Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Help please eliminating WUAUDIT.EXE

  1. #1
    Junior Member
    Join Date
    Jan 2013
    Location
    Illinois USA
    Posts
    10

    Default Help please eliminating WUAUDIT.EXE

    I have run current updates of Spybot, Malwarebytes, and have McAfee anti-virus running but I still have WUAUDIT.EXE showing in task manager. Where do I start? Thanks in advance.

  2. #2
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello drcurious and

    My name is JonTom

    • Malware Logs can sometimes take a lot of time to research and interpret.
    • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
    • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
    • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
    • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.


    Lets take a look at your machine with the following scans:


    1. Please perform the following scan


      • Please download DDS from here and save it to your desktop.
      • Disable any script blocking protection (How to Disable your Security Programs)
      • Double click on the DDS icon to run the tool (may take up to 3 minutes to run). If you are running Vista or Windows 7 right click on DDS and select "Run as Admnistrator" to run the tool.
      • When done, DDS.txt will open.
      • After a few moments, attach.txt will open in a second window.
      • Save both reports to your desktop.
      • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.


    2. aswMBR


      • Download aswMBR.exe to your desktop.
      • Double click the aswMBR.exe to run it.
      • When asked if you want to download Avast's virus definitions please select Yes.
      • Click the "Scan" button to start scan.




      • On completion of the scan click save log, save it to your desktop and post in your next reply.




      Please post both DDS logs and the aswMBR log in your next reply.
    Proud Graduate of the WTT Classroom

  3. #3
    Junior Member
    Join Date
    Jan 2013
    Location
    Illinois USA
    Posts
    10

    Default

    Thanks, JonTom. Here are the logs you requested:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by Owner at 12:27:40 on 2013-01-04
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.344 [GMT -6:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\zHotkey.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Calibrize\CalibrizeResume.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {3CBF8DC3-0BC1-4D44-9CBF-6A13B96934C3} - <orphaned>
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120808213631.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    BHO: {C43430DE-3D8C-4C94-8D1B-EEE9BF1EE745} - <orphaned>
    BHO: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\owner.a-1storage\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [cdloader] "c:\documents and settings\owner.a-1storage\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [CGFLoader] c:\program files\calibrize\CalibrizeLoader.exe
    uRun: [CalibrizeResume] c:\program files\calibrize\CalibrizeResume.exe
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
    mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [CHotkey] zHotkey.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\owner~1.a-1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
    IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: Free YouTube Download - c:\documents and settings\owner.a-1storage\application data\dvdvideosoftiehelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\documents and settings\owner.a-1storage\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://chil.solidworks.com/htdocs/pdownload/edrawings/e2007sp03/cab/eModelsStandard.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158264384363
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{C1ACEBC7-1070-497B-B702-67F4BEB7519C} : DHCPNameServer = 192.168.1.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner.a-1storage\application data\mozilla\firefox\profiles\ggz2ycl5.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1|http://my.ebay.com/ws/eBayISAPI.dll?...ard.php?init=1
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 61980
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\owner.a-1storage\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\owner.a-1storage\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\owner.a-1storage\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-2-22 565352]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-8-8 91168]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-8 167784]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-8 167784]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-8 167784]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-8-8 203400]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-8-8 168880]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-8-8 167344]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-8-8 60480]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-8-8 234824]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-8-8 362640]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-19 84432]
    R3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [2007-3-10 23040]
    R3 SNXPSERX;SNXPSERX;c:\windows\system32\drivers\snxpserx.sys [2007-3-10 56320]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-8 167784]
    S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-11-14 146872]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-8-8 65488]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-19 84432]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-8-8 92192]
    S3 snxcard;SUNIX Industrial Multiport Serial Card Driver;c:\windows\system32\drivers\snxcard.sys [2007-1-5 14976]
    S3 snxport;SUNIX Industrial Port Driver;c:\windows\system32\drivers\snxport.sys [2007-1-5 54912]
    .
    =============== File Associations ===============
    .
    FileExt: .reg: regfile=regedit.exe "%1" %*
    ShellExec: MRSIDV~1.EXE: Open="c:\progra~1\lizard~1\mrsidv~1\MRSIDV~1.EXE""" %1""
    ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2013-01-01 00:04:18 388096 ----a-r- c:\documents and settings\owner.a-1storage\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2013-01-01 00:04:15 -------- d-----w- c:\program files\Trend Micro
    2012-12-19 14:51:27 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2012-12-12 09:47:19 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    .
    ==================== Find3M ====================
    .
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-12 09:47:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-12 09:47:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-28 02:31:15 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-11-28 02:31:13 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-11-28 02:31:13 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-11-28 02:31:13 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-11-27 19:41:44 1101436 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2012-11-27 19:41:44 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2012-11-27 19:41:37 1101436 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-09 12:56:16 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-11-09 12:53:22 167344 ----a-w- c:\windows\system32\mfevtps.exe
    2012-11-09 12:53:02 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2012-11-09 12:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-11-09 12:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-11-09 12:51:12 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-11-09 12:50:20 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-11-09 12:50:00 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2012-11-09 12:49:40 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-11-09 12:49:10 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
    .
    ============= FINISH: 12:28:47.43 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/7/2006 2:05:09 PM
    System Uptime: 1/4/2013 9:10:32 AM (3 hours ago)
    .
    Motherboard: To be filled by O.E.M. | | MS-7207G
    Processor: AMD Athlon(tm) 64 Processor 3400+ | CPU 1 | 2209/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 182 GiB total, 136.309 GiB free.
    D: is FIXED (FAT32) - 4 GiB total, 2.412 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2237: 10/8/2012 10:57:46 AM - System Checkpoint
    RP2238: 10/9/2012 12:05:27 PM - System Checkpoint
    RP2239: 10/10/2012 3:00:17 AM - Software Distribution Service 3.0
    RP2240: 10/11/2012 3:28:23 AM - System Checkpoint
    RP2241: 10/12/2012 3:30:22 AM - System Checkpoint
    RP2242: 10/13/2012 11:19:37 PM - System Checkpoint
    RP2243: 10/14/2012 11:28:12 PM - System Checkpoint
    RP2244: 10/16/2012 1:34:42 AM - System Checkpoint
    RP2245: 10/17/2012 2:19:41 AM - System Checkpoint
    RP2246: 10/17/2012 11:53:23 AM - Installed Java(TM) 6 Update 37
    RP2247: 10/18/2012 1:01:47 PM - System Checkpoint
    RP2248: 10/19/2012 7:06:09 PM - System Checkpoint
    RP2249: 10/21/2012 2:37:59 AM - System Checkpoint
    RP2250: 10/22/2012 3:35:25 AM - System Checkpoint
    RP2251: 10/23/2012 3:57:23 AM - System Checkpoint
    RP2252: 10/24/2012 4:57:24 AM - System Checkpoint
    RP2253: 10/25/2012 5:17:08 AM - System Checkpoint
    RP2254: 10/26/2012 5:40:30 AM - System Checkpoint
    RP2255: 10/27/2012 6:37:31 AM - System Checkpoint
    RP2256: 10/28/2012 6:40:27 AM - System Checkpoint
    RP2257: 10/29/2012 7:00:44 AM - System Checkpoint
    RP2258: 10/29/2012 3:33:33 PM - Removed RealDownloader
    RP2259: 10/30/2012 5:00:16 PM - System Checkpoint
    RP2260: 10/31/2012 7:35:19 PM - System Checkpoint
    RP2261: 11/1/2012 8:33:40 PM - System Checkpoint
    RP2262: 11/2/2012 10:00:40 PM - System Checkpoint
    RP2263: 11/3/2012 10:41:51 PM - System Checkpoint
    RP2264: 11/5/2012 7:17:49 PM - System Checkpoint
    RP2265: 11/6/2012 10:49:49 PM - System Checkpoint
    RP2266: 11/7/2012 11:25:09 PM - System Checkpoint
    RP2267: 11/9/2012 12:00:16 AM - System Checkpoint
    RP2268: 11/10/2012 12:31:40 AM - System Checkpoint
    RP2269: 11/11/2012 12:38:08 AM - System Checkpoint
    RP2270: 11/12/2012 12:48:48 AM - System Checkpoint
    RP2271: 11/13/2012 2:13:44 AM - System Checkpoint
    RP2272: 11/14/2012 2:34:12 AM - System Checkpoint
    RP2273: 11/14/2012 3:00:16 AM - Software Distribution Service 3.0
    RP2274: 11/15/2012 3:34:29 AM - System Checkpoint
    RP2275: 11/16/2012 9:36:33 AM - System Checkpoint
    RP2276: 11/17/2012 10:04:34 AM - System Checkpoint
    RP2277: 11/18/2012 11:05:40 AM - System Checkpoint
    RP2278: 11/19/2012 4:42:57 PM - System Checkpoint
    RP2279: 11/20/2012 8:45:49 PM - System Checkpoint
    RP2280: 11/21/2012 9:04:34 PM - System Checkpoint
    RP2281: 11/22/2012 10:04:31 PM - System Checkpoint
    RP2282: 11/23/2012 11:04:29 PM - System Checkpoint
    RP2283: 11/25/2012 12:04:29 AM - System Checkpoint
    RP2284: 11/26/2012 4:58:52 PM - System Checkpoint
    RP2285: 11/27/2012 7:15:35 PM - System Checkpoint
    RP2286: 11/27/2012 8:25:57 PM - Removed J2SE Runtime Environment 5.0 Update 2
    RP2287: 11/27/2012 8:31:07 PM - Installed Java 7 Update 9
    RP2288: 11/28/2012 8:44:46 PM - System Checkpoint
    RP2289: 11/29/2012 8:45:57 PM - System Checkpoint
    RP2290: 11/30/2012 9:45:59 PM - System Checkpoint
    RP2291: 12/1/2012 10:45:56 PM - System Checkpoint
    RP2292: 12/2/2012 11:10:00 PM - System Checkpoint
    RP2293: 12/3/2012 11:45:58 PM - System Checkpoint
    RP2294: 12/5/2012 12:46:07 AM - System Checkpoint
    RP2295: 12/6/2012 12:50:28 AM - System Checkpoint
    RP2296: 12/7/2012 1:50:46 AM - System Checkpoint
    RP2297: 12/8/2012 2:50:26 AM - System Checkpoint
    RP2298: 12/9/2012 3:03:48 AM - System Checkpoint
    RP2299: 12/10/2012 4:03:48 AM - System Checkpoint
    RP2300: 12/11/2012 5:03:50 AM - System Checkpoint
    RP2301: 12/12/2012 6:03:50 AM - System Checkpoint
    RP2302: 12/13/2012 6:08:54 AM - System Checkpoint
    RP2303: 12/14/2012 3:00:28 AM - Software Distribution Service 3.0
    RP2304: 12/15/2012 3:31:03 AM - System Checkpoint
    RP2305: 12/16/2012 4:31:02 AM - System Checkpoint
    RP2306: 12/17/2012 5:31:00 AM - System Checkpoint
    RP2307: 12/18/2012 6:30:59 AM - System Checkpoint
    RP2308: 12/19/2012 7:31:02 AM - System Checkpoint
    RP2309: 12/20/2012 8:34:17 AM - System Checkpoint
    RP2310: 12/21/2012 8:36:08 AM - System Checkpoint
    RP2311: 12/22/2012 3:00:24 AM - Software Distribution Service 3.0
    RP2312: 12/23/2012 3:45:07 AM - System Checkpoint
    RP2313: 12/24/2012 3:49:39 AM - System Checkpoint
    RP2314: 12/25/2012 4:00:50 AM - System Checkpoint
    RP2315: 12/26/2012 5:25:58 AM - System Checkpoint
    RP2316: 12/27/2012 5:57:21 AM - System Checkpoint
    RP2317: 12/28/2012 6:57:25 AM - System Checkpoint
    RP2318: 12/29/2012 8:19:48 AM - System Checkpoint
    RP2319: 12/30/2012 9:57:06 AM - System Checkpoint
    RP2320: 12/31/2012 9:57:26 AM - System Checkpoint
    RP2321: 12/31/2012 6:04:14 PM - Installed HiJackThis
    RP2322: 1/1/2013 6:54:58 PM - System Checkpoint
    RP2323: 1/2/2013 7:00:12 PM - System Checkpoint
    RP2324: 1/3/2013 7:13:08 PM - System Checkpoint
    RP2325: 1/4/2013 8:27:15 AM - Software Distribution Service 3.0
    RP2326: 1/4/2013 8:50:52 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    3D Billiards 1.42
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Amazon Add to Wish List IE Extension 1.1
    Apple Application Support
    Apple Software Update
    Beach Tranquility Screen Saver
    Belarc Advisor 7.2
    Belarc Advisor 8.3
    Belkin SOHO Networking Utilities
    BigFix
    Boilsoft Video Joiner 6.0
    BonusPack
    BPD_HPSU
    BPD_Scan
    BPDfax
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Calibrize 2.0
    CCleaner
    Chinese Simplified Fonts Support For Adobe Reader 9
    Corel WordPerfect Suite 8
    Coupon Printer for Windows
    CustomerResearchQFolder
    Defraggler
    Destinations
    DeviceManagementQFolder
    DigiGate for Windows
    Digital Media Reader
    Disk Investigator 1.5
    DivX Web Player
    DocProc
    DocProcQFolder
    DVD Flick 1.3.0.7
    DVD Player 1.0
    DVDStyler v2.2
    EasyCleaner
    EPSON Printer Software
    eSupportQFolder
    Free Download Manager 2.5
    Free Studio version 5.5.0
    getPlus(R) for Adobe
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist Corporate
    Hewlett-Packard ACLM.NET v1.1.0.0
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 7.0
    HP Imaging Device Functions 7.0
    HP Officejet Pro All-In-One Series
    HP Photosmart Essential
    HP Product Assistant
    HP Product Detection
    HP Solution Center 7.0
    HP Update
    HPPhotoSmartExpress
    HPProductAssistant
    InstantShareAlert
    InstantShareDevicesMFC
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 17
    Java(TM) 6 Update 37
    Listing Factory 2009 v3.5
    Logitech MouseWare 9.79.1
    Lost Fractal Screen Saver
    magicJack
    Malwarebytes Anti-Malware version 1.65.1.1000
    MarketResearch
    MBSS Fireworks 3.1
    McAfee AntiVirus Plus
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.0 Security Update (KB2698035)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Automated Troubleshooting Services Shim
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Fix it Center
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual J# 2.0 Redistributable Package
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MPM
    MrSID Viewer
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multi-IO Adapter PCI Multi-I/O Driver V6.000
    Multimedia Keyboard Driver
    Napster Burn Engine
    Nero BurnRights
    Nero OEM
    Norton Security Scan
    NVIDIA Control Panel 306.81
    NVIDIA Drivers
    NVIDIA Graphics Driver 306.81
    NVIDIA Install Application
    NVIDIA nView 136.28
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    OCR Software by I.R.I.S 7.0
    OpenOffice.org 3.2
    PanoStandAlone
    QuickTime
    RealArcade
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Recovery Software Suite eMachines
    RoboForm 7-8-5-7 (All Users)
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Serif PhotoPlus 6.0
    Shared C Run-time for x86
    Snood for Windows version 3.52-W
    SNV Demo
    SolutionCenter
    Spybot - Search & Destroy
    Status
    Sunix PCI Multi-I/O Driver V6.001
    swMSM
    Toolbox
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Viewpoint Media Player
    VLC media player 2.0.4
    WD Diagnostics
    WebFldrs XP
    WebReg
    Winamp (remove only)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Safety Scanner
    Windows Media Format Runtime
    Windows PowerShell(TM) 1.0
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip
    Xiph.Org Open Codecs 0.84.17315
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/31/2012 5:53:36 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-04 12:32:52
    -----------------------------
    12:32:52.734 OS Version: Windows 5.1.2600 Service Pack 3
    12:32:52.734 Number of processors: 1 586 0x2F02
    12:32:52.734 ComputerName: A-1STORAGE UserName: Owner
    12:32:53.453 Initialize success
    12:41:16.468 AVAST engine defs: 13010400
    12:41:41.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    12:41:41.718 Disk 0 Vendor: WDC_WD2000BB-22GUC0 08.02D08 Size: 190782MB BusType: 3
    12:41:41.781 Disk 0 MBR read successfully
    12:41:41.781 Disk 0 MBR scan
    12:41:41.937 Disk 0 unknown MBR code
    12:41:41.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 186206 MB offset 9349830
    12:41:41.968 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4565 MB offset 63
    12:41:41.984 Disk 0 scanning sectors +390700800
    12:41:42.203 Disk 0 scanning C:\WINDOWS\system32\drivers
    12:41:56.765 Service scanning
    12:42:21.250 Modules scanning
    12:42:34.781 Disk 0 trace - called modules:
    12:42:34.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    12:42:35.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85745030]
    12:42:35.218 3 CLASSPNP.SYS[f765cfd7] -> nt!IofCallDriver -> \Device\00000095[0x85753f18]
    12:42:35.234 5 ACPI.sys[f7473620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8578cd98]
    12:42:36.968 AVAST engine scan C:\WINDOWS
    12:42:48.171 AVAST engine scan C:\WINDOWS\system32
    12:46:20.140 AVAST engine scan C:\WINDOWS\system32\drivers
    12:46:46.078 AVAST engine scan C:\Documents and Settings\Owner.A-1STORAGE
    12:49:11.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.A-1STORAGE\Desktop\MBR.dat"
    12:49:11.421 The log file has been saved successfully to "C:\Documents and Settings\Owner.A-1STORAGE\Desktop\aswMBR.txt"

  4. #4
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello drcurious

    Thank you for the logs.

    1. Combofix




      • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop


      • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
      • Double click on ComboFix.exe & follow the prompts.


      • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




      • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




      • Click on Yes, to continue scanning for malware.
      • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
      • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
      • Should there be issues with internet afterward:

        In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

        In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

      Post the Combofix log in your next reply.
    Proud Graduate of the WTT Classroom

  5. #5
    Junior Member
    Join Date
    Jan 2013
    Location
    Illinois USA
    Posts
    10

    Default

    Hello JonTom. Here is the ComboFix log:

    ComboFix 13-01-04.03 - Owner 01/04/2013 18:12:11.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.132 [GMT -6:00]
    Running from: c:\documents and settings\Owner.A-1STORAGE\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\13a53668vloc03ui5e6cw01804e58xbx7gapik1vnl57
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Owner.A-1STORAGE\GoToAssistDownloadHelper.exe
    c:\documents and settings\Owner.A-1STORAGE\WINDOWS
    c:\documents and settings\UpdatusUser\WINDOWS
    c:\program files\AutocompletePro
    c:\program files\AutocompletePro\FireFoxExtension.exe
    c:\program files\AutocompletePro\InstTracker.exe
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-01 00:04 . 2013-01-01 00:04 388096 ----a-r- c:\documents and settings\Owner.A-1STORAGE\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-01-01 00:04 . 2013-01-01 00:04 -------- d-----w- c:\program files\Trend Micro
    2012-12-27 22:37 . 2012-12-27 22:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
    2012-12-19 14:51 . 2012-11-09 12:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2012-12-12 09:47 . 2012-12-12 09:47 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-16 12:23 . 2005-04-13 16:55 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-12 09:47 . 2012-04-09 22:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-12 09:47 . 2011-06-10 01:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-28 02:31 . 2012-11-28 02:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-11-28 02:31 . 2012-06-30 16:21 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-11-28 02:31 . 2011-10-17 02:15 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-11-28 02:31 . 2010-02-11 16:59 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-11-13 01:25 . 2005-04-13 16:56 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-09 12:56 . 2012-08-09 02:36 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-11-09 12:53 . 2012-08-09 02:08 167344 ----a-w- c:\windows\system32\mfevtps.exe
    2012-11-09 12:53 . 2012-08-09 02:36 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2012-11-09 12:52 . 2012-08-09 02:36 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-11-09 12:52 . 2012-08-09 02:36 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-11-09 12:51 . 2012-02-22 18:29 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-11-09 12:50 . 2012-08-09 02:36 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-11-09 12:50 . 2012-08-09 02:36 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2012-11-09 12:49 . 2012-08-09 02:36 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-11-09 12:49 . 2012-02-22 18:29 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-11-02 02:02 . 2005-04-13 16:55 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17 . 2005-04-13 16:56 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17 . 2005-04-13 16:55 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17 . 2005-04-13 16:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35 . 2005-04-13 16:55 385024 ------w- c:\windows\system32\html.iec
    2012-12-05 02:03 . 2012-12-05 02:03 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\documents and settings\Owner.A-1STORAGE\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]
    "CGFLoader"="c:\program files\Calibrize\CalibrizeLoader.exe" [2007-11-26 1961984]
    "CalibrizeResume"="c:\program files\Calibrize\CalibrizeResume.exe" [2007-11-26 413696]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-12-21 109336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "CHotkey"="zHotkey.exe" [2005-05-03 543232]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-14 14820864]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
    "EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-10-29 296096]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
    "NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\documents and settings\Owner.A-1STORAGE\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-3-28 2168360]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2012-08-15 17:46 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Documents and Settings\\Owner.A-1STORAGE\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Documents and Settings\\Owner.A-1STORAGE\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/8/2012 8:36 PM 91168]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/8/2012 8:36 PM 167784]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/8/2012 8:36 PM 167784]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [8/8/2012 8:36 PM 168880]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/8/2012 8:08 PM 167344]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/8/2012 8:36 PM 60480]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/8/2012 8:36 PM 362640]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/19/2012 8:51 AM 84432]
    R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [10/31/2006 12:48 PM 47360]
    R3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [3/10/2007 6:41 PM 23040]
    R3 SNXPSERX;SNXPSERX;c:\windows\system32\drivers\snxpserx.sys [3/10/2007 6:41 PM 56320]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/8/2012 8:36 PM 167784]
    S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 4:12 PM 10664]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [11/14/2012 7:38 AM 146872]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 9:09 PM 267568]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/19/2012 8:51 AM 84432]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/8/2012 8:36 PM 92192]
    S3 snxcard;SUNIX Industrial Multiport Serial Card Driver;c:\windows\system32\drivers\snxcard.sys [1/5/2007 10:18 AM 14976]
    S3 snxport;SUNIX Industrial Port Driver;c:\windows\system32\drivers\snxport.sys [1/5/2007 10:19 AM 54912]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 09:47]
    .
    2013-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2013-01-04 c:\windows\Tasks\ConfigExec.job
    - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
    .
    2013-01-04 c:\windows\Tasks\DataUpload.job
    - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
    .
    2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-11 06:04]
    .
    2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-11 06:04]
    .
    2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-607317455-4106850741-3124670952-1006Core.job
    - c:\documents and settings\Owner.A-1STORAGE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-03 02:14]
    .
    2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-607317455-4106850741-3124670952-1006UA.job
    - c:\documents and settings\Owner.A-1STORAGE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-03 02:14]
    .
    2013-01-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-607317455-4106850741-3124670952-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
    .
    2013-01-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-607317455-4106850741-3124670952-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
    .
    2013-01-04 c:\windows\Tasks\ReclaimerUpdateFiles_Owner.job
    - c:\documents and settings\Owner.A-1STORAGE\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 03:01]
    .
    2013-01-04 c:\windows\Tasks\ReclaimerUpdateXML_Owner.job
    - c:\documents and settings\Owner.A-1STORAGE\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 03:01]
    .
    2013-01-04 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
    - c:\documents and settings\Owner.A-1STORAGE\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 03:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Free YouTube Download - c:\documents and settings\Owner.A-1STORAGE\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\documents and settings\Owner.A-1STORAGE\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Owner.A-1STORAGE\Application Data\Mozilla\Firefox\Profiles\ggz2ycl5.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1|http://my.ebay.com/ws/eBayISAPI.dll?...ard.php?init=1
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 61980
    FF - prefs.js: network.proxy.type - 4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{3CBF8DC3-0BC1-4D44-9CBF-6A13B96934C3} - (no file)
    BHO-{C43430DE-3D8C-4C94-8D1B-EEE9BF1EE745} - (no file)
    Toolbar-Locked - (no file)
    AddRemove-O Driver V6.000 Setup - c:\program files\Multi-IO Adapter\PCI_MultiIO_Driver\uninst.exe Software\Multi-IO Adapter\PCI_MultiIO_Driver\Setup
    AddRemove-O Driver V6.001 Setup - c:\program files\Sunix\PCI_MultiIO_Driver\uninst.exe Software\Sunix\PCI_MultiIO_Driver\Setup
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-04 18:22
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1060)
    c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
    .
    Completion time: 2013-01-04 18:26:37
    ComboFix-quarantined-files.txt 2013-01-05 00:26
    .
    Pre-Run: 146,236,710,912 bytes free
    Post-Run: 146,734,661,632 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - C1DF8C49CC81FC9D52B6E268F4F4FA62

  6. #6
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello drcurious

    Thank you for the log.

    Is WUAUDIT.EXE still showing in your task manager?

    Lets take a look for it with the following:

    1. Please download SystemLook by JPShortstuff


      • Please download SystemLook by JPShortstuff by clicking here or here and save the file (called SystemLook.exe) to your desktop.
      • Double click SystemLook.exe to run the program.
      • Copy the content of the following codebox into the main textfield:


      Code:
      :filefind
      *WUAUDIT.EXE
      • Click the Look button to start the scan.
      • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
      • Note: The log can also be found on your Desktop entitled SystemLook.txt



      Do you recognise the following proxy set in your firefox browser?


      FF - prefs.js: network.proxy.http_port - 61980
      FF - prefs.js: network.proxy.type - 4
      Is this something that you set yourself?

      Please post the Systemlook log in your next reply.
    Proud Graduate of the WTT Classroom

  7. #7
    Junior Member
    Join Date
    Jan 2013
    Location
    Illinois USA
    Posts
    10

    Default

    Good Morning JonTom,

    Oddly, when I began this session WUAUDIT.EXE was listed in the task manager. As of right now it does not appear. SystemLook result was "no files found." It will likely reappear if I reboot. Should I do this?

    I have no knowledge of proxy settings in Firefox. I have never changed any settings myself.

    Chris

  8. #8
    Junior Member
    Join Date
    Jan 2013
    Location
    Illinois USA
    Posts
    10

    Default

    Dear JonTom,

    When I started the session with you, WUAUDIT.EXE was in the Task Manager list. When I downloaded DDS, it finished downloading and when I tried to open the program my machine locked. I had to power off and reboot and WUAUDIT.EXE was on the Task Manager list again. I then ran the diagnostics and posted the results. When you asked me to run SystemLook, WUAUDIT.EXE no longer appeared on the Task Manager list, and SystemLook said "No files found."

    I have rebooted once again and WUAUDIT.EXE appeared on the Task Manager list. I ran SystemLook again immediately after looking at the Task Manageer list and it came back with "No files found." I checked the Task Manager and WUAUDIT.EXE had disappeared!

    I am perplexed.

    Chris

  9. #9
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello drcurious

    I am perplexed.
    Me too the file does not appear in your DDS logs, nor was it removed by Combofix and as you mentioned it was not picked up by systemlook.

    How is the machine running in general? Are there any symptoms being displayed that are out of the ordinary? (Redirects, popups, error messages etc).

    Lets continue with the following:


    1. Please work through the following steps


      • Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").
      • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
      • Copy and Paste the text in the quotebox below into the open Notepad window:

        Firefox::
        FF - ProfilePath - c:\documents and settings\Owner.A-1STORAGE\Application Data\Mozilla\Firefox\Profiles\ggz2ycl5.default\
        FF - prefs.js: network.proxy.http_port - 61980
        FF - prefs.js: network.proxy.type - 4
      • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
      • Close any open browsers.
      • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Refering to the picture below, drag CFScript.txt into ComboFix.exe




      • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
      • Once the log is produced, re-engage your resident anti virus.


    2. Temporary File Cleaner


      • Download TFC to your desktop.
      • Close any open windows.
      • Double click the TFC icon to run the program.
      • TFC will close all open programs itself in order to run.
      • Click the Start button to begin the process.
      • Allow TFC to run uninterrupted.
      • The program should not take long to finish.
      • Once complete it should automatically reboot your machine.
      • If your machine does not reboot automatically, manually reboot to ensure a complete clean.
      • Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.


    3. MalwareBytes AntiMalware:


      • I can see that you have MBAM installed.
      • Double click on your MalwareBytes AntiMalware icon to launch the program.
      • Click on the "Update" tab and then on "Check for Updates".
      • The program will now install the latest Malware definition files.
      • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
      • Once the program has scanned your computer, a log file will be created in Notepad.
      • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.



      • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" < Very Important.
      • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
      • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
      • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
      • Come back here to this thread and Paste the log in your next reply.


      Please post the Combofix log and the MBAM log in your next reply.
    Proud Graduate of the WTT Classroom

  10. #10
    Junior Member
    Join Date
    Jan 2013
    Location
    Illinois USA
    Posts
    10

    Default

    Dear JonTom,

    Thanks for continuing your investigation of the mysterious disappearing WUAUDIT.EXE. As far as my machine's performance, it has been normal, but occasionaly it will slow down so I check Task Manager to see what is using CPU. Sometimes a McAfee process is slowing things down for no apparent reason. It was when checking Task Manager that I discovered the unrecognized WUAUDIT.EXE but now I can't remember if it was using CPU or not.

    Here are the logs that you requested:

    ComboFix 13-01-05.01 - Owner 01/05/2013 22:33:28.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.513 [GMT -6:00]
    Running from: c:\documents and settings\Owner.A-1STORAGE\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner.A-1STORAGE\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-01 00:04 . 2013-01-01 00:04 388096 ----a-r- c:\documents and settings\Owner.A-1STORAGE\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-01-01 00:04 . 2013-01-01 00:04 -------- d-----w- c:\program files\Trend Micro
    2012-12-27 22:37 . 2012-12-27 22:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
    2012-12-19 14:51 . 2012-11-09 12:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2012-12-12 09:47 . 2012-12-12 09:47 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-16 12:23 . 2005-04-13 16:55 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-12 09:47 . 2012-04-09 22:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-12 09:47 . 2011-06-10 01:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-28 02:31 . 2012-11-28 02:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-11-28 02:31 . 2012-06-30 16:21 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-11-28 02:31 . 2011-10-17 02:15 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-11-28 02:31 . 2010-02-11 16:59 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-11-13 01:25 . 2005-04-13 16:56 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-09 12:56 . 2012-08-09 02:36 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-11-09 12:53 . 2012-08-09 02:08 167344 ----a-w- c:\windows\system32\mfevtps.exe
    2012-11-09 12:53 . 2012-08-09 02:36 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2012-11-09 12:52 . 2012-08-09 02:36 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-11-09 12:52 . 2012-08-09 02:36 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-11-09 12:51 . 2012-02-22 18:29 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-11-09 12:50 . 2012-08-09 02:36 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-11-09 12:50 . 2012-08-09 02:36 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2012-11-09 12:49 . 2012-08-09 02:36 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-11-09 12:49 . 2012-02-22 18:29 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-11-02 02:02 . 2005-04-13 16:55 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17 . 2005-04-13 16:56 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17 . 2005-04-13 16:55 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17 . 2005-04-13 16:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35 . 2005-04-13 16:55 385024 ------w- c:\windows\system32\html.iec
    2012-12-05 02:03 . 2012-12-05 02:03 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\documents and settings\Owner.A-1STORAGE\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]
    "CGFLoader"="c:\program files\Calibrize\CalibrizeLoader.exe" [2007-11-26 1961984]
    "CalibrizeResume"="c:\program files\Calibrize\CalibrizeResume.exe" [2007-11-26 413696]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-12-21 109336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "CHotkey"="zHotkey.exe" [2005-05-03 543232]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-14 14820864]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
    "EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-10-29 296096]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
    "NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\documents and settings\Owner.A-1STORAGE\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-3-28 2168360]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2012-08-15 17:46 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Documents and Settings\\Owner.A-1STORAGE\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Documents and Settings\\Owner.A-1STORAGE\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/8/2012 8:36 PM 91168]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/8/2012 8:36 PM 167784]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/8/2012 8:36 PM 167784]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [8/8/2012 8:36 PM 168880]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/8/2012 8:08 PM 167344]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/8/2012 8:36 PM 60480]
    R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 9:09 PM 267568]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/8/2012 8:36 PM 362640]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/19/2012 8:51 AM 84432]
    R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [10/31/2006 12:48 PM 47360]
    R3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [3/10/2007 6:41 PM 23040]
    R3 SNXPSERX;SNXPSERX;c:\windows\system32\drivers\snxpserx.sys [3/10/2007 6:41 PM 56320]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/8/2012 8:36 PM 167784]
    S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 4:12 PM 10664]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [11/14/2012 7:38 AM 146872]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/19/2012 8:51 AM 84432]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/8/2012 8:36 PM 92192]
    S3 snxcard;SUNIX Industrial Multiport Serial Card Driver;c:\windows\system32\drivers\snxcard.sys [1/5/2007 10:18 AM 14976]
    S3 snxport;SUNIX Industrial Port Driver;c:\windows\system32\drivers\snxport.sys [1/5/2007 10:19 AM 54912]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 09:47]
    .
    2013-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2013-01-05 c:\windows\Tasks\ConfigExec.job
    - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
    .
    2013-01-06 c:\windows\Tasks\DataUpload.job
    - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
    .
    2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-11 06:04]
    .
    2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-11 06:04]
    .
    2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-607317455-4106850741-3124670952-1006Core.job
    - c:\documents and settings\Owner.A-1STORAGE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-03 02:14]
    .
    2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-607317455-4106850741-3124670952-1006UA.job
    - c:\documents and settings\Owner.A-1STORAGE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-03 02:14]
    .
    2013-01-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-607317455-4106850741-3124670952-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
    .
    2013-01-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-607317455-4106850741-3124670952-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
    .
    2013-01-04 c:\windows\Tasks\ReclaimerUpdateFiles_Owner.job
    - c:\documents and settings\Owner.A-1STORAGE\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 03:01]
    .
    2013-01-05 c:\windows\Tasks\ReclaimerUpdateXML_Owner.job
    - c:\documents and settings\Owner.A-1STORAGE\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 03:01]
    .
    2013-01-05 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Owner.job
    - c:\documents and settings\Owner.A-1STORAGE\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-14 03:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Free YouTube Download - c:\documents and settings\Owner.A-1STORAGE\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\documents and settings\Owner.A-1STORAGE\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Owner.A-1STORAGE\Application Data\Mozilla\Firefox\Profiles\ggz2ycl5.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1|http://my.ebay.com/ws/eBayISAPI.dll?...ard.php?init=1
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-05 22:43
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1060)
    c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
    .
    - - - - - - - > 'explorer.exe'(1896)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2013-01-05 22:46:50
    ComboFix-quarantined-files.txt 2013-01-06 04:46
    ComboFix2.txt 2013-01-05 00:26
    .
    Pre-Run: 146,561,130,496 bytes free
    Post-Run: 146,545,369,088 bytes free
    .
    - - End Of File - - 64FC26C648E05E83D47CFF51A1AEC625


    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.06.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: A-1STORAGE [administrator]

    1/6/2013 12:52:33 AM
    mbam-log-2013-01-06 (00-52-33).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 362498
    Time elapsed: 2 hour(s), 17 minute(s), 20 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •