PDA

View Full Version : malware removel that spybot says i have



daisyklix22
2013-01-25, 21:45
cant search internet with out going to google romainia can only use yahoo search engine on good days.

Cant use erunt from your link but downloaded it from softtonic downloader but i dont know how to run it. put it in zip file dont know where to go from here.

i have mcafee so if this needs to change i will gladly do so.

posting i think again did not see original post sorry if this is twice

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
Run by Jessica Burt at 8:29:07 on 2013-01-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.360 [GMT -10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\PLFSetL.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\VideoWebCamera\VideoWebCamera.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Works\WkCalRem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = iexplore
dURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} -
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.313\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20130123154053.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} -
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [VideoWebCamera] "c:\program files\videowebcamera\VideoWebCamera.exe" -a
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BYRUA_AGENT] c:\lgmobileupgrade\lgmobileax\byr_client\VZWUAAgent.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jessic~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\jessic~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\microsoft works\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.313\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265130899765
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1356395917109
TCP: NameServer = 192.168.200.1
TCP: Interfaces\{6BC95130-B8AD-40E9-8B90-5855549F2802} : DHCPNameServer = 192.168.200.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 216.240.133.193 www.google.com
Hosts: 178.17.165.3 www.google.com
Hosts: 216.240.133.193 www.google.com.au
Hosts: 178.17.165.3 www.google.com.au
Hosts: 216.240.133.193 www.google.be
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jessica burt\application data\mozilla\firefox\profiles\2k4xgdyl.default-1359082705104\
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.313\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-24 09:32; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-24 09:36; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files\common files\mcafee\SystemCore
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 565416]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-29 20624]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-7-17 91200]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-31 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-31 167784]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-31 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-12-31 203400]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-12-31 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-31 171976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-24 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-24 1369624]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-31 60480]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-7-27 38912]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-12-31 234824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-31 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-31 84464]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-24 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;"c:\program files\sierra wireless inc\common\swicarddetect.exe" --> c:\program files\sierra wireless inc\common\SwiCardDetect.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-27 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-27 30192]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-12-31 146872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-12-31 65488]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-31 84464]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-31 92192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-7-27 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\drivers\lgvzandnetdiag.sys --> c:\windows\system32\drivers\lgvzandnetdiag.sys [?]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\drivers\lgvzandnetmdm.sys --> c:\windows\system32\drivers\lgvzandnetmdm.sys [?]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\drivers\lgvzandnetndis.sys --> c:\windows\system32\drivers\lgvzandnetndis.sys [?]
.
=============== Created Last 30 ================
.
2013-01-25 03:15:38 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-01-25 03:15:04 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-25 03:14:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-24 01:40:47 33944 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2013-01-18 20:32:33 -------- d-----w- C:\LGMobileUpgrade
2013-01-18 20:31:56 -------- d-----w- c:\program files\LG Electronics
2013-01-18 20:27:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-14 05:37:03 -------- d-----r- c:\program files\Skype
2013-01-11 02:47:19 -------- d-----w- c:\program files\iPod
2013-01-11 02:46:54 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-11 02:35:09 -------- d-----w- c:\program files\Bonjour
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-01-08 03:09:55 -------- d-----w- c:\program files\WildTangent Games
2013-01-04 17:52:49 -------- d-sh--w- c:\documents and settings\jessica burt\IECompatCache
2012-12-31 20:15:00 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-12-31 20:04:05 84464 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-12-31 20:04:02 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-12-31 20:03:50 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-12-31 20:03:50 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-12-31 20:03:50 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-12-31 20:03:50 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-12-31 20:03:50 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-12-31 20:03:42 -------- d-----w- c:\program files\common files\Mcafee
2012-12-31 20:03:36 -------- d-----w- c:\program files\McAfee.com
2012-12-31 20:03:21 -------- d-----w- c:\program files\McAfee
2012-12-31 19:41:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-12-31 19:41:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-31 19:21:11 171976 ----a-w- c:\windows\system32\mfevtps.exe
2012-12-31 18:30:47 -------- d-----w- c:\documents and settings\all users\application data\Citrix
2012-12-31 18:04:06 -------- d-----w- c:\program files\Citrix
2012-12-31 18:03:39 -------- d-----w- c:\documents and settings\jessica burt\local settings\application data\Citrix
2012-12-31 18:03:34 103832 ----a-w- c:\documents and settings\jessica burt\GoToAssistDownloadHelper.exe
2012-12-31 17:59:03 -------- d-----w- c:\documents and settings\jessica burt\application data\McAfee
2012-12-27 03:39:45 -------- d-----w- c:\program files\BuzzSocialPoints_DNS_IE
2012-12-27 03:39:07 -------- d-----w- c:\windows\BuzzSocialPointsChecker
2012-12-27 03:39:04 -------- d-----w- c:\program files\BuzzSocialPointsIE_DNS
2012-12-27 03:39:02 -------- d-----w- c:\program files\BuzzSocialPoints_DNS
2012-12-27 03:32:58 -------- d-----w- c:\documents and settings\jessica burt\application data\SwvUpdater
.
==================== Find3M ====================
.
2013-01-09 04:17:46 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 04:17:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 20:08:44 91200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-12-26 20:06:54 565416 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-12-26 20:04:34 132976 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-12-25 01:17:07 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-25 01:17:07 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
2012-10-30 22:51:56 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
.
============= FINISH: 8:30:52.92 ===============

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-25 08:30:51
-----------------------------
08:30:51.406 OS Version: Windows 5.1.2600 Service Pack 3
08:30:51.406 Number of processors: 2 586 0x1C02
08:30:51.406 ComputerName: SBHBSIX UserName:
08:30:53.218 Initialize success
08:35:11.812 AVAST engine defs: 13012500
08:35:16.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
08:35:16.609 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
08:35:16.750 Disk 0 MBR read successfully
08:35:16.765 Disk 0 MBR scan
08:35:16.890 Disk 0 Windows VISTA default MBR code
08:35:16.890 Disk 0 Partition 1 00 12 Compaq diag NTFS 10244 MB offset 63
08:35:16.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142381 MB offset 20981760
08:35:17.015 Disk 0 scanning sectors +312578048
08:35:17.203 Disk 0 scanning C:\WINDOWS\system32\drivers
08:35:49.156 Service scanning
08:36:19.484 Modules scanning
08:36:27.062 Disk 0 trace - called modules:
08:36:27.125 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
08:36:27.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873709c0]
08:36:27.187 3 CLASSPNP.SYS[f78fdfd7] -> nt!IofCallDriver -> \Device\00000098[0x87336498]
08:36:27.203 5 ACPI.sys[f77f4620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87353030]
08:36:28.687 AVAST engine scan C:\WINDOWS
08:36:39.593 AVAST engine scan C:\WINDOWS\system32
08:42:41.750 AVAST engine scan C:\WINDOWS\system32\drivers
08:43:03.500 AVAST engine scan C:\Documents and Settings\Jessica Burt
08:44:42.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jessica Burt\Desktop\MBR.dat"
08:44:42.328 The log file has been saved successfully to "C:\Documents and Settings\Jessica Burt\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-25 08:30:51
-----------------------------
08:30:51.406 OS Version: Windows 5.1.2600 Service Pack 3
08:30:51.406 Number of processors: 2 586 0x1C02
08:30:51.406 ComputerName: SBHBSIX UserName:
08:30:53.218 Initialize success
08:35:11.812 AVAST engine defs: 13012500
08:35:16.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
08:35:16.609 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
08:35:16.750 Disk 0 MBR read successfully
08:35:16.765 Disk 0 MBR scan
08:35:16.890 Disk 0 Windows VISTA default MBR code
08:35:16.890 Disk 0 Partition 1 00 12 Compaq diag NTFS 10244 MB offset 63
08:35:16.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142381 MB offset 20981760
08:35:17.015 Disk 0 scanning sectors +312578048
08:35:17.203 Disk 0 scanning C:\WINDOWS\system32\drivers
08:35:49.156 Service scanning
08:36:19.484 Modules scanning
08:36:27.062 Disk 0 trace - called modules:
08:36:27.125 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
08:36:27.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873709c0]
08:36:27.187 3 CLASSPNP.SYS[f78fdfd7] -> nt!IofCallDriver -> \Device\00000098[0x87336498]
08:36:27.203 5 ACPI.sys[f77f4620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87353030]
08:36:28.687 AVAST engine scan C:\WINDOWS
08:36:39.593 AVAST engine scan C:\WINDOWS\system32
08:42:41.750 AVAST engine scan C:\WINDOWS\system32\drivers
08:43:03.500 AVAST engine scan C:\Documents and Settings\Jessica Burt
08:44:42.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jessica Burt\Desktop\MBR.dat"
08:44:42.328 The log file has been saved successfully to "C:\Documents and Settings\Jessica Burt\Desktop\aswMBR.txt"
08:58:19.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jessica Burt\Desktop\MBR.dat"
08:58:19.859 The log file has been saved successfully to "C:\Documents and Settings\Jessica Burt\Desktop\aswMBR.txt"

Blade81
2013-01-28, 21:27
Hi,

Please post contents of attach.txt log from DDS run too.

daisyklix22
2013-01-28, 21:53
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/2/2010 7:06:07 AM
System Uptime: 1/25/2013 6:27:24 AM (2 hours ago)
.
Motherboard: Acer | | LT20
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1596/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 96.461 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP153: 11/16/2012 6:21:26 PM - Software Distribution Service 3.0
RP154: 11/29/2012 9:26:00 AM - Installed AVG 2013
RP155: 11/29/2012 9:30:58 AM - Installed AVG 2013
RP156: 11/29/2012 9:31:15 AM - Removed AVG 2013
RP157: 12/4/2012 6:00:25 PM - Software Distribution Service 3.0
RP158: 12/20/2012 3:02:12 PM - Software Distribution Service 3.0
RP159: 12/20/2012 10:30:15 PM - Installed AVG 2013
RP160: 12/20/2012 10:31:23 PM - Installed AVG 2013
RP161: 12/22/2012 3:22:37 PM - System Checkpoint
RP162: 12/24/2012 3:16:50 PM - Installed Java 7 Update 10
RP163: 12/25/2012 6:07:21 PM - System Checkpoint
RP164: 12/26/2012 7:07:49 AM - Removed Ask Toolbar.
RP165: 12/26/2012 7:10:01 AM - Removed Bonjour
RP166: 12/26/2012 5:48:22 PM - Installed QuickTime
RP167: 12/26/2012 11:02:51 PM - avast! Free Antivirus Setup
RP168: 12/31/2012 9:10:31 AM - Removed AVG 2013
RP169: 12/31/2012 9:13:05 AM - Removed AVG 2013
RP170: 12/31/2012 6:02:06 PM - Software Distribution Service 3.0
RP171: 1/4/2013 5:19:22 PM - Software Distribution Service 3.0
RP172: 1/6/2013 2:02:51 PM - System Checkpoint
RP173: 1/7/2013 3:49:46 PM - System Checkpoint
RP174: 1/8/2013 6:00:31 PM - Software Distribution Service 3.0
RP175: 1/9/2013 7:15:29 PM - System Checkpoint
RP176: 1/11/2013 4:31:31 PM - System Checkpoint
RP177: 1/14/2013 8:41:14 PM - Software Distribution Service 3.0
RP178: 1/16/2013 10:08:11 AM - System Checkpoint
RP179: 1/17/2013 11:48:53 AM - System Checkpoint
RP180: 1/18/2013 10:25:12 AM - Installed Java 7 Update 11
RP181: 1/18/2013 10:32:16 AM - Install LG UNITED Drivers
RP182: 1/22/2013 4:21:43 PM - Removed Ask Toolbar.
RP183: 1/24/2013 11:39:50 AM - System Checkpoint
RP184: 1/24/2013 6:19:07 PM - C
.
==== Hosts File Hijack ======================
.
Hosts: 216.240.133.193 www.google.com
Hosts: 178.17.165.3 www.google.com
Hosts: 216.240.133.193 www.google.com.au
Hosts: 178.17.165.3 www.google.com.au
Hosts: 216.240.133.193 www.google.be
Hosts: 178.17.165.3 www.google.be
Hosts: 216.240.133.193 www.google.com.br
Hosts: 178.17.165.3 www.google.com.br
Hosts: 216.240.133.193 www.google.ca
Hosts: 178.17.165.3 www.google.ca
Hosts: 216.240.133.193 www.google.ch
Hosts: 178.17.165.3 www.google.ch
Hosts: 216.240.133.193 www.google.de
Hosts: 178.17.165.3 www.google.de
Hosts: 216.240.133.193 www.google.dk
Hosts: 178.17.165.3 www.google.dk
Hosts: 216.240.133.193 www.google.fr
Hosts: 178.17.165.3 www.google.fr
Hosts: 216.240.133.193 www.google.ie
Hosts: 178.17.165.3 www.google.ie
Hosts: 216.240.133.193 www.google.it
Hosts: 178.17.165.3 www.google.it
Hosts: 216.240.133.193 www.google.co.jp
Hosts: 178.17.165.3 www.google.co.jp
Hosts: 216.240.133.193 www.google.nl
Hosts: 178.17.165.3 www.google.nl
Hosts: 216.240.133.193 www.google.no
Hosts: 178.17.165.3 www.google.no
Hosts: 216.240.133.193 www.google.co.nz
Hosts: 178.17.165.3 www.google.co.nz
Hosts: 216.240.133.193 www.google.pl
Hosts: 178.17.165.3 www.google.pl
Hosts: 216.240.133.193 www.google.se
Hosts: 178.17.165.3 www.google.se
Hosts: 216.240.133.193 www.google.co.uk
Hosts: 178.17.165.3 www.google.co.uk
Hosts: 216.240.133.193 www.google.co.za
Hosts: 178.17.165.3 www.google.co.za
Hosts: 216.240.133.193 www.bing.com
Hosts: 178.17.165.3 www.bing.com
Hosts: 216.240.133.193 search.yahoo.com
Hosts: 178.17.165.3 search.yahoo.com
Hosts: 216.240.133.193 uk.search.yahoo.com
Hosts: 178.17.165.3 uk.search.yahoo.com
Hosts: 216.240.133.193 ca.search.yahoo.com
Hosts: 178.17.165.3 ca.search.yahoo.com
Hosts: 216.240.133.193 de.search.yahoo.com
Hosts: 178.17.165.3 de.search.yahoo.com
Hosts: 216.240.133.193 fr.search.yahoo.com
Hosts: 178.17.165.3 fr.search.yahoo.com
Hosts: 216.240.133.193 au.search.yahoo.com
Hosts: 178.17.165.3 au.search.yahoo.com
Hosts: 216.240.133.193 www.google-analytics.com
Hosts: 178.17.165.3 www.google-analytics.com
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AVG 2011
AVG 2013
Bonjour
Choice Guard
Compatibility Pack for the 2007 Office system
Gateway Games
Gateway Recovery Management
Gateway ScreenSaver
Google Desktop
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 11
Java Auto Updater
Junk Mail filter update
Launch Manager
LG Verizon United Drivers
McAfee Security Scan Plus
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster for Windows Media Player
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Shared C Run-time for x86
Skype Click to Call
Skype™ 6.1
Software Version Updater
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Installer for WildTangent Games App
USB2.0 Card Reader Software
Video Web Camera
VoiceOver Kit
WebCam
WebFldrs XP
WildTangent Games App (Gateway Games)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Player 10
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
1/24/2013 5:15:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
1/24/2013 5:15:40 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/22/2013 4:22:02 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/18/2013 7:20:01 AM, error: Service Control Manager [7000] - The Sierra Wireless Card Detection Service service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

Blade81
2013-01-28, 23:37
Hi again,


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

daisyklix22
2013-01-29, 05:38
i cant find mode menu for spybot s and d i right click and it does not gie me that option

daisyklix22
2013-01-29, 06:03
i cant find mode menu for spybot s and d i right click and it does not gie me that option

I dont hae the same menu told on directions on how to temp. disable. Cant find resident and also when loaded combfix did not load as example. still can run but not on desktop. please this is driing me crazy i hae looked everywhere

Blade81
2013-01-29, 07:37
Hi,

You may skip Spybot disabling.

Blade81
2013-01-29, 18:23
Hi,

Don't run ComboFix yet. I was informed that some version of it was infected. Since I'm not sure what version is the bad one it's safer to not run ComboFix until we have 100% clean copy.


Do this instead:
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

daisyklix22
2013-01-29, 19:09
well i ran it and it didnt work anyways notepad came up and said invalid had to restore to days prior i hope i didnt skew anything up.

Blade81
2013-01-29, 19:11
Hi,

Please post fresh dds.txt log. We'll see how it looks there.

daisyklix22
2013-01-29, 19:24
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
Run by Jessica Burt at 7:18:46 on 2013-01-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.374 [GMT -10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PLFSetL.exe
C:\Program Files\VideoWebCamera\VideoWebCamera.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Microsoft Works\WkCalRem.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = iexplore
dURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} -
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.313\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20130123154053.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} -
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [VideoWebCamera] "c:\program files\videowebcamera\VideoWebCamera.exe" -a
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BYRUA_AGENT] c:\lgmobileupgrade\lgmobileax\byr_client\VZWUAAgent.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jessic~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\jessic~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\microsoft works\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.313\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265130899765
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1356395917109
TCP: NameServer = 192.168.200.1
TCP: Interfaces\{6BC95130-B8AD-40E9-8B90-5855549F2802} : DHCPNameServer = 192.168.200.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 216.240.133.193 www.google.com
Hosts: 178.17.165.3 www.google.com
Hosts: 216.240.133.193 www.google.com.au
Hosts: 178.17.165.3 www.google.com.au
Hosts: 216.240.133.193 www.google.be
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jessica burt\application data\mozilla\firefox\profiles\2k4xgdyl.default-1359082705104\
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.313\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-24 09:32; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-24 09:36; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files\common files\mcafee\SystemCore
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 565416]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-29 20624]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-7-17 91200]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-31 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-31 167784]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-31 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-12-31 203400]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-12-31 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-31 171976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-24 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-24 1369624]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-31 60480]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-7-27 38912]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-12-31 234824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-31 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-31 84464]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-24 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;"c:\program files\sierra wireless inc\common\swicarddetect.exe" --> c:\program files\sierra wireless inc\common\SwiCardDetect.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-27 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-12-31 146872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-12-31 65488]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-31 84464]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-31 92192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-7-27 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\drivers\lgvzandnetdiag.sys --> c:\windows\system32\drivers\lgvzandnetdiag.sys [?]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\drivers\lgvzandnetmdm.sys --> c:\windows\system32\drivers\lgvzandnetmdm.sys [?]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\drivers\lgvzandnetndis.sys --> c:\windows\system32\drivers\lgvzandnetndis.sys [?]
.
=============== Created Last 30 ================
.
2013-01-29 16:57:38 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-01-29 16:57:38 -------- d-----w- c:\windows\system32\wbem\Repository
2013-01-29 16:37:34 -------- d-----w- C:\cmdcons
2013-01-25 03:15:38 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-01-25 03:15:04 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-25 03:14:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-24 01:40:47 33944 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2013-01-18 20:32:33 -------- d-----w- C:\LGMobileUpgrade
2013-01-18 20:31:56 -------- d-----w- c:\program files\LG Electronics
2013-01-18 20:27:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-14 05:37:03 -------- d-----r- c:\program files\Skype
2013-01-11 02:47:19 -------- d-----w- c:\program files\iPod
2013-01-11 02:46:54 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-11 02:35:09 -------- d-----w- c:\program files\Bonjour
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-01-08 03:09:55 -------- d-----w- c:\program files\WildTangent Games
2013-01-04 17:52:49 -------- d-sh--w- c:\documents and settings\jessica burt\IECompatCache
2012-12-31 20:15:00 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-12-31 20:04:05 84464 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-12-31 20:04:02 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-12-31 20:03:50 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-12-31 20:03:50 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-12-31 20:03:50 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-12-31 20:03:50 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-12-31 20:03:50 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-12-31 20:03:42 -------- d-----w- c:\program files\common files\Mcafee
2012-12-31 20:03:36 -------- d-----w- c:\program files\McAfee.com
2012-12-31 20:03:21 -------- d-----w- c:\program files\McAfee
2012-12-31 19:21:11 171976 ----a-w- c:\windows\system32\mfevtps.exe
2012-12-31 18:30:47 -------- d-----w- c:\documents and settings\all users\application data\Citrix
2012-12-31 18:04:06 -------- d-----w- c:\program files\Citrix
2012-12-31 18:03:39 -------- d-----w- c:\documents and settings\jessica burt\local settings\application data\Citrix
2012-12-31 18:03:34 103832 ----a-w- c:\documents and settings\jessica burt\GoToAssistDownloadHelper.exe
2012-12-31 17:59:03 -------- d-----w- c:\documents and settings\jessica burt\application data\McAfee
.
==================== Find3M ====================
.
2013-01-09 04:17:46 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 04:17:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-26 20:08:44 91200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-12-26 20:06:54 565416 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-12-26 20:04:34 132976 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-12-25 01:17:07 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-25 01:17:07 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 7:21:05.14 ===============

daisyklix22
2013-01-29, 19:28
Do i need to disable mcfee to run this. it says its infected put in quarentine

Blade81
2013-01-29, 19:38
Hi,

Yes, disable McAfee before running adwCleaner.

daisyklix22
2013-01-29, 19:59
# AdwCleaner v2.109 - Logfile created 01/29/2013 at 07:53:42
# Updated 26/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jessica Burt - SBHBSIX
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jessica Burt\My Documents\Downloads\AdwCleaner(2).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Jessica Burt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Jessica Burt\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Jessica Burt\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\Jessica Burt\Local Settings\Application Data\AVG Security Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\Jessica Burt\Application Data\Mozilla\Firefox\Profiles\2k4xgdyl.default-1359082705104\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Jessica Burt\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : urls_to_restore_on_startup ={"backup":{"_signature":"sIbOlpb6Yg4Q570U3UpYrfGYuJy9APMw+Fvo8hFKMs0=","_version":4,"browser":{"show[...]

*************************

AdwCleaner[R1].txt - [41114 octets] - [29/01/2013 07:51:25]
AdwCleaner[S1].txt - [5344 octets] - [29/01/2013 07:53:42]

########## EOF - C:\AdwCleaner[S1].txt - [5404 octets] ##########

daisyklix22
2013-01-29, 20:01
still is taking me to google Romania i really dont understand

Blade81
2013-01-30, 07:25
Hi,

Please upload this file:
c:\windows\system32\drivers\etc\HOSTS

to this website (http://www.bleepingcomputer.com/submit-malware.php?channel=76)

Kindly include a link to this topic in the message.

daisyklix22
2013-01-30, 08:04
I submitted link to bleeping computer r u not allowed to tell me or can you send private message to let me know whats going on?

Blade81
2013-01-30, 19:53
Hi,

It's a modified hosts file that causes those symptoms you're seeing. Please look for "fix it for me" section here (http://support.microsoft.com/kb/972034) and follow the instructions. Then get fresh dds.txt log.

daisyklix22
2013-01-30, 20:12
I hope this fixes it also what about the pop up?

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
Run by Jessica Burt at 8:08:00 on 2013-01-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.309 [GMT -10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PLFSetL.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\VideoWebCamera\VideoWebCamera.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Microsoft Works\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = iexplore
dURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} -
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.313\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20130129080146.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} -
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [VideoWebCamera] "c:\program files\videowebcamera\VideoWebCamera.exe" -a
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BYRUA_AGENT] c:\lgmobileupgrade\lgmobileax\byr_client\VZWUAAgent.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jessic~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\jessic~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\microsoft works\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.313\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265130899765
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1356395917109
TCP: NameServer = 192.168.200.1
TCP: Interfaces\{6BC95130-B8AD-40E9-8B90-5855549F2802} : DHCPNameServer = 192.168.200.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jessica burt\application data\mozilla\firefox\profiles\2k4xgdyl.default-1359082705104\
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.313\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-24 09:32; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-24 09:36; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files\common files\mcafee\SystemCore
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-7-17 565416]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-29 20624]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-7-17 91200]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-31 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-31 167784]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-12-31 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-12-31 203400]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-12-31 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-31 171976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-24 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-24 1369624]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-31 60480]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-7-27 38912]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-12-31 234824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-31 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-31 84464]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-24 168384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;"c:\program files\sierra wireless inc\common\swicarddetect.exe" --> c:\program files\sierra wireless inc\common\SwiCardDetect.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-27 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-12-31 146872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-12-31 65488]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-31 84464]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-31 92192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-7-27 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\drivers\lgvzandnetdiag.sys --> c:\windows\system32\drivers\lgvzandnetdiag.sys [?]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\drivers\lgvzandnetmdm.sys --> c:\windows\system32\drivers\lgvzandnetmdm.sys [?]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\drivers\lgvzandnetndis.sys --> c:\windows\system32\drivers\lgvzandnetndis.sys [?]
.
=============== Created Last 30 ================
.
2013-01-29 16:57:38 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-01-29 16:57:38 -------- d-----w- c:\windows\system32\wbem\Repository
2013-01-29 16:37:34 -------- d-----w- C:\cmdcons
2013-01-25 03:15:38 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-01-25 03:15:04 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-25 03:14:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-24 01:40:47 33944 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2013-01-18 20:32:33 -------- d-----w- C:\LGMobileUpgrade
2013-01-18 20:31:56 -------- d-----w- c:\program files\LG Electronics
2013-01-18 20:27:01 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-14 05:37:03 -------- d-----r- c:\program files\Skype
2013-01-11 02:47:19 -------- d-----w- c:\program files\iPod
2013-01-11 02:46:54 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-11 02:35:09 -------- d-----w- c:\program files\Bonjour
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-01-11 02:28:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-01-08 03:09:55 -------- d-----w- c:\program files\WildTangent Games
2013-01-04 17:52:49 -------- d-sh--w- c:\documents and settings\jessica burt\IECompatCache
2012-12-31 20:15:00 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-12-31 20:04:05 84464 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-12-31 20:04:02 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-12-31 20:03:50 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-12-31 20:03:50 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-12-31 20:03:50 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-12-31 20:03:50 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-12-31 20:03:50 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-12-31 20:03:42 -------- d-----w- c:\program files\common files\Mcafee
2012-12-31 20:03:36 -------- d-----w- c:\program files\McAfee.com
2012-12-31 20:03:21 -------- d-----w- c:\program files\McAfee
2012-12-31 19:21:11 171976 ----a-w- c:\windows\system32\mfevtps.exe
2012-12-31 18:30:47 -------- d-----w- c:\documents and settings\all users\application data\Citrix
.
==================== Find3M ====================
.
2013-01-09 04:17:46 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 04:17:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-31 18:03:35 103832 ----a-w- c:\documents and settings\jessica burt\GoToAssistDownloadHelper.exe
2012-12-26 20:08:44 91200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-12-26 20:06:54 565416 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-12-26 20:04:34 132976 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-12-25 01:17:07 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-25 01:17:07 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
.
============= FINISH: 8:09:44.54 ===============

Blade81
2013-01-30, 21:08
Hi,

That took care of bad hosts file entries :)

* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish. Copy-paste results back here.



what about the pop up?
Have you noticed popups after running the fix?

daisyklix22
2013-01-30, 21:31
was ii supposed to deactivate anything like spybot?

Blade81
2013-01-30, 21:36
Having McAfee disabled during the scan may allow the scanner process a bit faster. It's ok to have Spybot enabled.

daisyklix22
2013-01-31, 00:12
Aloha from hawaii, i did what you told me and It said no threats and did not allow me to copy and paste. Whats next? And Mahalo for everthing you have done for me. I can't express how much i appreciate what you have done so far.

Blade81
2013-01-31, 08:21
Good to hear the scan came back clean :)

Any symptoms still present?

daisyklix22
2013-01-31, 17:26
Just small pop ups in the corners of computer I was told it camme from the updated web came downloads. But I will check today. They don't come as often.

Blade81
2013-01-31, 20:27
Hi,

Would it be possible to get a screenshot of those popups if they still appear? That might help to determine if legit or not :)

daisyklix22
2013-01-31, 22:40
how do i do that? With a camera?

Blade81
2013-02-01, 07:32
Or by following the instructions here (http://www.iopus.com/guides/screenshot.htm).