a75b7101-a420-11dc-915b-00166f72850a}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b79b0f7d-7dc4-11dd-9201-001422a43742}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb1e80e6-f053-11dc-91b4-00166f72850a}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cad1b197-d23c-11dd-9243-001422a43742}]
\Shell\AutoRun\command - E:\InstallSeagateManager.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d884127f-bf36-11dd-923a-001422a43742}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - FREEAGENTGONEXT_SERVICE
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-MMTray - c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
MSConfigStartUp-OE_OEM - c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
MSConfigStartUp-pccguide - c:\program files\Trend Micro\Internet Security 12\pccguide.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\xTSAC.ocx - O16 -: {44C1E3A2-B594-401C-B27A-D1B4476E4797}
hxxps://vpn.cascadeng.com/XTSAC.cab
c:\windows\Downloaded Program Files\XTSAC.inf

c:\windows\Downloaded Program Files\NELaunchX.dll - O16 -: {6EEFD7B1-B26C-440D-B55A-1EC677189F30}
hxxps://vpn.cascadeng.com/NELX.cab
c:\windows\Downloaded Program Files\NELaunchX.inf
FF - ProfilePath - c:\documents and settings\Amanda Joseph\Application Data\Mozilla\Firefox\Profiles\x53tx8vr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 11:07:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1124)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2008-12-25 11:09:12
ComboFix-quarantined-files.txt 2008-12-25 16:08:35

Pre-Run: 30,725,947,392 bytes free
Post-Run: 37,094,772,736 bytes free

241 --- E O F --- 2008-12-18 08:01:45

hi,

ok looking good. we will upload two files to get checked out. first to help show all files you can do this:

FOr XP: on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

navigate to the C:/windows/system 32 dir. and see if you can spot these two:

BFF4FD03FD.sys
FD03FDF4BF.sys

if so. you can go to the website below and browse for them again on your computer and then upload them by clicking the send button. they will be scanned. you can copy/paste the results in your reply. Hows it all looking on your end now?

the website:
http://www.virustotal.com/

Things are looking ten times better on my end. I'm able to allow Internet Explorer to work online without being bombarded with popups and such bombarding me. It's also working faster. You guys are wonderful. Here are the results from the scan:

File BFF4FD03FD.sys received on 12.28.2008 02:58:17 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.28 -
AhnLab-V3 2008.12.25.0 2008.12.27 -
AntiVir 7.9.0.45 2008.12.27 -
Authentium 5.1.0.4 2008.12.27 -
Avast 4.8.1281.0 2008.12.27 -
AVG 8.0.0.199 2008.12.28 -
BitDefender 7.2 2008.12.28 -
CAT-QuickHeal 10.00 2008.12.27 -
ClamAV 0.94.1 2008.12.27 -
Comodo 826 2008.12.27 -
DrWeb 4.44.0.09170 2008.12.28 -
eSafe 7.0.17.0 2008.12.24 -
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.27 -
F-Prot 4.4.4.56 2008.12.27 -
F-Secure 8.0.14332.0 2008.12.28 -
Fortinet 3.117.0.0 2008.12.27 -
GData 19 2008.12.28 -
Ikarus T3.1.1.45.0 2008.12.28 -
K7AntiVirus 7.10.568 2008.12.27 -
Kaspersky 7.0.0.125 2008.12.28 -
McAfee 5476 2008.12.27 -
McAfee+Artemis 5476 2008.12.27 -
Microsoft 1.4205 2008.12.28 -
NOD32 3719 2008.12.27 -
Norman 5.80.02 2008.12.26 -
Panda 9.0.0.4 2008.12.27 -
PCTools 4.4.2.0 2008.12.27 -
Prevx1 V2 2008.12.28 -
Rising 21.09.52.00 2008.12.27 -
SecureWeb-Gateway 6.7.6 2008.12.27 -
Sophos 4.37.0 2008.12.27 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.28 -
TheHacker 6.3.1.4.200 2008.12.26 -
TrendMicro 8.700.0.1004 2008.12.26 -
VBA32 3.12.8.10 2008.12.27 -
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.27 -
Additional information
File size: 56 bytes
MD5...: a110bfdc4bd117de509803affebb3fcd
SHA1..: 38613ac397a28c510739a3f3897cc06200b28a3b
SHA256: 3932c4abbcf51a6c612f5c47065fcb1bb737eab7da805ed0f8cf8fd6526902d8
SHA512: 7d42dafa972f80f3ed9fca194d45d4beba161fe19520b15ae85f4348653879b2
9eb7bca77c8232c7455a3124babd438f2347c1148ba720bc6598ba0446cb1847
ssdeep: 3:/ls6z3P/tMYXXnn:GYXvnn
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -

---------

File FD03FDF4BF.sys received on 12.28.2008 03:02:10 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.28 -
AhnLab-V3 2008.12.25.0 2008.12.27 -
AntiVir 7.9.0.45 2008.12.27 -
Authentium 5.1.0.4 2008.12.27 -
Avast 4.8.1281.0 2008.12.27 -
AVG 8.0.0.199 2008.12.28 -
BitDefender 7.2 2008.12.28 -
CAT-QuickHeal 10.00 2008.12.27 -
ClamAV 0.94.1 2008.12.27 -
Comodo 826 2008.12.27 -
DrWeb 4.44.0.09170 2008.12.28 -
eSafe 7.0.17.0 2008.12.24 -
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.27 -
F-Prot 4.4.4.56 2008.12.27 -
F-Secure 8.0.14332.0 2008.12.28 -
Fortinet 3.117.0.0 2008.12.27 -
GData 19 2008.12.28 -
Ikarus T3.1.1.45.0 2008.12.28 -
K7AntiVirus 7.10.568 2008.12.27 -
Kaspersky 7.0.0.125 2008.12.28 -
McAfee 5476 2008.12.27 -
McAfee+Artemis 5476 2008.12.27 -
Microsoft 1.4205 2008.12.28 -
NOD32 3719 2008.12.27 -
Norman 5.80.02 2008.12.26 -
Panda 9.0.0.4 2008.12.27 -
PCTools 4.4.2.0 2008.12.27 -
Prevx1 V2 2008.12.28 -
Rising 21.09.52.00 2008.12.27 -
SecureWeb-Gateway 6.7.6 2008.12.27 -
Sophos 4.37.0 2008.12.27 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.28 -
TheHacker 6.3.1.4.200 2008.12.26 -
TrendMicro 8.700.0.1004 2008.12.26 -
VBA32 3.12.8.10 2008.12.27 -
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.27 -
Additional information
File size: 88 bytes
MD5...: 3cff9be588bf933e33b12ee3dd60d549
SHA1..: a6919a257bea35321320f4a3cd9e115e5fcefde3
SHA256: 32155e3ee5fba093c0756341640315e4006235cc8bda3455858f09321b29fc9a
SHA512: db927433b1cab9e5eaf5cae6c48430a54cd03023329bc4ed7e6af9303d8d1b91
4c702820a203a0a5ce49fb8ccd3b59238d81024641eb2273ecf53d6b50fd3d25
ssdeep: 3:hl/L/qiEg:fqg
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -

hi,

ok good. thanks for the info. we will leave those two files you uploaded.
you can remove combofix like this:

staart>run and type in combofix /u
click ok or enter
note:there is a space after the x and before the /

you where able to get MBAM to update? You can do another scan of your computer if so.