View Full Version : Redirect problem
I posted previously that when i ran spybot it would not fix my problems because of a host error. here is my hijack this report
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:09:05 PM, on 12/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?gcht=HD&o=101676&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/3000desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/3000desktop
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Remote Access Alert (RASCC) - Unknown owner - C:\WINDOWS\repair\rasmvc.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
DDS (Ver_09-09-29.01) - NTFSx86
Run by Allen Brown at 10:20:34.67 on Wed 08/26/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.991.175 [GMT -4:00]
AV: System Defender *On-access scanning enabled* (Updated) {1C592660-60A7-437E-A4DC-F865260696D9}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: System Defender *enabled* {BD99A7B7-4193-4847-9772-52E81797D6E5}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Allen Brown\My Documents\Downloads\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://facebook.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.lenovo.com/welcome/3000desktop
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [EarthLink Installer] " /C
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxyyxuUn
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\allenb~1\applic~1\mozilla\firefox\profiles\i1uvtllw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-21 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-11-21 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-11-21 144704]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2009-11-21 3968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-8 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-11-21 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-21 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-21 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-21 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-21 40552]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-11-22 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBLF.SYS [2006-11-22 9216]
S2 0037351261520966mcinstcleanup;McAfee Application Installer Cleanup (0037351261520966);c:\windows\temp\003735~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\003735~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 135664]
S2 RASCC;Remote Access Alert;"c:\windows\repair\rasmvc.exe" --> c:\windows\repair\rasmvc.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
=============== Created Last 30 ================
2009-08-19 18:07 1,415,000 a------- c:\windows\system32\msxml6.dll
2009-07-29 00:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
==================== Find3M ====================
2009-08-26 04:16 247,326 -------- c:\windows\system32\strmdll.dll
2009-08-26 04:16 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-25 05:47 352,256 a------- c:\windows\system32\winhttp.dll
2009-08-25 05:47 352,256 -------- c:\windows\system32\dllcache\winhttp.dll
2009-08-21 05:46 450,560 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-06 20:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 20:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 20:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 20:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 20:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 20:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 20:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 20:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 20:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 05:11 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 08:51 2,185,984 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 08:49 2,142,720 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 08:49 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 08:02 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-04 08:02 2,020,864 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 08:02 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-31 00:57 1,172,480 a------- c:\windows\system32\msxml3.dll
2009-07-31 00:57 1,172,480 -------- c:\windows\system32\dllcache\msxml3.dll
2009-07-29 00:53 119,808 -------- c:\windows\system32\t2embed.dll
2009-07-29 00:53 82,432 -------- c:\windows\system32\fontsub.dll
2009-07-29 00:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-21 01:05 1,348,432 a------- c:\windows\system32\msxml4.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-17 12:27 1,435,648 -------- c:\windows\system32\query.dll
2009-07-17 12:27 1,435,648 -------- c:\windows\system32\dllcache\query.dll
2009-07-16 13:32 120,136 -------- c:\windows\system32\drivers\Mpfp.sys
2009-07-14 00:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-14 00:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-14 00:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-25 04:17 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:17 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 04:17 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:17 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 04:17 729,600 -------- c:\windows\system32\lsasrv.dll
2009-06-25 04:17 729,600 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:17 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:17 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:17 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 04:17 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 07:35 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-21 18:04 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-06-12 07:50 76,288 -------- c:\windows\system32\telnet.exe
2009-06-12 07:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:21 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 10:21 84,992 -------- c:\windows\system32\avifil32.dll
2009-06-10 02:26 134,144 -------- c:\windows\system32\wkssvc.dll
2009-06-10 02:26 134,144 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-05 03:42 655,872 -------- c:\windows\system32\mstscax.dll
2009-06-05 03:42 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-03 15:27 1,290,752 -------- c:\windows\system32\quartz.dll
2009-06-03 15:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll
2009-04-26 20:43 32 -----r-- c:\documents and settings\all users\hash.dat
2007-04-24 09:37 168 ---shr-- c:\windows\system32\C21DAF5460.sys
2007-04-24 09:37 12,000 ---sh--- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 10:21:36.51 ===============
I ran the GMER and it finished but before i could copy it my computer restarted. Should i run it again or not?
Hi,
Let's leave GMER scan till later if needed.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
ComboFix 09-12-25.05 - Allen Brown 08/26/2009 11:14:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.991.590 [GMT -4:00]
Running from: c:\documents and settings\Allen Brown\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Allen Brown\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\recycler\S-1-5-21-3914436683-3740601846-1717927738-1003
c:\windows\run.log
c:\windows\system32\config\systemprofile\Application Data\System Defender
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\PCLECoInst.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\Temp\0037351261520966mcinst.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.
2009-12-22 17:07 . 2009-12-22 17:07 -------- d-----w- c:\program files\TrendMicro
2009-12-22 15:38 . 2009-12-22 16:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-22 15:38 . 2009-12-22 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-22 14:21 . 2009-12-22 14:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-12-22 14:17 . 2009-12-22 14:17 -------- d-----w- c:\documents and settings\Allen Brown\Local Settings\Application Data\Temp
2009-12-22 14:17 . 2009-12-22 14:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-22 14:16 . 2009-12-22 14:18 -------- d-----w- c:\program files\Google
2009-12-22 14:16 . 2009-12-22 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-09 04:55 . 2009-12-09 04:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-12-04 15:21 . 2009-12-04 15:21 -------- d-----w- c:\program files\MSBuild
2009-12-04 15:20 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-04 15:20 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-04 15:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-04 15:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-04 15:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-04 15:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-04 15:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-04 15:20 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-04 15:20 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-04 15:20 . 2009-12-04 15:20 -------- d-----w- C:\fc51013803db7a4aa114fe26ad
2009-12-04 15:17 . 2009-12-04 15:17 -------- d-----w- c:\program files\MSXML 6.0
2009-12-04 03:54 . 2009-12-04 04:12 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-04 00:10 . 2009-12-04 00:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-04 00:09 . 2009-12-04 00:09 152576 ----a-w- c:\documents and settings\Allen Brown\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-04 00:09 . 2009-12-04 00:09 79488 ----a-w- c:\documents and settings\Allen Brown\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-03 20:05 . 2007-10-23 14:27 110592 ----a-w- c:\documents and settings\Allen Brown\Application Data\U3\temp\cleanup.exe
2009-12-03 20:02 . 2009-12-03 20:02 -------- d-----w- c:\program files\MSXML 4.0
2009-12-03 19:16 . 2008-05-02 15:41 3493888 ---ha-w- c:\documents and settings\Allen Brown\Application Data\U3\temp\Launchpad Removal.exe
2009-12-03 02:19 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-03 02:19 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-03 02:18 . 2009-03-06 14:44 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2009-12-03 02:18 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-12-03 02:18 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-12-03 02:18 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-12-03 02:18 . 2009-02-06 17:14 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-12-03 02:18 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-03 02:18 . 2009-02-09 10:20 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-12-03 02:18 . 2009-02-09 10:20 616960 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-12-03 02:18 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-03 02:17 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-03 02:16 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-12-03 02:15 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-12-03 02:15 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-02 18:26 . 2009-12-02 18:26 -------- d-----w- c:\program files\Common Files\Apple
2009-12-02 18:26 . 2009-12-02 18:26 -------- d-----w- c:\documents and settings\Allen Brown\Local Settings\Application Data\Apple
2009-12-02 18:25 . 2009-12-02 18:25 -------- d-----w- c:\program files\Apple Software Update
2009-12-02 18:25 . 2009-12-02 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-22 00:46 . 2009-11-22 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-11-22 00:46 . 2009-11-22 00:46 -------- d-----w- c:\program files\SiteAdvisor
2009-11-22 00:44 . 2009-11-04 21:54 40552 ------w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-22 00:44 . 2009-11-04 21:54 35272 ------w- c:\windows\system32\drivers\mfebopk.sys
2009-11-22 00:44 . 2009-11-04 21:54 79816 ------w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-22 00:43 . 2009-07-16 17:32 120136 ------w- c:\windows\system32\drivers\Mpfp.sys
2009-11-22 00:43 . 2009-11-22 00:43 -------- d-----w- c:\program files\McAfee.com
2009-11-22 00:42 . 2009-11-04 21:53 34248 ------w- c:\windows\system32\drivers\mferkdk.sys
2009-11-22 00:38 . 2009-11-22 01:04 -------- d-sh--r- C:\RRbackups
2009-11-22 00:28 . 2009-11-22 00:28 -------- d-----w- c:\program files\TVT SMBus
2009-11-22 00:28 . 2009-11-22 00:28 -------- d-----w- c:\program files\SMI2
2009-11-21 20:55 . 2009-11-21 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\aece3
2009-11-21 20:54 . 2009-11-21 20:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WSDDSys
2009-11-21 20:42 . 2009-11-22 00:54 -------- d-sh--w- c:\documents and settings\All Users\e5a5b3a
2009-11-04 21:54 . 2009-11-04 21:54 214664 ------w- c:\windows\system32\drivers\mfehidk.sys
2009-10-24 14:06 . 2009-11-21 23:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2009-10-23 22:17 . 2009-11-21 23:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-21 06:00 . 2009-10-21 06:00 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 06:00 . 2009-10-21 06:00 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 14:58 . 2009-10-20 14:58 263552 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:53 . 2009-10-13 10:53 266752 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:54 . 2009-10-12 13:54 69632 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-12 13:54 . 2009-10-12 13:54 112128 ------w- c:\windows\system32\dllcache\rastls.dll
2009-09-29 03:53 . 2009-11-21 23:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-21 23:10 . 2009-12-17 13:08 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\U3
2009-09-05 23:08 . 2009-11-21 23:18 -------- d-----w- c:\documents and settings\Allen Brown\Local Settings\Application Data\TVU Networks
2009-09-05 23:08 . 2009-11-21 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-09-05 22:43 . 2009-11-21 23:25 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Move Networks
2009-09-05 05:27 . 2009-11-21 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-09-05 01:57 . 2009-11-21 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-09-04 20:45 . 2009-09-04 20:45 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-09-03 00:48 . 2009-11-21 23:18 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\DivX
2009-08-19 22:07 . 2009-08-19 22:07 1415000 ----a-w- c:\windows\system32\msxml6.dll
2009-08-19 14:19 . 2009-11-21 23:27 -------- d-----w- c:\program files\Adobe Media Player
2009-07-29 04:53 . 2009-07-29 04:53 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 04:59 . 2006-11-22 21:39 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-12-04 15:28 . 2009-12-04 15:27 -------- d-----w- c:\documents and settings\Guest.LENOVO-4AE000F0\Application Data\Lenovo
2009-12-04 15:21 . 2006-12-29 21:46 18464 ----a-w- c:\documents and settings\Allen Brown\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 15:10 . 2006-11-22 21:29 -------- d-----w- c:\program files\PCDR5
2009-12-02 18:27 . 2009-04-07 19:52 -------- d-----w- c:\program files\QuickTime
2009-12-02 18:26 . 2007-01-17 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-22 13:45 . 2009-03-09 04:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-22 01:06 . 2006-11-22 21:25 -------- d-----w- c:\program files\InterVideo
2009-11-22 01:06 . 2006-11-22 21:14 -------- d-----w- c:\program files\CONEXANT
2009-11-22 01:06 . 2006-11-22 21:25 -------- d-----w- c:\program files\Common Files\InterVideo
2009-11-22 01:05 . 2007-03-06 14:31 -------- d-----w- c:\documents and settings\Zack\Application Data\Apple Computer
2009-11-22 01:05 . 2007-03-06 14:31 -------- d-----w- c:\documents and settings\Zack\Application Data\HP
2009-11-22 01:05 . 2007-02-02 20:48 -------- d-----w- c:\documents and settings\Zack\Application Data\Corel
2009-11-22 01:05 . 2007-01-12 07:14 -------- d-----w- c:\documents and settings\Zack\Application Data\acccore
2009-11-22 01:05 . 2006-12-24 20:19 -------- d-----w- c:\documents and settings\Zack\Application Data\ThinkVantage
2009-11-22 00:49 . 2009-03-09 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-22 00:45 . 2009-03-09 04:46 -------- d-----w- c:\program files\McAfee
2009-11-22 00:43 . 2009-03-09 04:46 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-22 00:28 . 2006-11-22 21:39 23552 ------w- c:\windows\system32\drivers\psasrv.exe
2009-11-22 00:28 . 2006-07-12 00:52 17536 ------w- c:\windows\system32\drivers\psadd.sys
2009-11-22 00:23 . 2007-01-15 03:36 -------- d-----w- c:\program files\Pinnacle
2009-11-21 23:41 . 2009-03-08 17:13 -------- d-----w- c:\documents and settings\Zack\Application Data\Lenovo
2009-11-21 23:41 . 2006-12-24 19:33 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Lenovo
2009-11-21 23:41 . 2006-11-22 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lenovo
2009-11-21 23:37 . 2006-12-30 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TaskMgr
2009-11-21 23:35 . 2006-11-22 21:17 -------- d-----w- c:\program files\Windows Media Connect
2009-11-21 23:34 . 2007-05-10 19:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-21 23:32 . 2007-07-13 11:48 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Ventrilo
2009-11-21 23:31 . 2007-08-08 10:42 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Sites
2009-11-21 23:31 . 2007-08-08 10:42 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\SiteClasses
2009-11-21 23:31 . 2008-01-29 10:41 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Media Player Classic
2009-11-21 23:31 . 2008-08-30 01:15 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\FrostWire
2009-11-21 23:31 . 2007-06-03 09:28 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\gtk-2.0
2009-11-21 23:31 . 2007-01-12 02:00 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Image Zone Express
2009-11-21 23:31 . 2007-08-08 10:42 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Dynamic
2009-11-21 23:31 . 2007-01-15 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-11-21 23:26 . 2009-06-26 00:43 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\yoclient
2009-11-21 23:25 . 2008-04-29 20:23 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\vlc
2009-11-21 23:25 . 2007-06-02 12:24 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\LimeWire
2009-11-21 23:25 . 2007-07-13 12:48 -------- d--h--w- c:\documents and settings\Allen Brown\Application Data\ijjigame
2009-11-21 23:25 . 2007-07-13 07:03 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Download Manager
2009-11-21 23:21 . 2009-03-31 20:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-11-21 23:20 . 2006-12-25 02:36 -------- d-----w- c:\program files\Viewpoint
2009-11-21 23:20 . 2007-10-07 02:00 -------- d-----w- c:\program files\Reference Assemblies
2009-11-21 23:20 . 2008-11-02 18:39 -------- d-----w- c:\program files\NCH Software
2009-11-21 23:20 . 2008-11-02 18:38 -------- d-----w- c:\program files\NCH Swift Sound
2009-11-21 23:20 . 2007-07-13 08:15 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-21 23:19 . 2006-11-22 21:24 -------- d-----w- c:\program files\Java
2009-11-21 23:19 . 2009-03-31 20:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore
2009-11-21 23:17 . 2008-06-28 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit
2009-11-21 23:17 . 2007-07-13 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-11-21 23:17 . 2006-12-25 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-11-21 23:17 . 2009-01-15 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-11-21 23:17 . 2008-11-02 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-11-21 23:17 . 2009-03-09 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-11-21 23:17 . 2009-07-22 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-11-21 23:17 . 2006-12-25 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-11-21 23:07 . 2006-11-22 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Borland
2009-11-21 23:03 . 2006-11-22 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 22:56 . 2006-12-25 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-11-21 22:53 . 2007-01-15 08:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-12 02:04 . 2008-11-17 13:17 1 ------w- c:\documents and settings\Allen Brown\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-30 20:11 . 2009-01-07 23:28 2256 ------w- c:\windows\current_settings.bin
2009-10-29 05:04 . 2006-04-30 05:11 668672 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2006-04-30 05:11 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2006-04-30 05:10 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 23:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2006-04-30 05:11 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2006-04-30 05:11 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2006-04-30 05:11 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-25 05:48 . 2006-04-30 05:10 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:03 . 2006-04-30 05:11 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2006-04-30 05:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2006-04-30 05:11 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-25 09:47 . 2006-04-30 05:11 352256 ----a-w- c:\windows\system32\winhttp.dll
2009-08-07 00:24 . 2006-04-30 05:32 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2006-04-30 05:32 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2006-04-30 05:32 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 12:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2006-04-30 05:32 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2006-04-30 05:10 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2006-04-30 05:32 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2007-01-16 15:57 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2006-04-30 05:32 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 00:23 . 2005-05-26 12:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:11 . 2006-04-30 05:11 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 12:49 . 2006-04-30 05:10 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:02 . 2004-08-03 22:59 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-31 04:57 . 2006-04-30 05:11 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-29 04:53 . 2006-04-30 05:11 119808 ------w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2006-04-30 05:10 82432 ------w- c:\windows\system32\fontsub.dll
2009-07-22 00:42 . 2009-07-22 00:42 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-07-21 05:05 . 2009-07-21 05:05 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-17 18:55 . 2006-04-30 05:10 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:27 . 2006-04-30 05:11 1435648 ------w- c:\windows\system32\query.dll
2009-07-14 04:43 . 2006-04-30 05:11 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:17 . 2006-04-30 05:11 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:17 . 2006-04-30 05:11 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:17 . 2006-04-30 05:11 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:17 . 2006-04-30 05:10 729600 ------w- c:\windows\system32\lsasrv.dll
2007-04-24 13:37 . 2006-12-30 05:48 168 --sh--r- c:\windows\system32\C21DAF5460.sys
2007-04-24 13:37 . 2006-12-30 05:48 12000 --sh--w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
"nwiz"="nwiz.exe" [2006-03-02 1519616]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-04 149280]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 507904]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2005-06-13 192512]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/21/2009 8:45 PM 93320]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [11/21/2009 8:28 PM 3968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/8/2007 4:25 PM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 10:17 AM 135664]
S2 RASCC;Remote Access Alert;"c:\windows\repair\rasmvc.exe" --> c:\windows\repair\rasmvc.exe [?]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://facebook.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Allen Brown\Application Data\Mozilla\Firefox\Profiles\i1uvtllw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-USB2Check - c:\windows\system32\PCLECoInst.dll
HKLM-Run-EarthLink Installer - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 11:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(664)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\Pelmiced.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-08-26 11:23:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-26 15:23
Pre-Run: 193,335,545,856 bytes free
Post-Run: 194,265,903,104 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 656A027A86398D7343476846495AB249
Post a fresh dds log too, please. Is redirecting still occuring (both Internet Explorer and Firefox)?
It is no longer doing the redirection. Should i still post the dds?
And you have no idea how much i appreciate your help.
Please post it still. Shall see if there's something else that should be removed :)
DDS (Ver_09-09-29.01) - NTFSx86
Run by Allen Brown at 13:08:27.89 on Wed 08/26/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.991.515 [GMT -4:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Allen Brown\My Documents\Downloads\dds.com
C:\WINDOWS\system32\wscntfy.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://facebook.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\allenb~1\applic~1\mozilla\firefox\profiles\i1uvtllw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-11-21 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-11-21 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-11-21 144704]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2009-11-21 3968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-8 24652]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-11-21 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-21 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-21 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-21 40552]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-11-22 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBLF.SYS [2006-11-22 9216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 135664]
S2 RASCC;Remote Access Alert;"c:\windows\repair\rasmvc.exe" --> c:\windows\repair\rasmvc.exe [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-21 34248]
=============== Created Last 30 ================
2009-08-26 11:12 <DIR> a-dshr-- C:\cmdcons
2009-08-26 11:10 261,632 a------- c:\windows\PEV.exe
2009-08-26 11:10 161,792 a------- c:\windows\SWREG.exe
2009-08-26 11:10 98,816 a------- c:\windows\sed.exe
2009-08-26 11:10 77,312 a------- c:\windows\MBR.exe
2009-08-19 18:07 1,415,000 a------- c:\windows\system32\msxml6.dll
2009-07-29 00:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
==================== Find3M ====================
2009-08-26 04:16 247,326 -------- c:\windows\system32\strmdll.dll
2009-08-26 04:16 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-25 05:47 352,256 a------- c:\windows\system32\winhttp.dll
2009-08-25 05:47 352,256 -------- c:\windows\system32\dllcache\winhttp.dll
2009-08-21 05:46 450,560 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-06 20:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 20:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 20:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 20:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 20:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 20:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 20:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 20:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 20:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 05:11 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 08:51 2,185,984 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 08:49 2,142,720 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 08:49 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 08:02 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-04 08:02 2,020,864 -------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 08:02 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-31 00:57 1,172,480 a------- c:\windows\system32\msxml3.dll
2009-07-31 00:57 1,172,480 -------- c:\windows\system32\dllcache\msxml3.dll
2009-07-29 00:53 119,808 -------- c:\windows\system32\t2embed.dll
2009-07-29 00:53 82,432 -------- c:\windows\system32\fontsub.dll
2009-07-29 00:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-21 01:05 1,348,432 a------- c:\windows\system32\msxml4.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-17 12:27 1,435,648 -------- c:\windows\system32\query.dll
2009-07-17 12:27 1,435,648 -------- c:\windows\system32\dllcache\query.dll
2009-07-16 13:32 120,136 -------- c:\windows\system32\drivers\Mpfp.sys
2009-07-14 00:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-14 00:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-14 00:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-25 04:17 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:17 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 04:17 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:17 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 04:17 729,600 -------- c:\windows\system32\lsasrv.dll
2009-06-25 04:17 729,600 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:17 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:17 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:17 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 04:17 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 07:35 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-21 18:04 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-06-12 07:50 76,288 -------- c:\windows\system32\telnet.exe
2009-06-12 07:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:21 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 10:21 84,992 -------- c:\windows\system32\avifil32.dll
2009-06-10 02:26 134,144 -------- c:\windows\system32\wkssvc.dll
2009-06-10 02:26 134,144 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-05 03:42 655,872 -------- c:\windows\system32\mstscax.dll
2009-06-05 03:42 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-03 15:27 1,290,752 -------- c:\windows\system32\quartz.dll
2009-06-03 15:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll
2009-04-26 20:43 32 -----r-- c:\documents and settings\all users\hash.dat
2007-04-24 09:37 168 ---shr-- c:\windows\system32\C21DAF5460.sys
2007-04-24 09:37 12,000 ---sh--- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 13:09:29.17 ===============
This is the attach if needed
Hi again,
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Open notepad and copy/paste the text in the quotebox below into it:
Driver::
RASCC
DDS::
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
File::
c:\windows\repair\rasmvc.exe
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Uninstall these vulnerable Javas:
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
ComboFix 09-12-25.05 - Allen Brown 08/26/2009 13:55:39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.991.592 [GMT -4:00]
Running from: c:\documents and settings\Allen Brown\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Allen Brown\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FILE ::
"c:\windows\repair\rasmvc.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RASCC
-------\Service_RASCC
((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.
2009-12-22 17:07 . 2009-12-22 17:07 -------- d-----w- c:\program files\TrendMicro
2009-12-22 15:38 . 2009-12-22 16:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-22 15:38 . 2009-12-22 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-22 14:21 . 2009-12-22 14:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-12-22 14:17 . 2009-12-22 14:17 -------- d-----w- c:\documents and settings\Allen Brown\Local Settings\Application Data\Temp
2009-12-22 14:17 . 2009-12-22 14:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-22 14:16 . 2009-12-22 14:18 -------- d-----w- c:\program files\Google
2009-12-22 14:16 . 2009-12-22 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-09 04:55 . 2009-12-09 04:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-12-04 15:21 . 2009-12-04 15:21 -------- d-----w- c:\program files\MSBuild
2009-12-04 15:20 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-04 15:20 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-04 15:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-04 15:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-04 15:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-04 15:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-04 15:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-04 15:20 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-04 15:20 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-04 15:20 . 2009-12-04 15:20 -------- d-----w- C:\fc51013803db7a4aa114fe26ad
2009-12-04 15:17 . 2009-12-04 15:17 -------- d-----w- c:\program files\MSXML 6.0
2009-12-04 03:54 . 2009-12-04 04:12 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-12-04 00:10 . 2009-12-04 00:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-04 00:09 . 2009-12-04 00:09 152576 ----a-w- c:\documents and settings\Allen Brown\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-04 00:09 . 2009-12-04 00:09 79488 ----a-w- c:\documents and settings\Allen Brown\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-03 20:05 . 2007-10-23 14:27 110592 ----a-w- c:\documents and settings\Allen Brown\Application Data\U3\temp\cleanup.exe
2009-12-03 20:02 . 2009-12-03 20:02 -------- d-----w- c:\program files\MSXML 4.0
2009-12-03 19:16 . 2008-05-02 15:41 3493888 ---ha-w- c:\documents and settings\Allen Brown\Application Data\U3\temp\Launchpad Removal.exe
2009-12-03 02:19 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-03 02:19 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-03 02:18 . 2009-03-06 14:44 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2009-12-03 02:18 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-12-03 02:18 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-12-03 02:18 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-12-03 02:18 . 2009-02-06 17:14 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-12-03 02:18 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-03 02:18 . 2009-02-09 10:20 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-12-03 02:18 . 2009-02-09 10:20 616960 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-12-03 02:18 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-03 02:17 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-03 02:16 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-12-03 02:15 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-12-03 02:15 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-02 18:26 . 2009-12-02 18:26 -------- d-----w- c:\program files\Common Files\Apple
2009-12-02 18:26 . 2009-12-02 18:26 -------- d-----w- c:\documents and settings\Allen Brown\Local Settings\Application Data\Apple
2009-12-02 18:25 . 2009-12-02 18:25 -------- d-----w- c:\program files\Apple Software Update
2009-12-02 18:25 . 2009-12-02 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-22 00:46 . 2009-11-22 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-11-22 00:46 . 2009-11-22 00:46 -------- d-----w- c:\program files\SiteAdvisor
2009-11-22 00:44 . 2009-11-04 21:54 40552 ------w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-22 00:44 . 2009-11-04 21:54 35272 ------w- c:\windows\system32\drivers\mfebopk.sys
2009-11-22 00:44 . 2009-11-04 21:54 79816 ------w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-22 00:43 . 2009-07-16 17:32 120136 ------w- c:\windows\system32\drivers\Mpfp.sys
2009-11-22 00:43 . 2009-11-22 00:43 -------- d-----w- c:\program files\McAfee.com
2009-11-22 00:42 . 2009-11-04 21:53 34248 ------w- c:\windows\system32\drivers\mferkdk.sys
2009-11-22 00:38 . 2009-11-22 01:04 -------- d-sh--r- C:\RRbackups
2009-11-22 00:28 . 2009-11-22 00:28 -------- d-----w- c:\program files\TVT SMBus
2009-11-22 00:28 . 2009-11-22 00:28 -------- d-----w- c:\program files\SMI2
2009-11-21 20:55 . 2009-11-21 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\aece3
2009-11-21 20:54 . 2009-11-21 20:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WSDDSys
2009-11-21 20:42 . 2009-11-22 00:54 -------- d-sh--w- c:\documents and settings\All Users\e5a5b3a
2009-11-04 21:54 . 2009-11-04 21:54 214664 ------w- c:\windows\system32\drivers\mfehidk.sys
2009-10-24 14:06 . 2009-11-21 23:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2009-10-23 22:17 . 2009-11-21 23:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-21 06:00 . 2009-10-21 06:00 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 06:00 . 2009-10-21 06:00 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 14:58 . 2009-10-20 14:58 263552 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:53 . 2009-10-13 10:53 266752 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:54 . 2009-10-12 13:54 69632 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-12 13:54 . 2009-10-12 13:54 112128 ------w- c:\windows\system32\dllcache\rastls.dll
2009-09-29 03:53 . 2009-11-21 23:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-21 23:10 . 2009-12-17 13:08 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\U3
2009-09-05 23:08 . 2009-11-21 23:18 -------- d-----w- c:\documents and settings\Allen Brown\Local Settings\Application Data\TVU Networks
2009-09-05 23:08 . 2009-11-21 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-09-05 22:43 . 2009-11-21 23:25 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Move Networks
2009-09-05 05:27 . 2009-11-21 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-09-05 01:57 . 2009-11-21 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-09-04 20:45 . 2009-09-04 20:45 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-09-03 00:48 . 2009-11-21 23:18 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\DivX
2009-08-19 22:07 . 2009-08-19 22:07 1415000 ----a-w- c:\windows\system32\msxml6.dll
2009-08-19 14:19 . 2009-11-21 23:27 -------- d-----w- c:\program files\Adobe Media Player
2009-07-29 04:53 . 2009-07-29 04:53 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 04:59 . 2006-11-22 21:39 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-12-04 15:28 . 2009-12-04 15:27 -------- d-----w- c:\documents and settings\Guest.LENOVO-4AE000F0\Application Data\Lenovo
2009-12-04 15:21 . 2006-12-29 21:46 18464 ----a-w- c:\documents and settings\Allen Brown\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 15:10 . 2006-11-22 21:29 -------- d-----w- c:\program files\PCDR5
2009-12-02 18:27 . 2009-04-07 19:52 -------- d-----w- c:\program files\QuickTime
2009-12-02 18:26 . 2007-01-17 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-22 13:45 . 2009-03-09 04:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-22 01:06 . 2006-11-22 21:25 -------- d-----w- c:\program files\InterVideo
2009-11-22 01:06 . 2006-11-22 21:14 -------- d-----w- c:\program files\CONEXANT
2009-11-22 01:06 . 2006-11-22 21:25 -------- d-----w- c:\program files\Common Files\InterVideo
2009-11-22 01:05 . 2007-03-06 14:31 -------- d-----w- c:\documents and settings\Zack\Application Data\Apple Computer
2009-11-22 01:05 . 2007-03-06 14:31 -------- d-----w- c:\documents and settings\Zack\Application Data\HP
2009-11-22 01:05 . 2007-02-02 20:48 -------- d-----w- c:\documents and settings\Zack\Application Data\Corel
2009-11-22 01:05 . 2007-01-12 07:14 -------- d-----w- c:\documents and settings\Zack\Application Data\acccore
2009-11-22 01:05 . 2006-12-24 20:19 -------- d-----w- c:\documents and settings\Zack\Application Data\ThinkVantage
2009-11-22 00:49 . 2009-03-09 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-22 00:45 . 2009-03-09 04:46 -------- d-----w- c:\program files\McAfee
2009-11-22 00:43 . 2009-03-09 04:46 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-22 00:28 . 2006-11-22 21:39 23552 ------w- c:\windows\system32\drivers\psasrv.exe
2009-11-22 00:28 . 2006-07-12 00:52 17536 ------w- c:\windows\system32\drivers\psadd.sys
2009-11-22 00:23 . 2007-01-15 03:36 -------- d-----w- c:\program files\Pinnacle
2009-11-21 23:41 . 2009-03-08 17:13 -------- d-----w- c:\documents and settings\Zack\Application Data\Lenovo
2009-11-21 23:41 . 2006-12-24 19:33 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Lenovo
2009-11-21 23:41 . 2006-11-22 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lenovo
2009-11-21 23:37 . 2006-12-30 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TaskMgr
2009-11-21 23:35 . 2006-11-22 21:17 -------- d-----w- c:\program files\Windows Media Connect
2009-11-21 23:34 . 2007-05-10 19:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-21 23:32 . 2007-07-13 11:48 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Ventrilo
2009-11-21 23:31 . 2007-08-08 10:42 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Sites
2009-11-21 23:31 . 2007-08-08 10:42 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\SiteClasses
2009-11-21 23:31 . 2008-01-29 10:41 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Media Player Classic
2009-11-21 23:31 . 2008-08-30 01:15 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\FrostWire
2009-11-21 23:31 . 2007-06-03 09:28 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\gtk-2.0
2009-11-21 23:31 . 2007-01-12 02:00 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Image Zone Express
2009-11-21 23:31 . 2007-08-08 10:42 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Dynamic
2009-11-21 23:31 . 2007-01-15 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-11-21 23:26 . 2009-06-26 00:43 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\yoclient
2009-11-21 23:25 . 2008-04-29 20:23 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\vlc
2009-11-21 23:25 . 2007-06-02 12:24 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\LimeWire
2009-11-21 23:25 . 2007-07-13 12:48 -------- d--h--w- c:\documents and settings\Allen Brown\Application Data\ijjigame
2009-11-21 23:25 . 2007-07-13 07:03 -------- d-----w- c:\documents and settings\Allen Brown\Application Data\Download Manager
2009-11-21 23:21 . 2009-03-31 20:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-11-21 23:20 . 2006-12-25 02:36 -------- d-----w- c:\program files\Viewpoint
2009-11-21 23:20 . 2007-10-07 02:00 -------- d-----w- c:\program files\Reference Assemblies
2009-11-21 23:20 . 2008-11-02 18:39 -------- d-----w- c:\program files\NCH Software
2009-11-21 23:20 . 2008-11-02 18:38 -------- d-----w- c:\program files\NCH Swift Sound
2009-11-21 23:20 . 2007-07-13 08:15 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-21 23:19 . 2006-11-22 21:24 -------- d-----w- c:\program files\Java
2009-11-21 23:19 . 2009-03-31 20:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore
2009-11-21 23:17 . 2008-06-28 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit
2009-11-21 23:17 . 2007-07-13 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-11-21 23:17 . 2006-12-25 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-11-21 23:17 . 2009-01-15 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-11-21 23:17 . 2008-11-02 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-11-21 23:17 . 2009-03-09 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-11-21 23:17 . 2009-07-22 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-11-21 23:17 . 2006-12-25 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-11-21 23:07 . 2006-11-22 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Borland
2009-11-21 23:03 . 2006-11-22 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 22:56 . 2006-12-25 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-11-21 22:53 . 2007-01-15 08:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-12 02:04 . 2008-11-17 13:17 1 ------w- c:\documents and settings\Allen Brown\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-10-30 20:11 . 2009-01-07 23:28 2256 ------w- c:\windows\current_settings.bin
2009-10-29 05:04 . 2006-04-30 05:11 668672 ------w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2006-04-30 05:11 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2006-04-30 05:10 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 23:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2006-04-30 05:11 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2006-04-30 05:11 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2006-04-30 05:11 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-25 05:48 . 2006-04-30 05:10 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:03 . 2006-04-30 05:11 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2006-04-30 05:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2006-04-30 05:11 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-25 09:47 . 2006-04-30 05:11 352256 ----a-w- c:\windows\system32\winhttp.dll
2009-08-07 00:24 . 2006-04-30 05:32 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2006-04-30 05:32 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2006-04-30 05:32 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 12:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2006-04-30 05:32 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2006-04-30 05:10 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2006-04-30 05:32 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2007-01-16 15:57 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2006-04-30 05:32 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 00:23 . 2005-05-26 12:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:11 . 2006-04-30 05:11 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-04 12:49 . 2006-04-30 05:10 2142720 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:02 . 2004-08-03 22:59 2020864 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-31 04:57 . 2006-04-30 05:11 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-29 04:53 . 2006-04-30 05:11 119808 ------w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2006-04-30 05:10 82432 ------w- c:\windows\system32\fontsub.dll
2009-07-22 00:42 . 2009-07-22 00:42 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-07-21 05:05 . 2009-07-21 05:05 1348432 ----a-w- c:\windows\system32\msxml4.dll
2009-07-17 18:55 . 2006-04-30 05:10 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:27 . 2006-04-30 05:11 1435648 ------w- c:\windows\system32\query.dll
2009-07-14 04:43 . 2006-04-30 05:11 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:17 . 2006-04-30 05:11 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:17 . 2006-04-30 05:11 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:17 . 2006-04-30 05:11 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:17 . 2006-04-30 05:10 729600 ------w- c:\windows\system32\lsasrv.dll
2007-04-24 13:37 . 2006-12-30 05:48 168 --sh--r- c:\windows\system32\C21DAF5460.sys
2007-04-24 13:37 . 2006-12-30 05:48 12000 --sh--w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-26_15.20.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-26 17:48 . 2009-08-26 17:48 16384 c:\windows\Temp\Perflib_Perfdata_30c.dat
+ 2009-08-26 18:02 . 2009-08-26 18:02 16384 c:\windows\Temp\Perflib_Perfdata_2e4.dat
+ 2009-08-26 18:01 . 2009-08-26 18:01 16384 c:\windows\Temp\Perflib_Perfdata_1cc.dat
+ 2006-04-30 05:11 . 2009-08-26 17:52 98886 c:\windows\system32\perfc009.dat
- 2006-04-30 05:11 . 2009-08-26 14:46 98886 c:\windows\system32\perfc009.dat
+ 2006-04-30 05:11 . 2009-08-26 17:52 524676 c:\windows\system32\perfh009.dat
- 2006-04-30 05:11 . 2009-08-26 14:46 524676 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
"nwiz"="nwiz.exe" [2006-03-02 1519616]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-04 149280]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 507904]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2005-06-13 192512]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/21/2009 8:45 PM 93320]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [11/21/2009 8:28 PM 3968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/8/2007 4:25 PM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 10:17 AM 135664]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://facebook.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Allen Brown\Application Data\Mozilla\Firefox\Profiles\i1uvtllw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 14:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1192)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\ICO.EXE
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\windows\system32\rundll32.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\Pelmiced.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-08-26 14:05:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-26 18:05
ComboFix2.txt 2009-08-26 15:23
Pre-Run: 194,225,324,032 bytes free
Post-Run: 194,182,520,832 bytes free
- - End Of File - - 13D89E8643604934173030EF148FA1A6
Hi,
Have you run Kaspersky online scanner yet (was guided in my previous post)? Please do and post back its report & fresh dds.txt log.
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.