View Full Version : Two Computers - Two problems!
Hey,
I have two problems - a desktop PC and a laptop, each with a different problem. On the desktop, I cannot access the internet from a browser or other applications (i.e. weather.com app).
On the laptop, I have the Google redirect virus that seems to be going around - any time I click on a link from Google, Yahoo, etc., it sends me to a random shopping site. This happens in IE or Firefox. I ran Malwarebytes, and it removed a few things, but did not correct this problem.
I'll post the logs from the laptop with Google redirect, first. Thank you for any help you may be able to provide.
Here is the DDS log:
DDS (Ver_10-10-10.03) - NTFSx86
Run by Jason at 22:56:02.89 on Mon 10/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1234 [GMT -4:00]
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
svchost.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Renesas\Hew\AutoUpdate\AutoUpdate.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\C4SSTUSV\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=YXxcioNoCdosDbr__diG3IU_95c
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100920231344.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
TB: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_Plugin.exe -update plugin
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SSP Notifier] c:\program files\fisher-price\fp3 player\sspnotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0360.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\renesa~1.lnk - c:\renesas\hew\autoupdate\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jason\applic~1\mozilla\firefox\profiles\3d4pks4r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-26 386712]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-26 84072]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-26 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-26 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-26 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-26 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-26 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-26 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-26 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 88544]
S2 0253031287456359mcinstcleanup;McAfee Application Installer Cleanup (0253031287456359);c:\windows\temp\025303~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\025303~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-19 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-1-2 18560]
S3 FOUSB;Flash-Over-USB Device Driver;c:\windows\system32\drivers\fousb.sys [2002-6-24 162540]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-26 84264]
S3 USBMON;USB Monitor Device Driver;c:\windows\system32\drivers\usbmon.sys [2008-2-13 162540]
=============== Created Last 30 ================
2010-10-15 18:42:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-15 18:42:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-15 14:30:24 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 14:30:24 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 14:30:24 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 14:30:14 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-07 00:32:44 398744 ----a-r- c:\windows\cpnprt2.cid
2010-10-07 00:32:42 398744 ------w- c:\windows\system32\cpnprt2.cid
2010-10-07 00:32:36 -------- d-----w- c:\windows\Cache
2010-10-07 00:32:33 -------- d-----w- c:\program files\Coupons
2010-10-07 00:18:30 -------- d-----w- c:\program files\SelectRebates
2010-09-21 03:13:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
==================== Find3M ====================
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
============= FINISH: 22:57:31.92 ===============
And the attach log:
6011
Hello and welcome to the forum.
My name is vict0r and I will help you with the malware issues on your computer.
Please read the following information carefully.
IMPORTANT: Whatever repairs we make, are for fixing this computer only and by no means should be used on another computer.
To make cleaning this machine easier:
Continue to respond to this thread until I I tell you that the logs are clean!
Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
Please follow all instructions in the order posted.
If you have any questions or do not understand instructions, please ask before continuing.
Please reply to this thread. Do not start a new topic.
Your security program(s) may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
I will research the logs from this computer and post a fix for you as soon as possible.
Note that if you do not reply within 3 days of any of my posts will result in your topic being closed. Please notify me in advance if you will be unable to post for more than 24 hours.
Thanks in advance for your help, vict0r.
Hi jtfish.
I'd appreciate if you post back even if you do not need help anymore. If you still need help and are not receiving it elsewhere, please proceed with the following:
Please don't attach any of the logs, copy and past them into the reply, feel free to post the logs in separate replies.
TDSSKiller
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract (unzip) it to your Desktop.
Double click on TDSSKiller.exe to launch it. If it does not start, post back for further instructions.
Click on Start Scan, the scan will run.
When the scan has finished, if it found anything please click on the drop down arrow next to Cure and select Skip then click Continue
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
You can also find the log by going to Start > Computer > C: (It will be similar to "TDSSKiller.2.4.1.4_02.09.2010_22.29.40_log.txt")
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT
Uninstall misc programs
Click on Start > Run.
In the open text box copy/paste appwiz.cpl Then click Ok.
Wait for the list of programs in the Add/Remove control panel to appear, then uninstall the programs listed below:
Ad-Aware
Coupon Printer for Windows
J2SE Runtime Environment 5.0 Update 6
ShopAtHome SelectRebates
Re-run DDS
If you have deleted dds, please re-download it from one of the links below and save it to your desktop:
http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif
Download DDS and save it to your desktop
Link1 (http://www.techsupportforum.com/sectools/sUBs/dds)
Link2 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link3 (http://www.forospyware.com/sUBs/dds)
Please disable any anti-malware program that will block scripts from running before running DDS.
Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
DDS.txt
Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post them in your next replies
Retrieve Malwarebytes Anti-Malware log
Right click the Start menu and click Explore.
Navigate to C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs Locate the log you are referring to in your first post. It should be named mbam-log-date (time).txt. Post it in your next reply.
When finished please post:
the TDSSKiller log
the DDS logs.
the Malwarebytes log.
Describe any problems while following the instructions (if any).
2010/10/24 13:22:41.0234 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/24 13:22:41.0234 ================================================================================
2010/10/24 13:22:41.0234 SystemInfo:
2010/10/24 13:22:41.0234
2010/10/24 13:22:41.0234 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/24 13:22:41.0234 Product type: Workstation
2010/10/24 13:22:41.0234 ComputerName: LAPTOP
2010/10/24 13:22:41.0234 UserName: Jason
2010/10/24 13:22:41.0234 Windows directory: C:\WINDOWS
2010/10/24 13:22:41.0234 System windows directory: C:\WINDOWS
2010/10/24 13:22:41.0234 Processor architecture: Intel x86
2010/10/24 13:22:41.0234 Number of processors: 2
2010/10/24 13:22:41.0234 Page size: 0x1000
2010/10/24 13:22:41.0234 Boot type: Normal boot
2010/10/24 13:22:41.0234 ================================================================================
2010/10/24 13:22:41.0578 Initialize success
2010/10/24 13:22:53.0484 ================================================================================
2010/10/24 13:22:53.0484 Scan started
2010/10/24 13:22:53.0484 Mode: Manual;
2010/10/24 13:22:53.0484 ================================================================================
2010/10/24 13:22:55.0031 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/24 13:22:55.0187 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/24 13:22:55.0250 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/24 13:22:55.0296 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/24 13:22:55.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/24 13:22:55.0671 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/24 13:22:55.0718 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/24 13:22:55.0781 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/24 13:22:55.0890 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/24 13:22:56.0093 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/24 13:22:56.0281 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/24 13:22:56.0578 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/24 13:22:56.0843 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/24 13:22:56.0875 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/24 13:22:56.0984 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/24 13:22:57.0187 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/10/24 13:22:57.0406 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/24 13:22:57.0484 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/24 13:22:57.0609 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/24 13:22:57.0750 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/24 13:22:57.0875 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/24 13:22:57.0953 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/24 13:22:58.0031 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/24 13:22:58.0140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/24 13:22:58.0218 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/10/24 13:22:58.0265 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/10/24 13:22:58.0375 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/24 13:22:58.0656 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/24 13:22:58.0718 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/24 13:22:58.0843 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/24 13:22:59.0000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/24 13:22:59.0062 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/24 13:22:59.0125 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/24 13:22:59.0203 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\WINDOWS\system32\drivers\cfwids.sys
2010/10/24 13:22:59.0468 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/24 13:22:59.0515 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/24 13:22:59.0640 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/24 13:22:59.0734 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/24 13:22:59.0796 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/24 13:22:59.0968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/24 13:23:00.0203 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\datunidr.sys
2010/10/24 13:23:00.0265 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/24 13:23:00.0343 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/24 13:23:00.0453 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/24 13:23:00.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/24 13:23:00.0703 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/24 13:23:00.0781 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/24 13:23:00.0953 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/24 13:23:01.0031 DXEC02 (0c8762b91b967a91373e0e022b62acfc) C:\WINDOWS\system32\drivers\dxec02.sys
2010/10/24 13:23:01.0093 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/24 13:23:01.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/24 13:23:01.0421 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/24 13:23:01.0500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/24 13:23:01.0578 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/24 13:23:01.0687 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/24 13:23:01.0750 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
2010/10/24 13:23:01.0843 FOUSB (af78b87e99ec1a9fb7d91749fa33f7e8) C:\WINDOWS\system32\Drivers\FOUSB.sys
2010/10/24 13:23:02.0046 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/24 13:23:02.0109 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/24 13:23:02.0187 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/10/24 13:23:02.0406 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/24 13:23:02.0484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/24 13:23:02.0562 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/24 13:23:02.0625 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/24 13:23:02.0781 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/10/24 13:23:03.0031 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/10/24 13:23:03.0359 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/24 13:23:03.0437 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/24 13:23:03.0531 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/24 13:23:03.0609 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/24 13:23:03.0671 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys
2010/10/24 13:23:03.0812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/24 13:23:03.0890 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/24 13:23:04.0062 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/24 13:23:04.0171 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/24 13:23:04.0250 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/24 13:23:04.0312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/24 13:23:04.0421 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/24 13:23:04.0500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/24 13:23:04.0609 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/24 13:23:04.0703 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/24 13:23:04.0796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/24 13:23:04.0890 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/24 13:23:04.0968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/24 13:23:05.0078 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/24 13:23:05.0328 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/24 13:23:05.0437 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/10/24 13:23:05.0656 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/10/24 13:23:05.0875 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/10/24 13:23:06.0062 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/10/24 13:23:06.0312 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/10/24 13:23:06.0593 mfendisk (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/10/24 13:23:06.0687 mfendiskmp (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/10/24 13:23:06.0718 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/10/24 13:23:06.0937 mfetdi2k (3363aca7b66bd6b37d0f5c148dc9d34b) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/10/24 13:23:07.0156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/24 13:23:07.0234 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/24 13:23:07.0265 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/24 13:23:07.0343 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/24 13:23:07.0468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/24 13:23:07.0531 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/24 13:23:07.0812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/24 13:23:07.0921 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/24 13:23:07.0953 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/24 13:23:08.0046 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/24 13:23:08.0140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/24 13:23:08.0187 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/24 13:23:08.0250 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/24 13:23:08.0281 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/24 13:23:08.0343 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/24 13:23:08.0421 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/24 13:23:08.0500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/24 13:23:08.0531 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/24 13:23:08.0656 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/24 13:23:08.0703 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/24 13:23:08.0765 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/24 13:23:08.0859 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/24 13:23:09.0093 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/24 13:23:09.0218 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/24 13:23:09.0390 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/10/24 13:23:09.0609 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/24 13:23:10.0000 nv (e531eaa795a273fc70c9de3f195069c8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/24 13:23:10.0453 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/24 13:23:10.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/24 13:23:10.0562 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/24 13:23:10.0609 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/24 13:23:10.0687 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/24 13:23:10.0734 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/24 13:23:10.0812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/24 13:23:10.0890 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/24 13:23:11.0000 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/24 13:23:11.0234 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/24 13:23:11.0453 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/24 13:23:11.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/24 13:23:11.0703 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/24 13:23:11.0781 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/24 13:23:11.0984 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
2010/10/24 13:23:12.0187 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/24 13:23:12.0234 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/24 13:23:12.0343 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/24 13:23:12.0468 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/24 13:23:12.0609 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/24 13:23:12.0703 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/24 13:23:12.0750 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/24 13:23:12.0859 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/24 13:23:12.0890 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/24 13:23:13.0015 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/24 13:23:13.0062 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/24 13:23:13.0234 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/24 13:23:13.0281 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/24 13:23:13.0406 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/24 13:23:13.0484 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/10/24 13:23:13.0531 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/10/24 13:23:13.0796 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/10/24 13:23:14.0125 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/10/24 13:23:14.0250 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/24 13:23:14.0328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/24 13:23:14.0421 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/24 13:23:14.0515 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/24 13:23:14.0687 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/24 13:23:14.0812 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/24 13:23:14.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/24 13:23:15.0015 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/24 13:23:15.0125 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/24 13:23:15.0312 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys
2010/10/24 13:23:15.0625 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/24 13:23:15.0687 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/24 13:23:15.0812 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/24 13:23:16.0046 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/24 13:23:16.0265 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/24 13:23:16.0406 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/24 13:23:16.0656 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/24 13:23:16.0890 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/24 13:23:16.0968 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/24 13:23:17.0031 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/24 13:23:17.0078 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/24 13:23:17.0125 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/24 13:23:17.0218 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/24 13:23:17.0375 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/24 13:23:17.0453 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/24 13:23:17.0781 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/24 13:23:17.0906 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/24 13:23:18.0312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/24 13:23:18.0390 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/24 13:23:18.0468 USBMON (a1d7f206aec6af2c02c732918fa638cc) C:\WINDOWS\system32\Drivers\usbmon.sys
2010/10/24 13:23:18.0562 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/24 13:23:18.0593 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/24 13:23:18.0656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/24 13:23:18.0718 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/24 13:23:18.0781 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/24 13:23:18.0875 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/24 13:23:18.0984 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/24 13:23:19.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/24 13:23:19.0187 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/10/24 13:23:19.0500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/24 13:23:19.0640 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/24 13:23:19.0984 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/10/24 13:23:20.0203 ================================================================================
2010/10/24 13:23:20.0203 Scan finished
2010/10/24 13:23:20.0203 ================================================================================
DDS (Ver_09-09-29.01) - NTFSx86
Run by Jason at 13:46:34.32 on Sun 10/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1085 [GMT -4:00]
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Renesas\Hew\AutoUpdate\AutoUpdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jason\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=YXxcioNoCdosDbr__diG3IU_95c
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100920231344.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
TB: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SSP Notifier] c:\program files\fisher-price\fp3 player\sspnotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0360.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\renesa~1.lnk - c:\renesas\hew\autoupdate\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jason\applic~1\mozilla\firefox\profiles\3d4pks4r.default\
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-26 386712]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-26 84072]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2010-7-28 1156440]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-26 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-26 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-26 141792]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2010-5-14 249136]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-8-18 1529728]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-26 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-26 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-26 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-26 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-19 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-1-2 18560]
S3 FOUSB;Flash-Over-USB Device Driver;c:\windows\system32\drivers\fousb.sys [2002-6-24 162540]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-26 84264]
S3 USBMON;USB Monitor Device Driver;c:\windows\system32\drivers\usbmon.sys [2008-2-13 162540]
=============== Created Last 30 ================
2010-10-24 13:35 0 a------- C:\install.rdf
2010-10-15 14:42 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2010-10-15 14:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-15 10:30 974,848 -------- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 10:30 954,368 -------- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 10:30 953,856 -------- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 10:30 617,472 -------- c:\windows\system32\dllcache\comctl32.dll
2010-10-06 20:32 <DIR> --d----- c:\windows\Cache
==================== Find3M ====================
2010-09-18 12:23 974,848 a------- c:\windows\system32\mfc42u.dll
2010-09-18 12:23 974,848 -------- c:\windows\system32\dllcache\mfc42u.dll
2010-09-18 02:53 974,848 a------- c:\windows\system32\mfc42.dll
2010-09-18 02:53 954,368 a------- c:\windows\system32\mfc40.dll
2010-09-18 02:53 953,856 a------- c:\windows\system32\mfc40u.dll
2010-09-01 07:51 285,824 a------- c:\windows\system32\atmfd.dll
2010-09-01 07:51 285,824 -------- c:\windows\system32\dllcache\atmfd.dll
2010-08-31 09:42 1,852,800 a------- c:\windows\system32\win32k.sys
2010-08-31 09:42 1,852,800 -------- c:\windows\system32\dllcache\win32k.sys
2010-08-27 04:02 119,808 a------- c:\windows\system32\t2embed.dll
2010-08-27 04:02 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2010-08-27 01:57 99,840 a------- c:\windows\system32\srvsvc.dll
2010-08-27 01:57 99,840 -------- c:\windows\system32\dllcache\srvsvc.dll
2010-08-26 17:16 4,886,528 -------- c:\windows\system32\dllcache\wmp.dll
2010-08-26 09:39 357,248 a------- c:\windows\system32\drivers\srv.sys
2010-08-26 09:39 357,248 -------- c:\windows\system32\dllcache\srv.sys
2010-08-26 08:52 5,120 a------- c:\windows\system32\xpsp4res.dll
2010-08-26 08:22 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2010-08-23 12:12 617,472 a------- c:\windows\system32\comctl32.dll
2010-08-17 09:17 58,880 a------- c:\windows\system32\spoolsv.exe
2010-08-17 09:17 58,880 -------- c:\windows\system32\dllcache\spoolsv.exe
2010-08-16 04:45 590,848 a------- c:\windows\system32\rpcrt4.dll
2010-08-16 04:45 590,848 -------- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-27 02:30 8,462,336 -------- c:\windows\system32\dllcache\shell32.dll
2009-02-10 22:22 65,680 a------- c:\documents and settings\jason\temp.dat
2009-02-10 22:22 3,284 a------- c:\documents and settings\jason\temp2.dat
2008-12-23 16:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122320081224\index.dat
============= FINISH: 13:47:41.26 ===============
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3
10/15/2010 2:36:40 PM
mbam-log-2010-10-15 (14-36-40).txt
Scan type: Full Scan (C:\|)
Objects scanned: 194871
Time elapsed: 2 hour(s), 27 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
Hey vict0r,
I did not have any trouble generating any of these logs. One thing, though - I don't know if it's related to the redirect virus or not, but any surfing is much slower than normal.
Thanks!
Hi
Uninstall Spybot - Search & Destroy
Please uninstall Spybot - Search & Destroy as it might interfere with the fix.
Click on Start > Run.
In the open text box copy/paste appwiz.cpl Then click Ok.
Wait for the list of programs in the Add/Remove control panel to appear, then uninstall Spybot - Search & Destroy
Malwarebytes' Anti-Malware
The MBAM log you posted shows that both the program and database is outdated. Is the update failing? If it is failing then there is a hidden infection blocking the update. Please try the following:
Start Malwarebytes' Anti Malware (MBAM).
Click the Update tab and then click the Check for Updates button to perform the program update.
When the update is finished, the program should restart.
Click the Update tab again and then click the Check for Updates button to perform the database update.
When the update is finished, click the Scanner tab, select Perform Quick Scan and then click the Scan button.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Verify router settings.
Please verify that the redirects have stopped or not after completing the MBAM section above. If you are still redirected, then verify that the DNS (Domain Name Server) settings of your router is correct. Please post the current servers in your next reply.
If you need any help with this, then post the make and model of the router.
Scan With RKUnHooker
Please Download Rootkit Unhooker (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE) Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth Code, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait until the scanner has finished and then click File, Save Report.
* This can take a while. Please be patient *.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of this log in your next reply.
This log can be lengthy you may have to post it in separate replies.
Note: If you get the following warning, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
MBRCheck
Download MBRCheck from Here (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe) & save it to your desktop.
Disable your security programs so they do not interfere with the tool. Double click on the file to run it.
A window will open on your desktop.
If an unknown bootcode is found, do not proceed with any further options at this time. For now, type in N then press Enter twice to exit the program.
If nothing unusual is found just press Enter.
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Post the contents of that file in your next reply.
When finished please post:
Did MBAM update and is the dns-settings of your router correct?
the MBAM log.
the RKUnHooker log.
the MBRCheck log
Describe any problems while following the instructions (if any).
Hi.
It has been almost 2 days since my previous post to this topic.
Do you still need help with this problem?
Do you need more time?
Are you experiencing problems when following the instructions?
Just let me know what's going on otherwise...
After another 2 days, if you have not replied to this topic... it will be closed!
Hey vict0r,
Sorry it's been a while. I'm still working this problem.
I updated MBAM and ran it again. The log is below. Also, I have a Belkin N-Wireless router. The DNS address it currently shows is 205.152.37.23.
Here is the MBAM log:
=====================================================
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4948
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/25/2010 11:20:17 PM
mbam-log-2010-10-25 (23-20-17).txt
Scan type: Quick scan
Objects scanned: 182210
Time elapsed: 40 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 13
Files Infected: 22
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\smartshopper.hbax (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.hbax.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.hbinfoband (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.hbinfoband.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebutton (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebutton.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebuttona (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebuttona.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebuttonb (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.iebuttonb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.smrtshprctl (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smartshopper.smrtshprctl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{08aa0598-6a23-4364-9bf4-6d5f57f42993} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b0e8c398-dabe-4ce1-b4d9-ed43b64923f5} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c7f127df-8877-4e1e-a196-fbbecbc5bc6d} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{064c57b4-b9ec-425f-b9b3-bceffeea74d9} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0755e4f0-3f92-4a67-ad14-e9f287f76fbc} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2260d608-c844-435d-90fd-dc16cfa577f2} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bceb373d-a35a-4200-bd43-8586cd9dfae7} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2615f050-9c18-4267-b711-8e3687dc0145} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ca295d63-514a-4ed0-9b5f-640890f2366b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cb0d9d8c-535e-4352-ba8f-65c3c8676612} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Jason\Application Data\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\db (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\dwld (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\report (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\res1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs\db (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs\dwld (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs\report (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs\res2 (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\Config.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\db\Sites.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\report\send_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\res1\Phishinglist.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Application Data\SmartShopper\cs\res1\WhiteList.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs\Config.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs\db\Sites.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs\report\send_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michelle\Application Data\SmartShopper\cs\res2\WhiteList.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SmartShopper\SmartShopper - Comapre product prices.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SmartShopper\SmartShopper - Compare travel rate.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\SmartShopper\SmartShopper Help.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB90DF000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6348800 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.28 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5468160 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 101.28 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB7B38000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xB79D4000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB7921000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB8FEB000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xB9D40000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB73D4000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xB74EF000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8D99000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB9DE4000 mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xB7635000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB4ABF000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB8F72000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xB8E1F000 C:\WINDOWS\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0xB2FF5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB7AC6000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB8F40000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 204800 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB4D1F000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D13000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB213E000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB755F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB907F000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB75D4000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB75FC000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB8EBD000 C:\WINDOWS\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB7B14000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB90A7000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8F1D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB75B2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E53000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7AFA000 C:\WINDOWS\system32\drivers\dxec02.sys 106496 bytes (Knowles Acoustics, dxec02.sys)
0xB9CF9000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB73BC000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9DCD000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8EF2000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB3323000 C:\WINDOWS\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0xB4992000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8F09000 C:\WINDOWS\system32\DRIVERS\mfendisk.sys 81920 bytes (McAfee, Inc., McAfee NDIS Intermediate Driver)
0xB8FC3000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0xB8FD7000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB90CB000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB768E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB7622000 C:\WINDOWS\system32\drivers\mfetdi2k.sys 77824 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E41000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8EE1000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA258000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xBA198000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA298000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA108000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB96ED000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB972D000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB4B3F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB973D000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA118000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0xBA0A8000 tuacebvl.sys 57344 bytes
0xBA0F8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA278000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0D8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB4A07000 C:\WINDOWS\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xB977D000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA2E8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB3207000 C:\WINDOWS\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA0C8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0B8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB974D000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB975D000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0E8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB971D000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA248000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB976D000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB96FD000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB2D0B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB970D000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA460000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA488000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA420000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA478000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA490000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA438000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA430000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA418000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA470000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA480000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA450000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA458000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA440000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3A0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB8E0B000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9C3E000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB4C1F000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xBA584000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB4FA8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB758E000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB8E7E000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB8E82000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB8E0F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9C32000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB8E7A000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9C3A000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA5EE000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5F4000 C:\WINDOWS\system32\DRIVERS\datunidr.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xBA660000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5EC000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5F0000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5FC000 C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver)
0xBA5F2000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5DE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5DA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA682000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6CD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA762000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x7A4D0000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0x8A0A9020 ] PID: 3132, 1196032 bytes
0x7AA10000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0x8A0A9020 ] PID: 3132, 143360 bytes
0x79EE0000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0x8A0A9020 ] PID: 3132, 2375680 bytes
0x7B0B0000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0x8A0A9020 ] PID: 3132, 380928 bytes
0x7B2E0000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0x8A0A9020 ] PID: 3132, 4476928 bytes
0x796B0000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0x8A0A9020 ] PID: 3132, 6197248 bytes
0x7A340000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0x8A0A9020 ] PID: 3132, 659456 bytes
0x7A1D0000 Hidden Image-->System.ni.dll [ EPROCESS 0x8A0A9020 ] PID: 3132, 671744 bytes
0x7AAE0000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0x8A0A9020 ] PID: 3132, 847872 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a01e302fd0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a01e302fd1.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a01e311570.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a01e311571.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a01f2b6d0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a020133d80.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a020142e0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a022161a50.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a022162710.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a022162800.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a022162801.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a022247d0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a02224f0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a02224f1.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a0222935b0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a0222937a0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a0231c38a0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a0231d4e0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a0231d9c0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a0231df0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a023227d0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a023229c0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a02322bb0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a02322da0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a02322f0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a0241332c0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a0243a1090.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a0243a2e0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a0243a5d0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a0243a9c0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7daa1a0243afa0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Documents and Settings\Jason\Cookies\jason@ad.yieldmanager[1].txt
!-->[Hidden] C:\Documents and Settings\Jason\Cookies\jason@askmen[2].txt
!-->[Hidden] C:\Documents and Settings\Jason\Cookies\jason@delicious[2].txt
!-->[Hidden] C:\Documents and Settings\Jason\Cookies\jason@icio[1].txt
!-->[Hidden] C:\Documents and Settings\Jason\Cookies\jason@invitemedia[1].txt
!-->[Hidden] C:\Documents and Settings\Jason\Cookies\jason@suitesmart[2].txt
!-->[Hidden] C:\Documents and Settings\Jason\Cookies\jason@wrapper.askmen[2].txt
!-->[Hidden] C:\Documents and Settings\Jason\Cookies\jason@www.askmen[1].txt
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Toolbar\metrics_18499365563.xml
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Toolbar\metrics_19127345393.xml
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Toolbar\metrics_19133224445.xml
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{97D9278E-E0BC-11DF-8C7E-001D09BFE929}.dat
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{97D9278F-E0BC-11DF-8C7E-001D09BFE929}.dat
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Search Enhancement Pack\Search Box Extension\searchhs.dat::$DATA
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\1T4WEL81\2-coyHuddle_300x250[1].swf
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\1T4WEL81\dfa[2].js
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\1T4WEL81\_f5e[2].swf
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\2M4HC9HG\collapse_nor[1]
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\2M4HC9HG\syncmessage[1].aspx
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\8EW4HJZK\NewTabPageScripts[1]
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\EM8KXF1D\help_16[1]
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\FK2IXYY6\dw5severe[1].xml
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\HZGR0LE9\favicon[2].ico
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\PTW2KB7H\30062[2].txt
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\PTW2KB7H\login[1].htm
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\Q9ZMCEU5\close_nor[1]
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\Q9ZMCEU5\tabswelcome[1]
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\SV5MQZGY\26[1].png
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\SV5MQZGY\dw5severe[1].xml
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\SV5MQZGY\top[1]
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\XRXAZBR8\30062[2].txt
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\XRXAZBR8\expand_nor[1]
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\XRXAZBR8\showthread[2].htm
!-->[Hidden] C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\YC760KQG\30062[2].txt
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\046CN9M9\0;k=91;k=94;k=97;k=106;k=159;k=166;k=169;k=214;k=222;k=228;k=239;k=245;k=261;k=621;ssngroup=0;status=unrecognized;tile=2;sz=468x60;pos=1;ord=6294062481399968[1]2
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\046CN9M9\1;pid=21020059;aid=212445867;ko=0;cid=31646502;rid=31664378;rv=1;×tamp=1246151594593;eid1=2;ecn1=0;etm1=9;eid2=3;ecn2=1;etm2=1;eid3=4;ecn3=1;etm3=0;[1].gif2
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\046CN9M9\3;k=90;k=91;k=94;k=97;k=106;k=159;k=166;k=169;k=214;k=222;k=228;k=239;k=245;k=261;k=621;ssngroup=0;status=unrecognized;tile=5;sz=301x251;ord=6294062481399968[1]4
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\1246554684365679%2FK%3D9zVGuKHE4yOD.XReZz3eGQ%2FA%3D5761138%2FR%3D0%2F%2A%24,http%3A%2F%2Fus.mc397.mail.yahoo.com%2Fmc%2Fmd[1].php%3Fen%3Dcp1252,;ord=12465546867
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\1246554706975341%2FK%3D68o1lAYUv4_ybxljHJUUvA%2FA%3D5761138%2FR%3D0%2F%2A%24,http%3A%2F%2Fus.mc397.mail.yahoo.com%2Fmc%2Fmd[1].php%3Fen%3Dcp1252,;ord=1246554708m
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\1246554975973914%2FK%3DTYjG9Ic5_VgHFPq0a_yGug%2FA%3D5761138%2FR%3D0%2F%2A%24,http%3A%2F%2Fus.mc397.mail.yahoo.com%2Fmc%2Fmd[1].php%3Fen%3Dcp1252,;ord=1246554977m
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\1246556173808047%2FK%3DHB4DwB1kF0Zh95H9EHsi8g%2FA%3D5761137%2FR%3D0%2F%2A%24,http%3A%2F%2Fus.mc397.mail.yahoo.com%2Fmc%2Fmd[1].php%3Fen%3Dcp1252,;ord=1246556175m
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\1246565715427621%2FK%3DakznN_7E_oPZWusxhQ2XDw%2FA%3D5761138%2FR%3D0%2F%2A%24,http%3A%2F%2Fus.mc397.mail.yahoo.com%2Fmc%2Fmd[1].php%3Fen%3Dcp1252,;ord=1246565717m
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\41686781%3Bkvst%3Dga%3Bkvco%3Dusa%3Bkvmn%3D93206396%3Bkvtid%3D1512t8h0vfjt8p%3Bkvseg%3D99999%3A51175%3A61165%3A60174%3Bnodecode%3Dyes%3Blink%3D;ord=541686781[1]7
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\E=7081082172&ORD=7406349265&PAGETYPE=TOPIC&UNIQUEID=chicken&ADKEY1=CHICKEN&ADKEY2=CHICKEN&rsi=A09802_10003&rsi=A09802_10007&rsi=A09802_10009&rsi=D08734_70016[1]m
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\E=FOOD&TILE=550743391332085&ORD=7406153765&PAGETYPE=SECTION&UNIQUEID=FOOD_SECTION_32085_1&SECTION_ID=32085&rsi=A09802_10003&rsi=A09802_10007&rsi=A09802_10009[1]m
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\E=FOOD&TILE=906416440432085&ORD=7406334843&PAGETYPE=SECTION&UNIQUEID=FOOD_SECTION_32085_1&SECTION_ID=32085&rsi=A09802_10003&rsi=A09802_10007&rsi=A09802_10009[1]m
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\E=FOOD&TILE=931130406632086&ORD=7405986062&PAGETYPE=SECTION&UNIQUEID=FOOD_SECTION_32086_1&SECTION_ID=32086&rsi=A09802_10003&rsi=A09802_10007&rsi=A09802_10009[1]m
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\E=FOOD&TILE=931130406632086&ORD=7405986062&PAGETYPE=SECTION&UNIQUEID=FOOD_SECTION_32086_1&SECTION_ID=32086&rsi=A09802_10003&rsi=A09802_10007&rsi=A09802_10009[2]m
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\E=FOOD&TILE=931130406632086&ORD=7405986062&PAGETYPE=SECTION&UNIQUEID=FOOD_SECTION_32086_1&SECTION_ID=32086&rsi=A09802_10003&rsi=A09802_10007&rsi=A09802_10009[3]m
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\en&DIFFICULTY=Easy&CUISINE=American&INGREDIENT=Grains&OCCASION=Holiday&MEALPART=Side_Dish&TECHNIQUE=Baking&rsi=A09802_10003&rsi=A09802_10007&rsi=A09802_10009[1]m
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\icken&ADKEY1=CHICKEN&ADKEY2=CHICKEN&rsi=A09802_10003&rsi=A09802_10007&rsi=A09802_10009&rsi=D08734_70016&playerid=8721&duration=3&playertype=SNAP&rand=414[1].htmm
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\id=37890758;aid=215787134;ko=0;cid=31918628;rid=31936504;rv=1;×tamp=1246152852687;eid1=2;ecn1=0;etm1=10;eid2=12;ecn2=0;etm2=7;eid6=13;ecn6=1;etm6=0;[1].gifm
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\LE=786307507032078&ORD=7405935484&TOPIC=ASKAIDA&PAGETYPE=EPISODE&UNIQUEID=FOOD_EPISODE_58706_1&SECTION_ID=32078&ADKEY1=NUTS&ADKEY2=RICE&SOURCE=MANUAL&SHOW=AI[1]m
!-->[Hidden] C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\6VSH20FF\vzip%3D30076%3Bkvmn%3D93246065%3Bkvtid%3D1512t8h0vfjt8p%3Bkvseg%3D99999%3A51175%3A61165%3A60174%3A50280%3Bkp%3D31110%3Bnodecode%3Dyes%3Blink%3D;ord=541775606[1]7
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\cstreams\79242\cstreams.lua
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\cstreams\79242\cstreams.rgx
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\cstreams\79242\manifest
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\sentag\29048\manifest
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\sentag\29048\sentag.lua
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\sentag\29048\sentence.lut
!-->[Hidden] C:\Program Files\McAfee\MSK\Config\sentag\29048\tags.lut
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateKey, Type: Inline - RelativeJump 0x806237C8-->B9E17094 [mfehidk.sys]
ntkrnlpa.exe-->NtDeleteKey, Type: Inline - RelativeJump 0x80623C64-->B9E170A8 [mfehidk.sys]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Inline - RelativeJump 0x80623E34-->B9E170D4 [mfehidk.sys]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x805B1FE6-->B9E1712A [mfehidk.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Inline - RelativeJump 0x80624BA6-->B9E17080 [mfehidk.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Inline - RelativeJump 0x805CB3FA-->B9E17058 [mfehidk.sys]
ntkrnlpa.exe-->NtOpenThread, Type: Inline - RelativeJump 0x805CB686-->B9E1706C [mfehidk.sys]
ntkrnlpa.exe-->NtRenameKey, Type: Inline - RelativeJump 0x806231EA-->B9E170BE [mfehidk.sys]
ntkrnlpa.exe-->NtSetSecurityObject, Type: Inline - RelativeJump 0x805C05DA-->B9E17100 [mfehidk.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Inline - RelativeJump 0x80621D3A-->B9E170EA [mfehidk.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x805D2982-->B9E17154 [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x805B2DF4-->B9E17140 [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x80504B08-->B9E17114 [mfehidk.sys]
[1440]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1440]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1440]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1440]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1440]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1440]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1440]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1440]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1440]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1440]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1440]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1440]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1464]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1464]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1464]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1464]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1464]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1464]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1464]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1464]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1464]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1464]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1464]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1464]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1464]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1476]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1476]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1476]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1476]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1476]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1476]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1476]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1476]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1476]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1476]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1476]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1476]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1476]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1636]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1636]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1636]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1708]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1708]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1708]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1708]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1748]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1748]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1748]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1748]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1748]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1748]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1748]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1748]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1748]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1748]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1748]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1748]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1748]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[1748]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[1748]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6D5F-->00000000 [unknown_code_page]
[1748]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[1748]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1900]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1900]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1900]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1900]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1900]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1900]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1900]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1900]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1900]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1900]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1900]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1900]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1900]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1928]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1928]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1928]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1928]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1928]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1928]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1928]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1928]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1928]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1928]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1928]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[1928]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1928]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[276]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[276]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[276]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[276]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[276]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[276]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[276]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[276]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[276]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[276]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[276]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[276]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[276]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[276]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[276]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[276]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[276]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[276]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[276]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[276]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[276]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6D5F-->00000000 [unknown_code_page]
[276]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[276]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[276]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[276]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[4212]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[4212]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[4212]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[4212]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[4212]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[4212]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[4212]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[4212]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[4212]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[4212]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[4212]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[4212]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[4212]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[516]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[516]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[516]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[516]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[516]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[516]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[516]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[516]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[516]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[516]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [unknown_code_page]
[516]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [unknown_code_page]
[516]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[516]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x3D95D690-->00000000 [unknown_code_page]
[516]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x3D95F3A4-->00000000 [unknown_code_page]
[516]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x3D9A6D5F-->00000000 [unknown_code_page]
[516]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x3D95DB09-->00000000 [unknown_code_page]
[516]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[936]McSvHost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [McProxy.dll]
[936]McSvHost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [McProxy.dll]
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xB9E73000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E53000 fltmgr.sys
0xB9E41000 sr.sys
0xB9DE4000 mfehidk.sys
0xB9DCD000 KSecDD.sys
0xB9D40000 Ntfs.sys
0xB9D13000 NDIS.sys
0xBA0F8000 ohci1394.sys
0xBA108000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CF9000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA178000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8F1C000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8F08000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8EE4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8EBC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8E28000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xBA188000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB8E14000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA198000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB8E00000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB8DAF000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8D7D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5D4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA3E8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8D5A000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3F8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB9A68000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9A64000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA79E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8D46000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9A5C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8D2F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA400000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8D1E000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8CFA000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB8CAF000 \SystemRoot\system32\drivers\mfefirek.sys
0xBA408000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA410000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA228000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5D8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8C29000 \SystemRoot\system32\DRIVERS\update.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA238000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA248000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB7AB8000 \SystemRoot\system32\drivers\sthda.sys
0xB7A94000 \SystemRoot\system32\drivers\portcls.sys
0xBA258000 \SystemRoot\system32\drivers\drmk.sys
0xB7A7A000 \SystemRoot\system32\drivers\dxec02.sys
0xB7A46000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB7954000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB78A1000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA418000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9CC9000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5E4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6A9000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E6000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA428000 \SystemRoot\System32\drivers\vga.sys
0xBA5E8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5EA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA430000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA438000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9CC5000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB772B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB76D2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB76BF000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xB7699000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB7671000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB764F000 \SystemRoot\System32\drivers\afd.sys
0xB970D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB96ED000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB7624000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB75B4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB96DD000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8C9B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB96CD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA448000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8C97000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xBA450000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xB96BD000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB72D9000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB8BE2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB969D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7221000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5FC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA590000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA478000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA735000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB4E09000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB4B84000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA624000 \SystemRoot\system32\DRIVERS\datunidr.sys
0xB49EC000 \SystemRoot\system32\DRIVERS\srv.sys
0xB4B20000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB47A7000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4AFC000 \SystemRoot\system32\drivers\sysaudio.sys
0xB42A5000 \SystemRoot\system32\drivers\cfwids.sys
0xB3B13000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA636000 \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
0xB0991000 \SystemRoot\system32\drivers\mfeapfk.sys
0xB0966000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 71):
0 System Idle Process
4 System
1236 C:\WINDOWS\system32\smss.exe
1372 csrss.exe
1404 C:\WINDOWS\system32\winlogon.exe
1456 C:\WINDOWS\system32\services.exe
1468 C:\WINDOWS\system32\lsass.exe
1640 C:\WINDOWS\system32\svchost.exe
1716 svchost.exe
1756 C:\WINDOWS\system32\svchost.exe
1912 svchost.exe
1936 svchost.exe
252 C:\WINDOWS\system32\WLTRYSVC.EXE
296 C:\WINDOWS\system32\BCMWLTRY.EXE
380 C:\WINDOWS\system32\spoolsv.exe
524 svchost.exe
560 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
572 C:\Program Files\Application Updater\ApplicationUpdater.exe
596 C:\Program Files\Bonjour\mDNSResponder.exe
668 C:\Program Files\Dell Network Assistant\hnm_svc.exe
844 C:\Program Files\Java\jre6\bin\jqs.exe
888 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
924 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1024 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1040 C:\WINDOWS\system32\nvsvc32.exe
1080 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1112 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1156 C:\WINDOWS\system32\svchost.exe
1244 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
156 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
308 C:\WINDOWS\explorer.exe
732 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2824 alg.exe
2868 wmiprvse.exe
2968 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2980 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3132 C:\WINDOWS\system32\rundll32.exe
3252 C:\WINDOWS\system32\WLTRAY.EXE
3436 C:\Program Files\Dell\QuickSet\quickset.exe
3472 C:\WINDOWS\stsystra.exe
3676 C:\WINDOWS\system32\KADxMain.exe
3748 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3804 wmiprvse.exe
3812 C:\Program Files\Dell\MediaDirect\PCMService.exe
3828 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
3936 C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
3960 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
4020 C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
1432 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
264 C:\Program Files\iTunes\iTunesHelper.exe
2336 C:\Program Files\McAfee.com\Agent\mcagent.exe
2424 C:\Program Files\Java\jre6\bin\jusched.exe
2204 C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
2188 C:\WINDOWS\system32\ctfmon.exe
2384 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2520 C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
2808 C:\Program Files\Digital Line Detect\DLG.exe
2704 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
2640 C:\Renesas\Hew\AutoUpdate\AutoUpdate.exe
2876 C:\Program Files\WinZip\WZQKPICK.EXE
1612 C:\Program Files\iPod\bin\iPodService.exe
3772 C:\WINDOWS\system32\svchost.exe
780 C:\WINDOWS\system32\wbem\wmiapsrv.exe
5088 C:\Program Files\Internet Explorer\iexplore.exe
5308 C:\Program Files\Internet Explorer\iexplore.exe
5860 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
1712 C:\Program Files\Internet Explorer\iexplore.exe
4036 C:\Program Files\Internet Explorer\iexplore.exe
5460 C:\WINDOWS\system32\wscntfy.exe
1436 C:\Program Files\Internet Explorer\iexplore.exe
2772 C:\Documents and Settings\Jason\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05649600 (NTFS)
PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.CDE
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
Hi.
Due to the delay I now need to see a new DDS log. Malware removal is a time-consuming process, please try to reply to this topic at least once a day.
Please re-run DDS and post DDS.txt only.
Are Internet Explorer and Firefox still redirected?
I am still getting redirected on IE and Firefox, but only about 3 out of 4 times.
Here is the DDS.txt file, run today:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Jason at 22:10:10.35 on Wed 10/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1328 [GMT -4:00]
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Renesas\Hew\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jason\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=YXxcioNoCdosDbr__diG3IU_95c
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100920231344.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
TB: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SSP Notifier] c:\program files\fisher-price\fp3 player\sspnotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0360.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\renesa~1.lnk - c:\renesas\hew\autoupdate\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jason\applic~1\mozilla\firefox\profiles\3d4pks4r.default\
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-26 386712]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-26 84072]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2010-7-28 1156440]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-26 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-26 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-26 141792]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2010-5-14 249136]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-8-18 1529728]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-26 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-26 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-26 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-26 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-19 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-1-2 18560]
S3 FOUSB;Flash-Over-USB Device Driver;c:\windows\system32\drivers\fousb.sys [2002-6-24 162540]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-26 84264]
S3 Normandy;Normandy SR2; [x]
S3 USBMON;USB Monitor Device Driver;c:\windows\system32\drivers\usbmon.sys [2008-2-13 162540]
=============== Created Last 30 ================
2010-10-24 13:35 0 a------- C:\install.rdf
2010-10-15 14:42 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2010-10-15 14:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-15 10:30 974,848 -------- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 10:30 954,368 -------- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 10:30 953,856 -------- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 10:30 617,472 -------- c:\windows\system32\dllcache\comctl32.dll
2010-10-06 20:32 <DIR> --d----- c:\windows\Cache
==================== Find3M ====================
2010-09-18 12:23 974,848 a------- c:\windows\system32\mfc42u.dll
2010-09-18 12:23 974,848 -------- c:\windows\system32\dllcache\mfc42u.dll
2010-09-18 02:53 974,848 a------- c:\windows\system32\mfc42.dll
2010-09-18 02:53 954,368 a------- c:\windows\system32\mfc40.dll
2010-09-18 02:53 953,856 a------- c:\windows\system32\mfc40u.dll
2010-09-01 07:51 285,824 a------- c:\windows\system32\atmfd.dll
2010-09-01 07:51 285,824 -------- c:\windows\system32\dllcache\atmfd.dll
2010-08-31 09:42 1,852,800 a------- c:\windows\system32\win32k.sys
2010-08-31 09:42 1,852,800 -------- c:\windows\system32\dllcache\win32k.sys
2010-08-27 04:02 119,808 a------- c:\windows\system32\t2embed.dll
2010-08-27 04:02 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2010-08-27 01:57 99,840 a------- c:\windows\system32\srvsvc.dll
2010-08-27 01:57 99,840 -------- c:\windows\system32\dllcache\srvsvc.dll
2010-08-26 17:16 4,886,528 -------- c:\windows\system32\dllcache\wmp.dll
2010-08-26 09:39 357,248 -------- c:\windows\system32\dllcache\srv.sys
2010-08-26 08:52 5,120 a------- c:\windows\system32\xpsp4res.dll
2010-08-26 08:22 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2010-08-23 12:12 617,472 a------- c:\windows\system32\comctl32.dll
2010-08-17 09:17 58,880 a------- c:\windows\system32\spoolsv.exe
2010-08-17 09:17 58,880 -------- c:\windows\system32\dllcache\spoolsv.exe
2010-08-16 04:45 590,848 a------- c:\windows\system32\rpcrt4.dll
2010-08-16 04:45 590,848 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-02-10 22:22 65,680 a------- c:\documents and settings\jason\temp.dat
2009-02-10 22:22 3,284 a------- c:\documents and settings\jason\temp2.dat
2008-12-23 16:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122320081224\index.dat
============= FINISH: 22:10:50.43 ===============
Hi
Warning
Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear the infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
In light of this it would be wise for you to back up any important files and folders that you don't want to lose before you continue with the instructions below. You need to understand that any damages resulting from our attempts to help you clean your computer of malware are your responsibility.
Download ComboFix
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper.
**IMPORTANT !!! Save ComboFix.exe to your Desktop**
Please download ComboFix from one of the following links and save it to the desktop, do not run the tool yet:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Disable McAfee AntiVirus
Right click the McAfee Antivirus icon in the system tray.
Select the menu entry to disable the on-access scanner.
Note: Don't forget to re-enable it after the fix.
Run ComboFix
Double click the ComboFix icon on the desktop to run the tool and click Yes to the disclaimer.
Please install the Recovery Console if prompted.
The Windows Recovery Console will allow you to boot into a special recovery (repair) mode. This allows us to more easily help you if your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Copy and paste the ComboFix log (C:\ComboFix.txt) in your next reply for further review.
Please enable McAfee after ComboFix is finished.
To post:
Combofix log
Did any problems occur while following the instructions?
vict0r,
No problems with ComboFix. No redirecting on IE or Firefox. Here is the ComboFix.txt log:
ComboFix 10-10-27.A3 - Jason 10/28/2010 22:47:22.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1519 [GMT -4:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jason\Application Data\Dealio
c:\documents and settings\Jason\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Jason\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Michelle\Application Data\Dealio
c:\documents and settings\Michelle\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Michelle\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\components\config.ini
c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SeARchsettings.dll
c:\program files\Dealio Toolbar\sscfg.ini
c:\program files\Dealio Toolbar\SSFF\chrome.manifest
c:\program files\Dealio Toolbar\SSFF\chrome\content\plugin.js
c:\program files\Dealio Toolbar\SSFF\chrome\content\plugin.xul
c:\program files\Dealio Toolbar\SSFF\chrome\content\protection.js
c:\program files\Dealio Toolbar\SSFF\chrome\content\utils.js
c:\program files\Dealio Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Dealio Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Dealio Toolbar\SSFF\chrome\skin\yahoo.xml
c:\program files\Dealio Toolbar\SSFF\components\IFBHOSearch.xpt
c:\program files\Dealio Toolbar\SSFF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Dealio Toolbar\SSFF\components\IFHelperPreferences.xpt
c:\program files\Dealio Toolbar\SSFF\components\sscfg.ini
c:\program files\Dealio Toolbar\SSFF\install.rdf
c:\program files\Dealio Toolbar\WidgiHelper.exe
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.
2010-10-24 17:22 . 2010-10-24 17:22 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\WinZip
2010-10-19 02:51 . 2010-10-19 02:51 -------- d-----w- c:\program files\ERUNT
2010-10-15 18:42 . 2010-10-26 02:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-15 18:42 . 2010-10-26 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-15 14:30 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 14:30 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 14:30 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 14:30 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-07 00:32 . 2010-10-07 00:32 -------- d-----w- c:\windows\Cache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 18:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 18:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-10 18:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 18:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 18:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 18:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 00:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-24 18:57 . 2010-08-26 22:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 18:57 . 2010-08-26 22:23 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 18:57 . 2010-08-26 22:23 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-08-24 18:57 . 2010-08-26 22:23 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 18:57 . 2010-08-26 22:23 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-08-24 18:57 . 2010-08-26 22:23 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 18:57 . 2010-08-26 22:23 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 18:57 . 2010-08-26 22:23 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 18:57 . 2010-08-26 22:23 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 18:57 . 2010-08-26 22:23 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-23 16:12 . 2004-08-10 18:50 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 18:51 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-10 18:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-24 18:57 . 2010-09-21 03:13 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-06 68856]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-06 1838592]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-10 202544]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SSP Notifier"="c:\program files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 20480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-25 198160]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe" [2009-11-18 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-07-28 554328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1193848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
c:\documents and settings\Jason\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-2-6 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-6 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Renesas AutoUpdate.lnk - c:\renesas\Hew\AutoUpdate\AutoUpdate.exe [2008-2-24 122958]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-10-13 495432]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ANSYS Inc\\v100\\AISOL\\CommonFiles\\intel\\AnsysWBU.exe"=
"c:\\Program Files\\ANSYS Inc\\v100\\AISOL\\CAD Integration\\intel\\ActivePIMgrU.exe"=
"c:\\Program Files\\ANSYS Inc\\v100\\AISOL\\CAD Integration\\intel\\ReaderHostU.exe"=
"c:\\Program Files\\ANSYS Inc\\v100\\CommonFiles\\TCL\\bin\\intel\\tclsh.exe"=
"c:\\Program Files\\ANSYS Inc\\v100\\CommonFiles\\TCL\\bin\\intel\\wish.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/26/2010 6:23 PM 84072]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 1:51 AM 380928]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/26/2010 6:23 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/26/2010 6:23 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/26/2010 6:24 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/26/2010 6:24 PM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/26/2010 6:23 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/26/2010 6:23 PM 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/26/2010 6:23 PM 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/19/2009 10:15 PM 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [1/2/2010 9:57 AM 18560]
S3 FOUSB;Flash-Over-USB Device Driver;c:\windows\system32\drivers\fousb.sys [6/24/2002 1:00 AM 162540]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/26/2010 6:23 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/26/2010 6:23 PM 84264]
S3 Normandy;Normandy SR2; [x]
S3 USBMON;USB Monitor Device Driver;c:\windows\system32\drivers\usbmon.sys [2/13/2008 1:42 PM 162540]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
2010-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-20 02:15]
2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-20 02:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=YXxcioNoCdosDbr__diG3IU_95c
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\3d4pks4r.default\
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
AddRemove-DeinstallKey_NC30WA V.5.40 Release 00 2-24-2008 17:14 - c:\program files\InstallShield Installation Information\{76CA0F9D-9E77-11D5-B0FC-00C04FC0E932}\rso_uninst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DeinstallKey_NC30WA V.5.40 Release 00 2-24-2008 17:14
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 23:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1408)
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(5192)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\stsystra.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\agent\mcupdate.exe
.
**************************************************************************
.
Completion time: 2010-10-28 23:19:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-29 03:19
ComboFix2.txt 2008-12-22 01:50
Pre-Run: 105,575,583,744 bytes free
Post-Run: 106,720,985,088 bytes free
- - End Of File - - 475DADB20D1516FFC335C4141E9B9D93
Hi
Temp File Cleaner
Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) and save it to your desktop.
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click Yes to reboot.
NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. If needed will you be prompted to reboot. Reboot immediately.
Disable McAfee
Disable McAfee Antivirus again.
Kaspersky Online Scan
Note: This download is about 200Mb and the scan can last for several hours. Please post the logs requested above before you continue.
Make sure McAfee Antivirus is disabled.
Hold down Control then click on the following link to open a new window to Kaspersky Online Scan (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
Click on My Computer under Scan. * This will take a while. Please be patient *.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
This online tutorial (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif) will help explain how to use the aforementioned online scan.
Make sure McAfee is enabled when the Kaspersky scan is finished.
Please post:
the Kaspersky log
a fresh set of DDS logs. Copy and paste Attach.txt into your reply, do not attach it.
Did any problems occur while following the instructions?
Hey vict0r,
No problems running these steps. Here's the Kaspersky log.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, October 29, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 29, 2010 08:26:59
Records in database: 4191060
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Objects scanned: 124330
Threats found: 1
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:53:32
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Infected: Trojan.Win32.Patched.kl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir Infected: Trojan.Win32.Patched.kl 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0002278.exe Infected: Trojan.Win32.Patched.kl 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0002280.exe Infected: Trojan.Win32.Patched.kl 1
Selected area has been scanned.
DDS (Ver_09-09-29.01) - NTFSx86
Run by Jason at 14:55:38.73 on Fri 10/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1277 [GMT -4:00]
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Renesas\Hew\AutoUpdate\AutoUpdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Jason\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=YXxcioNoCdosDbr__diG3IU_95c
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100920231344.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SSP Notifier] c:\program files\fisher-price\fp3 player\sspnotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0360.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\renesa~1.lnk - c:\renesas\hew\autoupdate\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jason\applic~1\mozilla\firefox\profiles\3d4pks4r.default\
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-26 386712]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-26 84072]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2010-7-28 1156440]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-26 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-26 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-26 141792]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2010-5-14 249136]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-8-18 1529728]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-26 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-26 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-26 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-26 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-19 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-1-2 18560]
S3 FOUSB;Flash-Over-USB Device Driver;c:\windows\system32\drivers\fousb.sys [2002-6-24 162540]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-26 84264]
S3 Normandy;Normandy SR2; [x]
S3 USBMON;USB Monitor Device Driver;c:\windows\system32\drivers\usbmon.sys [2008-2-13 162540]
=============== Created Last 30 ================
2010-10-28 22:42 256,512 a------- c:\windows\PEV.exe
2010-10-28 22:42 161,792 a------- c:\windows\SWREG.exe
2010-10-28 22:42 98,816 a------- c:\windows\sed.exe
2010-10-28 22:42 77,312 a------- c:\windows\MBR.exe
2010-10-24 13:35 0 a------- C:\install.rdf
2010-10-15 14:42 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2010-10-15 14:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-15 10:30 974,848 -------- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 10:30 954,368 -------- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 10:30 953,856 -------- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 10:30 617,472 -------- c:\windows\system32\dllcache\comctl32.dll
2010-10-06 20:32 <DIR> --d----- c:\windows\Cache
==================== Find3M ====================
2010-09-18 12:23 974,848 a------- c:\windows\system32\mfc42u.dll
2010-09-18 12:23 974,848 -------- c:\windows\system32\dllcache\mfc42u.dll
2010-09-18 02:53 974,848 a------- c:\windows\system32\mfc42.dll
2010-09-18 02:53 954,368 a------- c:\windows\system32\mfc40.dll
2010-09-18 02:53 953,856 a------- c:\windows\system32\mfc40u.dll
2010-09-01 07:51 285,824 a------- c:\windows\system32\atmfd.dll
2010-09-01 07:51 285,824 -------- c:\windows\system32\dllcache\atmfd.dll
2010-08-31 09:42 1,852,800 a------- c:\windows\system32\win32k.sys
2010-08-31 09:42 1,852,800 -------- c:\windows\system32\dllcache\win32k.sys
2010-08-27 04:02 119,808 a------- c:\windows\system32\t2embed.dll
2010-08-27 04:02 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2010-08-27 01:57 99,840 a------- c:\windows\system32\srvsvc.dll
2010-08-27 01:57 99,840 -------- c:\windows\system32\dllcache\srvsvc.dll
2010-08-26 17:16 4,886,528 -------- c:\windows\system32\dllcache\wmp.dll
2010-08-26 09:39 357,248 -------- c:\windows\system32\dllcache\srv.sys
2010-08-26 08:52 5,120 a------- c:\windows\system32\xpsp4res.dll
2010-08-26 08:22 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2010-08-23 12:12 617,472 a------- c:\windows\system32\comctl32.dll
2010-08-17 09:17 58,880 a------- c:\windows\system32\spoolsv.exe
2010-08-17 09:17 58,880 -------- c:\windows\system32\dllcache\spoolsv.exe
2010-08-16 04:45 590,848 a------- c:\windows\system32\rpcrt4.dll
2010-08-16 04:45 590,848 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-02-10 22:22 65,680 a------- c:\documents and settings\jason\temp.dat
2009-02-10 22:22 3,284 a------- c:\documents and settings\jason\temp2.dat
2008-12-23 16:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122320081224\index.dat
============= FINISH: 14:58:44.12 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/8/2008 9:58:28 PM
System Uptime: 10/29/2010 11:04:08 AM (3 hours ago)
Motherboard: Dell Inc. | | 0WY040
Processor: Intel(R) Core(TM)2 Duo CPU T5470 @ 1.60GHz | Microprocessor | 1181/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 146 GiB total, 99.491 GiB free.
D: is CDROM (CDFS)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 10/7/2010 9:01:18 PM - System Checkpoint
RP2: 10/15/2010 4:26:07 PM - Software Distribution Service 3.0
RP3: 10/24/2010 1:33:08 PM - Removed Ad-Aware
RP4: 10/24/2010 1:34:30 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP5: 10/28/2010 10:42:44 PM - ComboFix created restore point
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
ANSYS Workbench Products 10.0, Educational Version
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dealio Toolbar v4.0.2
Dell Automated PC TuneUp
Dell Network Assistant
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Digital Locker Assistant
ERUNT 1.1j
FP3 Player
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript 8.64
GSview 4.9
High-performance Embedded Workshop
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IntelliSonic Speech Enhancement
iTunes
Java(TM) 6 Update 15
LeapFrog Connect
LeapFrog My Pals Plugin
LeapFrog Tag Plugin
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
MATLAB Student 7.0
McAfee Security Scan Plus
McAfee SecurityCenter
MediaDirect
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Miracle C Shareware Package
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox (3.5.15)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
My Free Mahjong v.2.0
NetWaiting
NVIDIA Drivers
OutlookAddinSetup
QuickSet
QuickTime
RealPlayer
Remote Control USB Driver
Safari
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
The Weather Channel Desktop 6
The Weather Channel Toolbar
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
WebFldrs XP
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Live OneCare safety scanner
Windows XP Service Pack 3
WinZip 14.0
==== Event Viewer Messages From Past Week ========
10/29/2010 11:00:47 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 11:00:47 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/29/2010 11:00:47 AM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 11:00:47 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 11:00:47 AM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 11:00:47 AM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 11:00:47 AM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 11:00:47 AM, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2010 11:00:46 AM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 11:00:46 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 11:00:46 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 11:00:46 AM, error: Service Control Manager [7034] - The LeapFrog Connect Device Service service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 11:00:45 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 11:00:45 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 11:00:45 AM, error: Service Control Manager [7034] - The Application Updater service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 11:00:45 AM, error: Service Control Manager [7034] - The Advanced Networking Service service terminated unexpectedly. It has done this 1 time(s).
10/29/2010 11:00:45 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/28/2010 10:47:13 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
10/25/2010 11:24:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
10/25/2010 11:24:06 PM, error: Service Control Manager [7022] - The Windows Time service hung on starting.
10/24/2010 1:35:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
==== End Of File ===========================
Hi
Re-scan with Malwarebytes' Anti-Malware
Start Malwarebytes' Anti Malware (MBAM).
Click the Update tab again and then click the Check for Updates button to perform the database update.
When the update is finished, click the Scanner tab, select Perform Quick Scan and then click the Scan button.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Disable McAfee
Disable McAfee again.
Combofix
ComboFix SHOULD NOT be used unless requested by a forum helper!
Open notepad and copy/paste the text in the codebox below into it (do not include the word code):
Folder::
c:\program files\Application Updater
Driver::
Application Updater
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
Save the file as "CFScript.txt", and as Type: All Files (*.*) on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refer to the picture above, then save all work and close all programs including any open browsers(!) and drag CFScript onto ComboFix.exe
If Combofix prompts you to upgrade, please allow it.
When finished, it shall produce a log for you at C:\ComboFix.txt.
Make sure McAfee is enabled after Combofix is finished.
Please post:
the MBAM log
the Combofix log
Did any problems occur while following the instructions?
How is the computer running now? Are you experiencing any problems that you think are related to malware?
Running ComboFix now. Get the following message:
Rebooting Windows . . . Please wait
Please allow ComboFix to reboot the machine.
Warning !! Do not manually reboot the machine yourself
2. was unexpected at this time.
It's been sitting like that for about 30 minutes. I'll let it go for a while. Is this normal?
Hi.
If the computer is still not rebooted, then go ahead and poweroff and restart the computer. If necessary hold down the powerbutten for more than 3 seconds until the computer reboots, then post the logs from the instructions in my previous post.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4999
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/30/2010 2:21:03 PM
mbam-log-2010-10-30 (14-21-03).txt
Scan type: Quick scan
Objects scanned: 151547
Time elapsed: 11 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ComboFix 10-10-30.01 - Jason 10/30/2010 21:37:02.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1383 [GMT -4:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
vict0r,
I don't seem to be having any more problems. Google searches go where they're supposed to. Speed of surfing seems back to normal.
Hi.
The last Combofix run created a incomplete log.
Right-click the Start button and left click Explore, navigate to the following folder:
C:\Qoobox
Please post ComboFix.txt from that folder if found.
Navigate to the following folder:
C:\QooBox\LastRun
If there are any log files in that folder, please post them in your next reply.
Please re-run DDS and post DDS.txt only.
There are no logs in C:\Qoobox. There are no ComboFix.txt files in LAstRun. The only files in LastRun are:
---- CregC.old (0 size) ----
---- drev_.dat ----
"c:\program files\Application Updater\ApplicationUpdater.exe"
"c:\program files\Application Updater\config.ini"
---------------------------------------------------------
---- drev_F.dat ----
"c:\program files\Application Updater\ApplicationUpdater.exe"
"c:\program files\Application Updater\config.ini"
----------------------------------------------------------
---- RenVDel.dat (0 size) ----
---- SvcTarget.dat ----
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
"-------\Legacy_APPLICATION_UPDATER"
-------\Service_Application Updater
-----------------------------------------------------------
---- zhsvc.old ----
azarazqa
MSWSAG
wsmsag
Protectedstoer1
mdhsh
IcePoint
SERVICEASPXPHELP
Nskyserver981
servehhgs
boorserverwinls2
wwwdrtghyuj
svices
2180
Realtek HD Audio Control Panel1
NI_security
KKCC
TreasClients
MSWEBURL
Secondary Logon (seclogon)
Server (lanmanserver)
NVMINI
NPCLSVC
AlerMang
hrwix
SafeMon0
seneka
e
d7b49fa
KSPOOLDAEMON
Remote Acess Connecion Manag
c39e8db
:: ISODRIVE
Windows Tribute Service
ADMIN
WINSGON
E4A12
TCPIPSVC
MCXSVC2
MCXSVCM
Wscsvic
Hardwrd
Powers
DNS Client (Dnscache)
l33t
sK9Ou0s
dbeaf7d
SVCHOTS
1
MyDog
NT LM Security Support(RPC)
NETSERVICEDDDOWNER
MSKMRXKU
ANTISG
PROTECTEDSTOER3
Mgcscrd
ati6agxx
QUADRASERV.SYS
QUADRASERV
wrapk
netwp
msvtch
6457aed
D812A079
Winxc36
Windows Firewall
ATI2TFXX
_wff
b160485
Windows_ServerDdos
d435fd4
de8296f
f35ee9e
WinSpoolSvc
NET Service
RPCHK
pciidexx
F28907D
NETABSTWORK
NsPsDk00
NsPsDk01
NsPsDk02
NsPsDk03
NsPsDk04
NsRk1
B71FE93
Logical Disk Manager (dmserver)
System Event Notification (SENS)
Windows Audio (AudioSrv)
Remote Procedure Call (RPC) (RpcSs)
Network Location Awareness (NLA) (Nla)
Distributed Link Tracking Client (TrkWks)
Security Accounts Manager (SamSs)
Telephony (TapiSrv)
Themes (Themes)
Task Scheduler (Schedule)
Application Layer Gateway Service (ALG)
dll32
disks01
OneStep Service
pvjahvfb
B1A18A3E
Windows Update Online
SHOST
netsvcs_0x0
b770ca2
Routing and aemote Rccess
wintm
F58A3080
331C5BDBF949FDDD96EE38D57CF9DB2A
UACd.sys
SQUELLABCD
System Service
.Net CLR
ati1fmxx.sys
DHCPSRV
3D Studio Max
sectolr
BaiduPath
ccosmSrv
ILVMONEYDRIVER53
WinHost32Svr
SYSDRV32
DEFAULTLIB
SERVERTIME
MSDDLL
ati2sexx
MYLOVERSYS
Network Service
DAC970NT
swapm
Java2
gorshk
ZumieSearch Service
9H9O9Y
surrd
BADUT
PWBVIO
NATIONALV4.0
Storm DDOS Service
bfgse244
ywbviooa
JQLK
DEFTAF
MDVMGR
WINSCM
BEVTSERVICE
Winfn26
RKHIT
Google Awards Online Partners
BEEPS
TXPLATFORM
Logical Disk Manager (NDIS)
NFR.SYS
sxtxxeu
TCIM
CPUinfo_Server
rehebt
ZG
SAFEMON1
acpu.sys
53472FC0
WIN32X
15964A80
IEXPLEROR
NLPSA
MSVQAQU
WINMGMTEX
mssuhf
ATI2XHXX
ATI0QAXX
RAAUTO
ati4irxx.sys
TAKXX
TAKFL
netmantow
SOFTYINFORWOW1
ENTSERVER2009
sopidkc
DHCP Clientde
GanDiao
WMISYS
ZX
botdrv
SVCWINSPOOL
WINHELP32
mtlrd
Server
tdctxte
AT1394
BS_SYS
MSTD
ytmas
DelphiService
SMVSS
LFDL
ProxyClientService
sfc
A03107C0
acpi32
fips32cup
WindowsEntServer2008
port135sik
ati64si
netsik
securentm
ksi32sk
i386si
ws2_32sik
systemntmi
nicsk32
MediaPlayer Serial
ati0rxxx.sys
ati4agxx.sys
ati8cixx.sys
.norton2009reset
ip_fw
ipfw
SName
ASHEVTSVC
pcm1394
SARG0S
KingDuuBa A
MYS Mutex Algorithm Service
SeekeenSrch
msncache
avast!antivirus
ntalme
feos Service
bfddos;
clddos0Nameeeee
bfddos
AVPsys
UPDATEDATA
IOFILTER
bqwdxh
ipfwrd
myname
lxfzge
nationalwgw
HISERVER
glaide32
WM1984
sndintd
kavsys
111111s1ro1s1a
11Fßä#·ºÄÖ`I
Windows Hosts Controller
isadisk
anftdird
Event Log (Eventlog)
WinErp
podmena
podmenadrv
klan
porting
ReWWW
PCChips
jmnhhgrtja35ujghuykj6r8io9iujg80
driverdrv
networkanalysisservice
jsr468ijdfghfjsw3rw3i6tjag80
facey
createpli
Medry
bdeiptui
nsrtpr
MsBdServer
dcfwssvc
msscpsvc
winspool
sys
sysdrv
{79007602-0CDB-4405-9DBF-1257BB3226ED}
{79007602-0CDB-4405-9DBF-1257BB3226EE}
ramdma
mmcta
ntpdxt
sphub
security sdns wsili
pcmstub
IO
helpps
ati64si.sys
ie_winservername
sfxdrv
sfx
ASP State Service
ufad-dns60
ASPX
dian
aticvvx
tagg
rbadza
TS45
usbewt
SWFDrv
usbwte
Windows_XP
mintroot
:: NWCWorkstation
netcard
protect
AIC32P
qq.exe
gbvesq
browserctl
browserctldrv
AntipPro2009_12
service
ALEROM
GUIZ
WmiSvc
DNT
Services32
qq2
NETIDE
ZJHBOERUWRN1
XTTP6J11X
dansl
windowete
bbvipctlx
pptp32.sys
pptp64.sys
Windowsds
wssdp
SAVESOLDIERSVC
vb
oios
sdfgos
tydos
bdihna
privtorador
HTTPDebugger
SaveDefenseSvc
AntipPro2009_100
MediaCenterSystem
AntiArps
netsdk
Windows MSI
Windows Time Acquisition
cek
SystemCopSvc
QuickHealCleanerSvc
ComServices1
Kwinzy Service
kernel64
mfc64
putaodrv
myprot
winsccom
SAVEKEEPERSVC
mndisk
DrvKiller
icq
tmxev
ffgfghjkk
tbo
KillProc
Laji
nslxvw
360 udpate file
Nationalhak
ddnsfilter
MD SERVICESB1
webserver
NUPS
Lgical Manager Administrative Services
MICROSOFTWORD
Microsoftbill
LOGICALDISK
fioo32
rgr
mdtdisk
securitysoldiersvc
VCMHS
securewarriorsvc
isasdk
Nup
kvxsa
wmitpfs
drvftl
ndisflt
ati0ekxx
ati0bixx.sys
ati0nuxx.sys
ati0ubxx.sys
ati0vexx.sys
ati3ucxx.sys
ati4wdxx.sys
ati5pwxx.sys
ati6gnxx.sys
ati6iqxx.sys
ati7lrxx.sys
AntiPol
ezdgjg
WINSECLOGON
deskadp32
ialdnwxf
NATIONALAHM
Ati2et
WmiSvc.sys
VMWARESERVICE
XX
SSHNAS
win
wnh
MONITORWMIDE
MSDMS
SLENUMHOOK2
MSTSE
GDOED58
Windows Driver Controler
%%%
FireFox2
BtwSrv
winhelp
OSEvent
Himed
.360MICROSOFT
fastnetsrv
ctflse
Server30
DARKCODERSC
PDEnum
bk
grsg
REFRVXX
CS1.3
CS1.4
cs1.5
BackGroumd switch
skyxpserver
smess
SVCHOSTS
SYSMON32
NetLogin
GS
UidSrv
MsiSrv
NetActivator
LmHostsSpooler
NATIONALUAP
MedaCente
DESCRIPTIONHERO
mstsecs
tdidis32.sys
The Bestate
msrvd
NATIONAL2.0
NpcS
WSSVC
STEC3
SVJVPN
stmsecs
MSOFT
AVAST!CACHEAGENT.EXE
AXAAHC
FE
{40263670-A9F5-4FDF-B6F57245EA67ACD6}
NTService
NetBot_Attacker
unpr
Net_Login
BRServerName
FixMon
FNDC323
Remote_Server_2008
NTEAGNLER
Sanser
PB
SOUNDMAN
compbatc
task manager
*00D1*00B8*00C0*00D7
ASYNCMACQ
360safe update
netra
HCPIDESK
Comias70
uniime32
Windows Recycled Services
WINSTS
VSSRDSessMgr
FileInterceptor
COMEVENTPS
DLTCSVX86
DTCAEL86
IMAPIDZSVR
MSSCAAMH
msbuvg
Service2009
FUCKJSS
niuxs
regul1r
becincontrol
WademotaSter
OUTLOCKCOM
TKKOBE
ACPI64
Mswam
Chinese mobile
CLIPBOOOK
MASDSSDFY
WSSDFSDFRV
Windows_rejoice2009
Drive
VSCHOST.EXE
ziucvugkdjiut7
zrqpwlydsdqdn9
NokcSys
Sansex
dfdsfdsfs
WINSRIR
360svc
HOSTSE
Remote Procedure Call (RPC) Loctaor
.I8042PRT
Winldr
Inetsrv
winmow
BROWSERS
{650CD884-7326-4D89-ADFC7CA2427865C3}
{F24AF462-E779-4606-9EB4E42EE51187DB}
xtpin
Media_Ser
jaond
HAOT
PSDRV
VSF
Comfavtwps
Seekdns Service
baidu
calbzr
PLAYSERVNET
WinRing0_1_0_1
Netprotocol
usbnat
rend32
SPService
Windows_rejoice2007_101
UserServices
WMII
lich
MgcRc
wihpg
msvqln
amsmpsge
360SVCS
GrayPigeonServer2.03
winlogin save server
Wyeke Service
MediaCenterfsf
IRAT
Win l4oahder
NetRunTime
CHOOOK
QIANM
SHENHU
MYWA66
NetConnections
VSSPWG
{B0A506BE-18D9-41A3-992238DB29BBC165}
SSSWXPLOSRE
WMIAQSRV
MSRESTORE
MSHDSS
a t
WmiConfig
NATIONALJVK
Nrtsc CLR
BrowserHeler
shadowsafe
WebSvc
riodrv32
Windows USD Service
Network Workstate
MSTART
klwbfse
ReSesMgr
KKDC
wocaonima
Wexplorer
Kuivccccs
DaVinciDr
AppropSren
BeckGround switch
nsvcs_32
MS Media Control Center
K10
Rav KSWebShields
beisn
DBS_Server
srvwinupd
KGootkit
NesSrv
warible
SLENUMHOOK2
qvrbuw
SkypePM
RSVPNetman
lgstar
WindowsHelpService
ofcAuth
netstart
winfdd
SADFSDAFA
DMSVER
net1.exe
p8SK88
Qycx Network Agent
dfffddd
UPSWTS
RaSx7tX
Manpndo32
SesEnv
NdisFileServices32
Zwunzi Service
bitscevc
FENSHA
SOFTIC
npfq
winkkd
Windows Service Update
BET
kpsp
lstis
ZwangiSearch Service
ZwangiSrch Service
Zwangi Service
mf2ehg02z
usbembed
Mseu
UnzipService
Sanseex
Workstion
WinSvc
BitDefender Internet
bren
Kel
svlostServices
Remote_Server_2008
Fingrwx
ACCOPT
NtLmSspEventlog
userinit
H8SRTd.sys
HHSERVERNAME
mspk
AdbUpd
zagn
fadsf
tkkobe
360SE
ComnCena
CDRALW
irptcp
Utility Mangserver
gtdkjf
service_name
vrdnap
nmcyiw
yITdOyJTf
snsxx
bnui
faef
winxps
AxPsHook11
seagate
OPE005
langwrbk32
svuhost
msobj
ConseRom
Cireamin
dibrosvc
psvra
Honrader
Belwochel
bnserv4
bnserv3
bnserv2
bnserv
miniwdm
remote system
Winet
_VOIDd.sys
c_iscii32
winlogin Acquisitionl
pxn
brtw
FNRC
FORTER
GateWinH
mnsrvc
winmmdriver
WMISMG
Wostswos
Nationalatl
Natjqmasat Instruments Domain
seace
CoralQQ
carnj
windowsremode
realplayer.exe
miser
MCIDRV_2600_6_0
peersvc
Atfa
fpxmbz
BtwSvc
suiao
duomi
vxkni
mysm
dticem
Thunker
Corpse10
Nationalerf
devkxrmsghookdrv
51RemoteServer2010
WINXPR
NvCplDaemon
K4hostEL
oko6
zhiirth
GoogleUpdateBeta
4DW4R3c
okosrv
lrutri
rqklrw
DNSHost
winservice4000
Mesosenger...
Dncnnovus
kb
sam_scm
IPS Service
ZXSDERFBUKJFYSHLHDFRSTDZHDFASHTG
sever tool
pptp32
pptp64
MIROSOFT3
NMlivetor
Magent
pspmhvc
888888888888
ZhuDongFangYu
srvoko6
msisam
111111
beanfun
Internet_Service
Serverk3
sysinside
ProcEvent
klpsrvc
Windows adoNetAtoCAD
Cuzinho
AgentMNormalService
seleCom
compbatcDrv
myTest
NsReSDev1
abp470n5
Remote Logicar Autol Manager
SheellHWD
neth32
Windows Repair
Microsoft Vista
Browse
113031ERRORCONTROL
DAEDriver54
byrtgdehb
The Wtools
Rising Scan Service
BrowserZinc Service
Kwanzy Service
crssss
AMBFILTR
AMBFILTQ
Tmp804
rwnh32
Application Management
Engine
Wnetwiss
10
Sans
d3dramp32
dnf
kcb6403
occqve
WindowsCad32
avm
MediaService
Windows_kav6.0.1.411en
SystemFilse
Windows AutoUpdate
MacroISer
cpqoko6
DltsSrv
Avsdx
Explarer
Windows Sound Man
apto6ko
captcha
veast
sfadz
GrayPigeonServer1.23
CLEANSRV
WINHELPER
Lenovo Process
SystemsMon
zz
carlhos
dwbf
MediaCcbexy
WinHelpzd3181
NetCreate1
Nationala
NetProte
gaw56ehdfskgluydfa
jucheck
SDPrimer
QL600OKO
SWOKO
kaspersky 7.0
Ms-zx_Srv
\L968P36
HYNGL*00A1*00A1CPU
Downloader
Ms-wow_Srv
DescriptionHero2
Seekeen Service
PCRatStact
Nartional
Rrus
monhotclipalert
SystemMonsinc
WinUpdate32
7apodlasd
Network System Provider
WinUpdSrvc
instal
ATAPIDRV
darkness
Win2Help32IE
dac6oko
i600oko
rpcmgr
MACROADSER
AFPAnsi
serviceJS
GFltDrv
dongtian
privtorador2
spytrky
usbf27
aaaaashowna2005
winszker
cpuxp
Windows Inets
WMSysPr9.sys
atualizada
Windows UxxSB21 Service
Microsoxft Corporatieo
npkDcomClient
PRAGMAd.sys
tpa3f21
dpti3o
afwoko
URLDrv
Java Service Launcher
Firefox
RdLst743
birokod
elantos
sdfsdf
svchost*
SVCHOST*00A0
Secdrvq
AfxWin_Sys
vfsd
AlYacDcomClient
AAA
dmoko
ipokoraid
Nationalfyy
www.skdos.com
BITSProManger
ssss
WINSER_0x0
SRVStarter_scvhost2
ftpserver
sff
VMX64O
w83c600
xplode
sjrphlrt
Ms-tl_Srv
alienigena
AA
BBB
FSE
GATEWADSVC
MEBUACENTER
MECLIENTTER
MEDIACENTERRS
MEDPALYNTER
MEEDIDCNTER
MESTOPTER
MSEES360
MUPPENTER
RCMDSVC
SUPPORTENTER
SWITCWAYS
SWITCWSVC
SWITCWYSVER
TES23
TEST2
TEST22
WEEREW360
Mriver360
AfxWin_Sys_360Safe
WSALG2
meteu
ND
G033
wademotasterr
MPRVSRV
vsrfr
F00118218K
DPhyDiskSys
BeRServerName
STvcSV
TVicComm
svcmsdebug
unikorn
SVCMSV32
SVRWSC
aladdins
haspntt
National Instruments Domain ServNationaltlb
Windows_2010
yeshack
netsvsc
peresvc
usbxbox
sproeval
deed
IcyHeart
safeg
noskrnl.sys
360data
DistribClient
MedisaCqghbz
WindowsAc
ghjghj
ZV2Z8H
Secdrvr
WmiApsrv32
NTFS-Drivers
evilfvck3rz
Zsvipbanykcx_Service
JJJ
Ati HotKey Po11er
WinMSS
Windows_rejoice2007_45
Windows_rejoice4.9
QQ Music updates
A3X
yoyoddos
iuinawot
rianbow
AVFMON
Kcmdsvc
OSS
flexsrv
hasplic
Google Manager
sadfsadf
MSIU-4c4ed5a0
TORO
DHCP Optimize Service
MSWU-4c4ed5a0
DHCP Service
MSWU-4c4ed5a0
rejoice
_sv_
Ntfscore
winlogin Acquisition
krml360svc
guardgwpie
PeachService
SpywareCleanerService
RadioSvr
MediaCjaoyy
Follower
GMPNSN
vvv
vcmdsvc
tcppid
gthkfdo
fioo64
dddd
hkayh
LCJ
PDRV
MediaCpfbgb
CMD
IEMaoSvc
System svchosy
soaap
Jxfhack Service Manager
cccc
KwinzySrch Service
MediaCoqmew
hhh
360syn
ssa
applicad
ISU
WIN132
MSWA-4C4ED5A0
Windows_servers
Wimentelp32
panp
WstinH32
Switcwaysv
Wins27y232
Wndoelp32
WiettHelp32
360
Wcumep32
WiAdmini32
Wientslp32
bb
WinH232
Machinemdsvc
WincumHelp32
WsteHelp32
333
Micros
Windows XP sp4
WIDESKLP32
wyssew360
REMPROR
mmandsvc
aaaaaa
zServic
cc
RRRR
Wmep32
SXX
Windows_webserver
DcomCopyNpk
jew.sys
kexserv
kxesrev
PfService
winnking64
Mdlea
kaxujku
111
SafePrecgjxs
ScdSvr
pmf84f8
theurlwd
NAPRSER5102
AEEU
lendot
Ftware Qhadw Bopy Provi Stoped
KtmSvc
SmbApSrv
Systemsonsw
nndrv
NDRV
BN
VKBUABRHHEJ
Service Support
SDNSSec
ccService
mstss
NPI
winxpsh
WinHelp3223
CyService
Windows System Updates
abcd.sys
BarQuery Service
fff
wz32
winmgmtThemes
viddev
Err Reporting
WademotaSterree
MRxCls
MRxNet
V2Z8H
mpr_freader
netsvcs_v0x0
ZSDFG
AVAYASUPER
Mecjshzocano
MeuoaCazbxu
mediacentercs
Remote Rss
.Net C2LR
Duzcenves
chsbrb system provider
ssx
UrlLogger
SysResume
WindowsEntServer2009
tomcat6g.dll
ZDADFCVBTLZXKG.DLL
sssss
Winupnet
hi
dasd
ssp32
bord_007
NetLog
Nlaseclogon
ej1ieiaed9
TCPIP Pass-through Filter
BOOT32
SDMAPI
IEProtector
sshi
SSH
Wib510684p32
Wib110684p32
Wib3684p32
amsint32
ipsock
ZinkSeek Service
dobi
OBI
Qvod play
dll_reg
Window Remote Service
RavTaskces
mis
Sistema
360anquan
Parameters
Abdellatif-181
GTEY
WWZS
eee
Window Service SYSTEMS
aclick
rcmdsvcb
werrtwt
tgi
ttgi
QueryExplorer Service
\hide_evr2
hhrm
hrm
DHCPCom
Distribueoo
JHYUIOPEWFJESWEDAD
sdxccx
mas
mmas
MediaSerial
WinDiy
Ati2s
FindXplorer Service
ddev
dev
PhyDMACC
Dz_V!rUs
R6102
RINMHRD
zgkn
Ipnet
usnjsvc
SMITH8521472
Internet Explorer sx
smmservice
360iaCqhjrn
hideproc
DisburseAdvisory
SpeleologyRue
ScoreScore
DNS Serial Number Service
Microsoft Device Manager
corevservice
tsk
ClausDisk
ClopSrv
CCTest
winmcss
RavMonDt.exe
RavMonDz.exe
sed
ssed
LDR7X
IE Agent
sswe
SWE
ll_reg
JDLQDJ.EXE
Winkrb
SysCache
NetHomeIDE
RPZO
TSXZ
Brteadame
HookPool
systeqwice
tcpv6srv
eq2soft
TabDiscover Service
system Tools
360afe
ZXSDERFBUKJFYSHLHDFRSTDZH
Distribuqvi
W32QProtectSys
banking
windump
Mirzoochi
Merziche
I00097921K
srv32
MMRZICHE
MediaCepbju
Mbzuchi
MIIRZUCHI
MediaCsakwx
a5
a6
a7
a8
dfhs
ccow
cow
Windows_
nvhlpsvc
ttt
AS
mck3031
pintinhogrande
system64y
skrghs
hmqxfp
TrkNetsSvcs
MEDIACALJHE
WMISBUS
SampleService
www
qao6e6afeupyza2
Logitec
vdr
vvdr
AltraWeb
wuauservcom
SYHDIGI
webclent
WindowsUtility
nvtbios
WZS
poi
ppoi
Winkbji
Winknb
Winknh
Winkon
Winkoo
Winkpd
Winkwn
Distribuahh
GSYY
T
fyddos_svcname
WinNTsystem operation
microtools
WBuffer
MiaoSha
JavaQuickazdd
Extensible
ipsecs
Network Location.
ALTHEMEHELPER
DcomLeunch
Windows_rejoice47
6to4
IAS
Application Updater
npf
NDISRD
----------------------------------------------------------
DDS log:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Jason at 22:27:21.34 on Mon 11/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1334 [GMT -4:00]
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Renesas\Hew\AutoUpdate\AutoUpdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jason\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=YXxcioNoCdosDbr__diG3IU_95c
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100920231344.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SSP Notifier] c:\program files\fisher-price\fp3 player\sspnotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0360.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [combofix] c:\combofix\cf21580.cfxxe /c c:\combofix\Combobatch.bat
StartupFolder: c:\docume~1\jason\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\renesa~1.lnk - c:\renesas\hew\autoupdate\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jason\applic~1\mozilla\firefox\profiles\3d4pks4r.default\
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-26 386712]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-26 84072]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\drivers\datunidr.sys [2007-8-23 5376]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2010-7-28 1156440]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-26 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-26 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-26 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-26 141792]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2010-5-14 249136]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-8-18 1529728]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-26 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-26 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-26 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-26 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-19 135664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-1-2 18560]
S3 FOUSB;Flash-Over-USB Device Driver;c:\windows\system32\drivers\fousb.sys [2002-6-24 162540]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-26 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-26 84264]
S3 Normandy;Normandy SR2; [x]
S3 USBMON;USB Monitor Device Driver;c:\windows\system32\drivers\usbmon.sys [2008-2-13 162540]
=============== Created Last 30 ================
2010-10-30 21:32 <DIR> --ds---- C:\ComboFix
2010-10-28 22:42 256,512 a------- c:\windows\PEV.exe
2010-10-28 22:42 161,792 a------- c:\windows\SWREG.exe
2010-10-28 22:42 98,816 a------- c:\windows\sed.exe
2010-10-28 22:42 85,504 a------- c:\windows\MBR.exe
2010-10-24 13:35 0 a------- C:\install.rdf
2010-10-15 14:42 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2010-10-15 14:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-15 10:30 974,848 -------- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 10:30 954,368 -------- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 10:30 953,856 -------- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 10:30 617,472 -------- c:\windows\system32\dllcache\comctl32.dll
2010-10-06 20:32 <DIR> --d----- c:\windows\Cache
==================== Find3M ====================
2010-09-18 12:23 974,848 a------- c:\windows\system32\mfc42u.dll
2010-09-18 12:23 974,848 -------- c:\windows\system32\dllcache\mfc42u.dll
2010-09-18 02:53 974,848 a------- c:\windows\system32\mfc42.dll
2010-09-18 02:53 954,368 a------- c:\windows\system32\mfc40.dll
2010-09-18 02:53 953,856 a------- c:\windows\system32\mfc40u.dll
2010-09-01 07:51 285,824 a------- c:\windows\system32\atmfd.dll
2010-09-01 07:51 285,824 -------- c:\windows\system32\dllcache\atmfd.dll
2010-08-31 09:42 1,852,800 a------- c:\windows\system32\win32k.sys
2010-08-31 09:42 1,852,800 -------- c:\windows\system32\dllcache\win32k.sys
2010-08-27 04:02 119,808 a------- c:\windows\system32\t2embed.dll
2010-08-27 04:02 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2010-08-27 01:57 99,840 a------- c:\windows\system32\srvsvc.dll
2010-08-27 01:57 99,840 -------- c:\windows\system32\dllcache\srvsvc.dll
2010-08-26 17:16 4,886,528 -------- c:\windows\system32\dllcache\wmp.dll
2010-08-26 09:39 357,248 -------- c:\windows\system32\dllcache\srv.sys
2010-08-26 08:52 5,120 a------- c:\windows\system32\xpsp4res.dll
2010-08-26 08:22 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2010-08-23 12:12 617,472 a------- c:\windows\system32\comctl32.dll
2010-08-17 09:17 58,880 a------- c:\windows\system32\spoolsv.exe
2010-08-17 09:17 58,880 -------- c:\windows\system32\dllcache\spoolsv.exe
2010-08-16 04:45 590,848 a------- c:\windows\system32\rpcrt4.dll
2010-08-16 04:45 590,848 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-02-10 22:22 65,680 a------- c:\documents and settings\jason\temp.dat
2009-02-10 22:22 3,284 a------- c:\documents and settings\jason\temp2.dat
2008-12-23 16:49 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122320081224\index.dat
============= FINISH: 22:28:26.03 ===============
Hi.
I'm sorry for the delay. I haven't forgotten you and will post the next set of instructions as soon as possible.
Hi
The Combofix script worked, we just didn't get a log. :)
Please post back one more time to confirm that you have read this post.
Uninstall ComboFix
Click on Start >> Run..., copy and paste the following line into the run box, then click OK:
ComboFix /Uninstall
Note: there's a space between "ComboFix" and "/Uninstall".
Fix HijackThis entries
Download and install HijackThis (http://go.trendmicro.com/free-tools/hijackthis/HiJackThis.msi). It will create a HijackThis icon on the desktop, double click the icon to start HijackThis
This will remove the startup entry of the combfix batch file (leftover) and the automatic Erunt backup at every logon:
From the Main Menu, click Do a system scan only
When the scan finishes...Place a check mark next to the following entries (if present).
Note: Only check those items listed below.
O4 - HKLM\..\Run: [combofix] c:\combofix\cf21580.cfxxe /c c:\combofix\Combobatch.bat
O4 - Startup: ERUNT AutoBackup.lnk = c:\program files\erunt\AUTOBACK.EXE
After checking these items... CLOSE ALL open windows except HijackThis.
Click the Fix Checked button to remove the entries you checked.
Choose YES when prompted to fix the selected items.
Once it has fixed them, close HijackThis.
Delete the following tools
TFC is a great tool for you to keep and use on a regular basis. Please delete the following tools:
TDSSKiller
DDS
RKUnHooker
MBRCheck
Update Windows and Internet Explorer
Update Windows and Internet Explorer to protect your computer from malware. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates. Repeat this update process until no further important updates are offered.
Upgrade the Adobe and Java installation
Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect.
Uninstall Adobe Reader 9 and Java(TM) 6 Update 15 in Control panel -> Add/Remove programs.
Reboot your computer and delete this folder if still present:
C:\Program Files\Java
Download and install Java Runtime Environment (JRE) 6 Update 22 (http://java.sun.com/javase/downloads/index.jsp) (15Mb)
Download and install Adobe Reader (http://get.adobe.com/reader/) (>50Mb), make sure that you uncheck Free McAfee® Security Scan Plus before you download. Uncheck to install any toolbars during the install.
Note: Foxit Reader (~5Mb) is a smaller alternative to Adobe Reader, it uses a lot less resources. You can download the standalone version (no installation required) in the following link: http://cdn01.foxitsoftware.com/pub/foxit/reader/desktop/win/4.x/4.1/enu/FoxitReader411_enu.zip
Your computer now appears to be malware free. The logs are clean. Good job! :)
Please follow these simple steps in order to keep your computer clean and secure.
Keep your system updated:
Make sure automatic updates for Windows XP is enabled to get the latest patches from Microsoft to fix bugs and security holes:
Go to Start > Control Panel > Automatic Updates
Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
Select Download updates for me, but let me choose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.
Keep your non-Microsoft applications updated as well:
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector (http://secunia.com/software_inspector) - I suggest that you run it and install the suggested updates at least once a week.
Consider using the following programs to secure your computer further:
Malwarebytes' Anti-Malware
Update Malwarebytes Anti-Malware and perform a quick scan 1-2 times a week.
Install and use Spybot Search & Destroy for the added protection
Instructions are located here (http://www.bleepingcomputer.com/tutorials/tutorial43.html). Make sure you update, reimmunize & scan regularly.
Enable Teatimer option in Spybot Search & Destroy (if you forgot to enable it during the install)
Open Spybot S&D.
Click Mode, choose Advanced Mode.
Go To the bottom of the Vertical Panel on the Left, Click Tools.
then, also in left panel, click Resident (shows a red/white shield).
If your firewall raises a question, say OK.
In the Resident protection status frame, check the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active.
OK any prompts.
Click Mode, choose Default Mode.
Use File -> Exit to terminate Spybot.
Reboot your machine for the changes to take effect.
Make use of the HOSTS file included with Spybot Search & Destroy
Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites.
Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy:
Run Spybot Search & Destroy.
Click on Mode, and then place a tick next to Advanced mode.
Click Yes.
In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File.
Click on Add Spybot-S&D hosts list.
Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue:
Click Start > Run
Type services.msc & click OK
In the list, find the service called DNS Client & double click on it.
On the dropdown box, change the setting from automatic to manual.
Click OK & then close the Services window.
For a more detailed explanation of the HOSTS file, click here (http://forum.malwareremoval.com/viewtopic.php?t=22187).
It is ABSOLUTELY ESSENTIAL to keep Windows, Java, Adobe and all of your security programs up to date.
Read these articles to learn more about how to protect yourself while on the internet:
Reducing Your Risk to Malware. (http://www.malwarevault.com/prevention.html)
Is It Real or is it ScareWare? (http://www.malwarevault.com/scareware.html)
Safe surfing! 8)
Hey vict0r,
Got it! Thanks for all your help.
Hi.
Thanks for all your help.You're welcome. I'm glad I could help.
Please refer to this topic (http://forums.spybot.info/showthread.php?t=288), then start a new topic with a description and DDS logs for the problem with the other computer.
As it seems the problem with this computer is solved, I will now ask for this topic to be closed.
Thanks
-vict0r
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me a private message (pm). A valid, working link to the closed topic is required.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)