Kerstinb
2010-11-06, 22:03
McAffee found SUSP_IP_MJ_Create (51 finds), I was advised run TDSSKiller (Kaspersky) and it found 1 thread and required to reboot to fix - I've done this and rerun the McAffee quick test - it didn't find anything now but I still can't update my Anti Virus software so I wonder if I still have this Trojan/Virus or if there is an additional problem? Furthermore can you advise if I need to change any of my normal log ons (i.e. Internet banking) after having had SUSP_IP_MJ_Create (sorry I'm not a computer expert :confused:)?
Looking forward hearing from you
DDS (Ver_10-11-05.01) - NTFSx86
Run by user at 19:45:33.06 on 06/11/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3034.1860 [GMT 0:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101029225621.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: NameServer = 93.188.162.133,93.188.160.13
TCP: {8699EBDC-1627-4423-90AF-DCCC4B25425B} = 93.188.162.133,93.188.160.13
TCP: {8BB7F400-33B3-4EC0-A942-BDDBD87E57B8} = 93.188.162.133,93.188.160.13
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 386712]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-10-29 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-29 164808]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-29 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-29 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-29 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-29 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-29 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-29 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-29 141792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-29 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-29 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-29 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-29 312904]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-29 84264]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
=============== Created Last 30 ================
2010-11-06 15:12:09 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-06 15:10:31 72704 ----a-w- c:\windows\system32\admparse.dll
2010-11-06 14:36:18 -------- d-----w- c:\progra~2\PC Tools
2010-11-06 14:25:31 -------- d-----w- c:\users\user\appdata\roaming\GetRightToGo
2010-11-02 22:42:12 -------- d-----w- c:\users\user\appdata\local\Adobe
2010-10-31 23:00:02 -------- d-----w- c:\users\user\appdata\roaming\PeerNetworking
2010-10-30 10:02:04 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-10-30 10:02:04 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-10-30 10:02:04 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-30 10:02:02 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-10-30 10:02:01 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-10-30 10:02:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-10-30 09:56:08 -------- d-----w- c:\windows\system32\x64
2010-10-30 09:48:04 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2010-10-30 09:46:11 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-30 09:30:20 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-10-30 09:30:19 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-10-30 09:30:19 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-30 09:30:19 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-10-30 09:30:19 11264 ----a-w- c:\windows\system32\icardres.dll
2010-10-30 09:30:19 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-10-30 09:30:17 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-10-30 09:30:15 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-30 09:21:12 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-10-30 09:21:10 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-10-30 09:21:09 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-30 09:21:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-10-30 09:20:57 83968 ----a-w- c:\windows\system32\mscories.dll
2010-10-30 09:14:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-10-30 09:13:59 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-10-30 09:13:59 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-10-29 21:56:20 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-29 21:55:56 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-29 21:55:56 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-10-29 21:55:56 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-29 21:55:56 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-10-29 21:55:55 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-29 21:55:55 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-29 21:55:55 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-29 21:55:35 -------- d-----w- c:\program files\McAfee.com
2010-10-29 21:55:35 -------- d-----w- c:\program files\common files\Mcafee
2010-10-29 21:55:32 -------- d-----w- c:\program files\McAfee
2010-10-29 21:43:51 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-29 21:28:39 -------- d-----w- c:\users\user\appdata\roaming\Trusteer
2010-10-29 21:28:27 -------- d-----w- c:\program files\Trusteer
2010-10-29 21:26:34 -------- d-----w- c:\progra~2\Trusteer
2010-10-29 19:31:48 -------- d-----w- c:\users\user\appdata\local\Google
2010-10-29 19:31:33 -------- d-----w- c:\users\user\appdata\local\Deployment
2010-10-29 19:31:33 -------- d-----w- c:\users\user\appdata\local\Apps
2010-10-29 13:21:49 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-10-29 13:21:47 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-10-29 13:21:34 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-10-29 13:16:51 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-29 13:16:50 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-29 13:16:34 501760 ----a-w- c:\windows\system32\usp10.dll
2010-10-29 13:16:25 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-29 13:16:04 274432 ----a-w- c:\windows\system32\schannel.dll
2010-10-29 13:16:02 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-10-29 13:14:58 2868224 ----a-w- c:\windows\system32\mf.dll
2010-10-29 13:12:59 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-10-29 13:11:58 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-10-29 13:09:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-10-29 13:02:00 -------- d-----w- c:\program files\Marvell
2010-10-29 13:01:41 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-10-29 13:01:41 -------- d-----w- c:\windows\system32\Lang
2010-10-29 13:01:40 948760 ----a-w- c:\windows\system32\igxpun.exe
2010-10-29 13:01:21 -------- d-----w- C:\Intel
2010-10-29 12:51:27 -------- d-----w- c:\program files\JRE
2010-10-29 12:50:57 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-29 12:48:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-10-29 12:42:12 -------- d-sh--w- c:\windows\Installer
2010-10-29 12:39:37 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-10-29 12:39:28 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{88ce7dcb-7a5d-4b24-ad89-f006d8e55703}\mpengine.dll
2010-10-29 12:39:24 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-10-29 12:39:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-29 12:39:24 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2010-10-29 12:39:20 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-10-29 12:39:20 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2010-10-29 12:39:20 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2010-10-29 12:39:19 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-10-29 12:39:19 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-10-29 12:37:49 -------- d-----w- c:\program files\VideoLAN
2010-10-29 12:34:30 98304 ----a-w- c:\windows\system32\cabview.dll
2010-10-29 12:34:13 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-10-29 12:18:25 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-10-29 12:17:56 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-10-29 12:17:39 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-10-29 12:17:39 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-10-29 12:03:46 1123328 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-10-28 21:50:12 -------- d-----w- c:\windows\Panther
2010-10-28 21:49:57 -------- d-sh--w- C:\Boot
==================== Find3M ====================
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:41:42 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:41:42 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:40:26 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:39:46 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:07:25 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:01:41 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-08-26 16:01:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01:33 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01:32 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01:32 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 14:11:10 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-25 18:46:02 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-08-25 18:45:44 136216 ----a-w- c:\windows\system32\igfxtray.exe
2010-08-25 18:45:42 266776 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-08-25 18:45:40 170520 ----a-w- c:\windows\system32\igfxpers.exe
2010-08-25 18:45:38 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-08-25 18:45:36 171032 ----a-w- c:\windows\system32\hkcmd.exe
2010-08-25 18:45:32 3156504 ----a-w- c:\windows\system32\GfxUI.exe
2010-08-25 18:39:46 81920 ----a-w- c:\windows\system32\igfxCoIn_v2202.dll
2010-08-25 18:31:30 4967424 ----a-w- c:\windows\system32\igdumd32.dll
2010-08-25 18:30:02 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
2010-08-25 18:30:00 982240 ----a-w- c:\windows\system32\igkrng500.bin
2010-08-25 18:30:00 92356 ----a-w- c:\windows\system32\igfcg500m.bin
2010-08-25 18:28:22 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2010-08-25 18:23:14 4411904 ----a-w- c:\windows\system32\igd10umd32.dll
2010-08-25 18:09:34 11040256 ----a-w- c:\windows\system32\ig4icd32.dll
2010-08-25 18:00:00 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-08-25 18:00:00 194560 ----a-w- c:\windows\system32\igfxpph.dll
2010-08-25 17:59:58 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2010-08-25 17:59:58 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2010-08-25 17:59:42 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-08-25 17:59:24 130048 ----a-w- c:\windows\system32\igfxdo.dll
2010-08-25 17:59:16 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-08-25 17:59:10 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-08-25 17:59:08 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-08-25 17:59:06 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2010-08-25 17:59:06 828928 ----a-w- c:\windows\system32\igfxress.dll
2010-08-25 17:59:06 228864 ----a-w- c:\windows\system32\igfxdev.dll
2010-08-25 17:52:00 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-08-25 17:52:00 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2010-08-25 17:52:00 143360 ----a-w- c:\windows\system32\iglhcp32.dll
2010-08-20 15:21:02 866816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 13:32:33 126464 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 19:46:36.72 ===============
Looking forward hearing from you
DDS (Ver_10-11-05.01) - NTFSx86
Run by user at 19:45:33.06 on 06/11/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3034.1860 [GMT 0:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101029225621.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: NameServer = 93.188.162.133,93.188.160.13
TCP: {8699EBDC-1627-4423-90AF-DCCC4B25425B} = 93.188.162.133,93.188.160.13
TCP: {8BB7F400-33B3-4EC0-A942-BDDBD87E57B8} = 93.188.162.133,93.188.160.13
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 386712]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-10-29 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-29 164808]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-29 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-29 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-29 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-29 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-29 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-29 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-29 141792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-29 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-29 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-29 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-29 312904]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-29 84264]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
=============== Created Last 30 ================
2010-11-06 15:12:09 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-06 15:10:31 72704 ----a-w- c:\windows\system32\admparse.dll
2010-11-06 14:36:18 -------- d-----w- c:\progra~2\PC Tools
2010-11-06 14:25:31 -------- d-----w- c:\users\user\appdata\roaming\GetRightToGo
2010-11-02 22:42:12 -------- d-----w- c:\users\user\appdata\local\Adobe
2010-10-31 23:00:02 -------- d-----w- c:\users\user\appdata\roaming\PeerNetworking
2010-10-30 10:02:04 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-10-30 10:02:04 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-10-30 10:02:04 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-30 10:02:02 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-10-30 10:02:01 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-10-30 10:02:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-10-30 09:56:08 -------- d-----w- c:\windows\system32\x64
2010-10-30 09:48:04 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2010-10-30 09:46:11 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-30 09:30:20 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-10-30 09:30:19 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-10-30 09:30:19 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-30 09:30:19 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-10-30 09:30:19 11264 ----a-w- c:\windows\system32\icardres.dll
2010-10-30 09:30:19 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-10-30 09:30:17 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-10-30 09:30:15 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-30 09:21:12 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-10-30 09:21:10 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-10-30 09:21:09 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-30 09:21:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-10-30 09:20:57 83968 ----a-w- c:\windows\system32\mscories.dll
2010-10-30 09:14:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-10-30 09:13:59 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-10-30 09:13:59 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-10-29 21:56:20 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-29 21:55:56 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-29 21:55:56 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-10-29 21:55:56 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-29 21:55:56 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-10-29 21:55:55 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-29 21:55:55 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-29 21:55:55 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-29 21:55:35 -------- d-----w- c:\program files\McAfee.com
2010-10-29 21:55:35 -------- d-----w- c:\program files\common files\Mcafee
2010-10-29 21:55:32 -------- d-----w- c:\program files\McAfee
2010-10-29 21:43:51 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-29 21:28:39 -------- d-----w- c:\users\user\appdata\roaming\Trusteer
2010-10-29 21:28:27 -------- d-----w- c:\program files\Trusteer
2010-10-29 21:26:34 -------- d-----w- c:\progra~2\Trusteer
2010-10-29 19:31:48 -------- d-----w- c:\users\user\appdata\local\Google
2010-10-29 19:31:33 -------- d-----w- c:\users\user\appdata\local\Deployment
2010-10-29 19:31:33 -------- d-----w- c:\users\user\appdata\local\Apps
2010-10-29 13:21:49 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-10-29 13:21:47 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-10-29 13:21:34 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-10-29 13:16:51 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-29 13:16:50 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-29 13:16:34 501760 ----a-w- c:\windows\system32\usp10.dll
2010-10-29 13:16:25 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-29 13:16:04 274432 ----a-w- c:\windows\system32\schannel.dll
2010-10-29 13:16:02 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-10-29 13:14:58 2868224 ----a-w- c:\windows\system32\mf.dll
2010-10-29 13:12:59 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-10-29 13:11:58 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-10-29 13:09:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-10-29 13:02:00 -------- d-----w- c:\program files\Marvell
2010-10-29 13:01:41 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-10-29 13:01:41 -------- d-----w- c:\windows\system32\Lang
2010-10-29 13:01:40 948760 ----a-w- c:\windows\system32\igxpun.exe
2010-10-29 13:01:21 -------- d-----w- C:\Intel
2010-10-29 12:51:27 -------- d-----w- c:\program files\JRE
2010-10-29 12:50:57 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-29 12:48:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-10-29 12:42:12 -------- d-sh--w- c:\windows\Installer
2010-10-29 12:39:37 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-10-29 12:39:28 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{88ce7dcb-7a5d-4b24-ad89-f006d8e55703}\mpengine.dll
2010-10-29 12:39:24 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-10-29 12:39:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-29 12:39:24 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2010-10-29 12:39:20 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-10-29 12:39:20 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2010-10-29 12:39:20 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2010-10-29 12:39:19 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-10-29 12:39:19 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-10-29 12:37:49 -------- d-----w- c:\program files\VideoLAN
2010-10-29 12:34:30 98304 ----a-w- c:\windows\system32\cabview.dll
2010-10-29 12:34:13 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-10-29 12:18:25 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-10-29 12:17:56 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-10-29 12:17:39 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-10-29 12:17:39 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-10-29 12:03:46 1123328 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-10-28 21:50:12 -------- d-----w- c:\windows\Panther
2010-10-28 21:49:57 -------- d-sh--w- C:\Boot
==================== Find3M ====================
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:41:42 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:41:42 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:40:26 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:39:46 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:07:25 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:01:41 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-08-26 16:01:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01:33 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01:32 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01:32 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 14:11:10 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-25 18:46:02 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-08-25 18:45:44 136216 ----a-w- c:\windows\system32\igfxtray.exe
2010-08-25 18:45:42 266776 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-08-25 18:45:40 170520 ----a-w- c:\windows\system32\igfxpers.exe
2010-08-25 18:45:38 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-08-25 18:45:36 171032 ----a-w- c:\windows\system32\hkcmd.exe
2010-08-25 18:45:32 3156504 ----a-w- c:\windows\system32\GfxUI.exe
2010-08-25 18:39:46 81920 ----a-w- c:\windows\system32\igfxCoIn_v2202.dll
2010-08-25 18:31:30 4967424 ----a-w- c:\windows\system32\igdumd32.dll
2010-08-25 18:30:02 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
2010-08-25 18:30:00 982240 ----a-w- c:\windows\system32\igkrng500.bin
2010-08-25 18:30:00 92356 ----a-w- c:\windows\system32\igfcg500m.bin
2010-08-25 18:28:22 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2010-08-25 18:23:14 4411904 ----a-w- c:\windows\system32\igd10umd32.dll
2010-08-25 18:09:34 11040256 ----a-w- c:\windows\system32\ig4icd32.dll
2010-08-25 18:00:00 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-08-25 18:00:00 194560 ----a-w- c:\windows\system32\igfxpph.dll
2010-08-25 17:59:58 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2010-08-25 17:59:58 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2010-08-25 17:59:42 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-08-25 17:59:24 130048 ----a-w- c:\windows\system32\igfxdo.dll
2010-08-25 17:59:16 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-08-25 17:59:10 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-08-25 17:59:08 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-08-25 17:59:06 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2010-08-25 17:59:06 828928 ----a-w- c:\windows\system32\igfxress.dll
2010-08-25 17:59:06 228864 ----a-w- c:\windows\system32\igfxdev.dll
2010-08-25 17:52:00 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-08-25 17:52:00 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2010-08-25 17:52:00 143360 ----a-w- c:\windows\system32\iglhcp32.dll
2010-08-20 15:21:02 866816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 13:32:33 126464 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 19:46:36.72 ===============