Lfmgtc59
2011-06-19, 14:14
here is the DDS, I will post the Attach.txt next - I am afraid the running zip will lock up the computer...
I boot into the system and ussally run a couple of program calls and then it locks up.
I was actually on monster.com whe I started getting warnings from spybot and McAfee... then something turned off my dynamic McAfee scan and it went downhill from there.
Once the system quit altogether, I followed the instructions you gave the last time around I booted into safe mode, ran combofix, rebooted ran rkill, then ran the TDSSkill.
SpybotSD, Malwarebytes, McAfee, and TDSSkill all ran and came back with no threats or problems on full scans
Rkill (something you showed me previously) gets an access denied message and also terminates a "verclsid.exe", but does not seem to be able to delete it. I have manually done so, but it appears to return.
Combofix shows an issue with creating the registry backup file, but the file looks like it is created...
I have done an update and a repair booting from the original XP disk.
At first system seems fine, then it just locks during an operation ussually a couple program calls in.
Thank You
Lee
The dds file is literally 100s of 1000s lines long so I will supply an edited version (your site limit is 64000)
Initial section:
.
DDS (Ver_2011-06-12.02) - FAT32x86
Internet Explorer: 6.0.2900.2180
Run by Lee F. Mallory at 7:24:19 on 2011-06-19
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1310 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
SVCHOST.EXE
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\venturi2\configurator\ventcfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Veehd Plugin: {32ea9cd0-5187-4fe3-b989-b4d1408d2802} - c:\program files\veehd plugin\tbcore3.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [LXCECATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCEtime.dll,_RunDLLEntry@16
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [ShowLOMControl] 1 (0x1)
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Venturi Configurator] c:\program files\venturi2\configurator\ventcfg.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [nwiz] nwiz.exe /installquiet
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [<NO NAME>]
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\microsoft office\office\1033\OLFSNT40.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\biolsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1303522201968
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{40F7E621-301F-4B07-848F-9259306DC1ED} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{679427EA-E3FE-4F13-8ADB-F1C8E6FA0B22} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{679427EA-E3FE-4F13-8ADB-F1C8E6FA0B22} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F87D22A7-0A8E-4D59-A1A6-0073BBF96B85} : NameServer = 208.67.220.220,208.67.222.222
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lee f. mallory\application data\mozilla\firefox\profiles\mbtr1unv.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.ytdstart.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z109&partner_id=687&product_id=659&affiliate_id=&channel=&toolbar_id=203&toolbar_version=2.1.0&install_country=US&install_date=20110604&user_guid=D3F038CAAE524E3A9236163EE3A08D8D&machine_id=4036fef434bc2b19d0699f71d14525d6&browser=FF&os=win&os_version=5.1-x86-SP2&q=
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.ytdstart.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z109&partner_id=687&product_id=659&affiliate_id=&channel=&toolbar_id=203&toolbar_version=2.1.0&install_country=US&install_date=20110604&user_guid=D3F038CAAE524E3A9236163EE3A08D8D&machine_id=4036fef434bc2b19d0699f71d14525d6&browser=FF&os=win&os_version=5.1-x86-SP2
FF - prefs.js: browser.search.selectedEngine - Yahoo
[B]**** the next part repeats thousands of times *****
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
**** Then comes the end of the file *****
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-18 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-22 84200]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2005-10-18 61440]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-17 821080]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-12-15 10384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-5 366640]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-22 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-22 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-22 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-22 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-22 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-22 141792]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;c:\program files\autodesk\inventor 2011\moldflow\bin\mitsijm.exe [2010-1-22 462336]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-22 56064]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-6-17 239472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-5 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-18 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-18 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-22 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-22 88736]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-6-17 30368]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-6-17 16080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-9 135664]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-5-14 20704]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-9 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-22 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-22 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-18 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-18 40552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-06-19 04:04:51 -------- d-sh--w- C:\Recycled
2011-06-19 03:20:00 -------- d-----w- C:\57036ff8ed26cd9d178921cf3e2f784d
2011-06-18 20:49:59 143422 ----a-w- c:\windows\system32\dllcache\softkey.dll
2011-06-18 20:48:55 13463552 ----a-w- c:\windows\system32\dllcache\hwxjpn.dll
2011-06-18 20:47:59 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll
2011-06-18 20:47:57 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2011-06-18 20:47:57 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-06-18 20:40:18 8192 ----a-w- c:\windows\system32\wshirda.dll
2011-06-18 20:40:18 27136 ----a-w- c:\windows\system32\irmon.dll
2011-06-18 20:40:18 152576 ----a-w- c:\windows\system32\irftp.exe
2011-06-18 20:34:23 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-06-18 20:34:23 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-06-18 20:34:23 13312 ----a-w- c:\windows\system32\irclass.dll
2011-06-18 20:34:23 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll
2011-06-18 20:34:09 13753 ----a-r- c:\windows\SET99.tmp
2011-06-18 20:34:06 1086058 ----a-r- c:\windows\SET8D.tmp
2011-06-18 20:34:03 1042903 ----a-r- c:\windows\SET8A.tmp
2011-06-18 17:31:57 -------- d-----w- c:\program files\Support Tools
2011-06-18 17:02:05 16384 ----a-w- c:\windows\system32\dllcache\isignup.exe
2011-06-18 17:02:05 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-06-18 16:50:59 13753 ----a-r- c:\windows\SET125.tmp
2011-06-18 16:50:54 1086058 ----a-r- c:\windows\SET119.tmp
2011-06-18 16:50:51 1042903 ----a-r- c:\windows\SET116.tmp
2011-06-18 08:37:36 -------- d-----w- C:\ComboFix-11x30C
2011-06-17 13:55:35 -------- d-----w- c:\documents and settings\lee f. mallory\application data\Search Settings
2011-06-17 13:55:30 -------- d-----w- c:\program files\IObit Toolbar
2011-06-17 13:55:30 -------- d-----w- c:\program files\common files\Spigot
2011-06-17 13:55:30 -------- d-----w- c:\program files\Application Updater
2011-06-17 13:52:31 -------- d-----w- c:\documents and settings\lee f. mallory\application data\IObit
2011-06-12 19:43:44 -------- d-----w- c:\documents and settings\lee f. mallory\application data\DriverCure
2011-06-12 19:43:43 -------- d-----w- c:\documents and settings\lee f. mallory\application data\ParetoLogic
2011-06-12 19:43:15 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2011-06-04 22:38:00 -------- d-----w- c:\program files\YTD Toolbar
2011-06-04 22:37:45 -------- d-----w- c:\program files\YouTube Downloader
2011-05-24 03:50:34 -------- d-----w- c:\documents and settings\lee f. mallory\local settings\application data\Help
2011-05-23 22:21:36 -------- d-----w- c:\program files\Garmin
2011-05-23 22:04:22 -------- d-----w- c:\documents and settings\lee f. mallory\application data\GARMIN
2011-05-21 01:18:13 -------- d-----w- c:\documents and settings\lee f. mallory\local settings\application data\Google
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 09:53:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-14 18:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 18:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 18:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 18:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 18:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 18:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 18:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 18:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 18:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 18:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 18:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
1998-12-08 18:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-08 18:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-08 18:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-08 18:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-08 18:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-08 18:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 7:26:45.60 ===============
please find attached the attach.txt in winzip format
Thank You
Lee
I boot into the system and ussally run a couple of program calls and then it locks up.
I was actually on monster.com whe I started getting warnings from spybot and McAfee... then something turned off my dynamic McAfee scan and it went downhill from there.
Once the system quit altogether, I followed the instructions you gave the last time around I booted into safe mode, ran combofix, rebooted ran rkill, then ran the TDSSkill.
SpybotSD, Malwarebytes, McAfee, and TDSSkill all ran and came back with no threats or problems on full scans
Rkill (something you showed me previously) gets an access denied message and also terminates a "verclsid.exe", but does not seem to be able to delete it. I have manually done so, but it appears to return.
Combofix shows an issue with creating the registry backup file, but the file looks like it is created...
I have done an update and a repair booting from the original XP disk.
At first system seems fine, then it just locks during an operation ussually a couple program calls in.
Thank You
Lee
The dds file is literally 100s of 1000s lines long so I will supply an edited version (your site limit is 64000)
Initial section:
.
DDS (Ver_2011-06-12.02) - FAT32x86
Internet Explorer: 6.0.2900.2180
Run by Lee F. Mallory at 7:24:19 on 2011-06-19
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1310 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
SVCHOST.EXE
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\venturi2\configurator\ventcfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\MDM.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Veehd Plugin: {32ea9cd0-5187-4fe3-b989-b4d1408d2802} - c:\program files\veehd plugin\tbcore3.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [LXCECATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCEtime.dll,_RunDLLEntry@16
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [ShowLOMControl] 1 (0x1)
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Venturi Configurator] c:\program files\venturi2\configurator\ventcfg.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [nwiz] nwiz.exe /installquiet
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [<NO NAME>]
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\microsoft office\office\1033\OLFSNT40.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\biolsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1303522201968
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{40F7E621-301F-4B07-848F-9259306DC1ED} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{679427EA-E3FE-4F13-8ADB-F1C8E6FA0B22} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{679427EA-E3FE-4F13-8ADB-F1C8E6FA0B22} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{F87D22A7-0A8E-4D59-A1A6-0073BBF96B85} : NameServer = 208.67.220.220,208.67.222.222
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lee f. mallory\application data\mozilla\firefox\profiles\mbtr1unv.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.ytdstart.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z109&partner_id=687&product_id=659&affiliate_id=&channel=&toolbar_id=203&toolbar_version=2.1.0&install_country=US&install_date=20110604&user_guid=D3F038CAAE524E3A9236163EE3A08D8D&machine_id=4036fef434bc2b19d0699f71d14525d6&browser=FF&os=win&os_version=5.1-x86-SP2&q=
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.ytdstart.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z109&partner_id=687&product_id=659&affiliate_id=&channel=&toolbar_id=203&toolbar_version=2.1.0&install_country=US&install_date=20110604&user_guid=D3F038CAAE524E3A9236163EE3A08D8D&machine_id=4036fef434bc2b19d0699f71d14525d6&browser=FF&os=win&os_version=5.1-x86-SP2
FF - prefs.js: browser.search.selectedEngine - Yahoo
[B]**** the next part repeats thousands of times *****
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
**** Then comes the end of the file *****
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-18 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-22 84200]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2005-10-18 61440]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-17 821080]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-12-15 10384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-5 366640]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-22 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-22 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-22 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-22 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-22 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-22 141792]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;c:\program files\autodesk\inventor 2011\moldflow\bin\mitsijm.exe [2010-1-22 462336]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-22 56064]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-6-17 239472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-5 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-18 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-18 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-22 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-22 88736]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-6-17 30368]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-6-17 16080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-9 135664]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-5-14 20704]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-9 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-22 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-22 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-18 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-18 40552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-06-19 04:04:51 -------- d-sh--w- C:\Recycled
2011-06-19 03:20:00 -------- d-----w- C:\57036ff8ed26cd9d178921cf3e2f784d
2011-06-18 20:49:59 143422 ----a-w- c:\windows\system32\dllcache\softkey.dll
2011-06-18 20:48:55 13463552 ----a-w- c:\windows\system32\dllcache\hwxjpn.dll
2011-06-18 20:47:59 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll
2011-06-18 20:47:57 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2011-06-18 20:47:57 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2011-06-18 20:40:18 8192 ----a-w- c:\windows\system32\wshirda.dll
2011-06-18 20:40:18 27136 ----a-w- c:\windows\system32\irmon.dll
2011-06-18 20:40:18 152576 ----a-w- c:\windows\system32\irftp.exe
2011-06-18 20:34:23 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-06-18 20:34:23 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-06-18 20:34:23 13312 ----a-w- c:\windows\system32\irclass.dll
2011-06-18 20:34:23 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll
2011-06-18 20:34:09 13753 ----a-r- c:\windows\SET99.tmp
2011-06-18 20:34:06 1086058 ----a-r- c:\windows\SET8D.tmp
2011-06-18 20:34:03 1042903 ----a-r- c:\windows\SET8A.tmp
2011-06-18 17:31:57 -------- d-----w- c:\program files\Support Tools
2011-06-18 17:02:05 16384 ----a-w- c:\windows\system32\dllcache\isignup.exe
2011-06-18 17:02:05 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-06-18 16:50:59 13753 ----a-r- c:\windows\SET125.tmp
2011-06-18 16:50:54 1086058 ----a-r- c:\windows\SET119.tmp
2011-06-18 16:50:51 1042903 ----a-r- c:\windows\SET116.tmp
2011-06-18 08:37:36 -------- d-----w- C:\ComboFix-11x30C
2011-06-17 13:55:35 -------- d-----w- c:\documents and settings\lee f. mallory\application data\Search Settings
2011-06-17 13:55:30 -------- d-----w- c:\program files\IObit Toolbar
2011-06-17 13:55:30 -------- d-----w- c:\program files\common files\Spigot
2011-06-17 13:55:30 -------- d-----w- c:\program files\Application Updater
2011-06-17 13:52:31 -------- d-----w- c:\documents and settings\lee f. mallory\application data\IObit
2011-06-12 19:43:44 -------- d-----w- c:\documents and settings\lee f. mallory\application data\DriverCure
2011-06-12 19:43:43 -------- d-----w- c:\documents and settings\lee f. mallory\application data\ParetoLogic
2011-06-12 19:43:15 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2011-06-04 22:38:00 -------- d-----w- c:\program files\YTD Toolbar
2011-06-04 22:37:45 -------- d-----w- c:\program files\YouTube Downloader
2011-05-24 03:50:34 -------- d-----w- c:\documents and settings\lee f. mallory\local settings\application data\Help
2011-05-23 22:21:36 -------- d-----w- c:\program files\Garmin
2011-05-23 22:04:22 -------- d-----w- c:\documents and settings\lee f. mallory\application data\GARMIN
2011-05-21 01:18:13 -------- d-----w- c:\documents and settings\lee f. mallory\local settings\application data\Google
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 09:53:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-14 18:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 18:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 18:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 18:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 18:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 18:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 18:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 18:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 18:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 18:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 18:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
1998-12-08 18:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-08 18:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-08 18:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-08 18:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-08 18:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-08 18:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL
.
============= FINISH: 7:26:45.60 ===============
please find attached the attach.txt in winzip format
Thank You
Lee