Artemis virus

smessi · 02-Nov-2009, 07:47 PM #1

Using Mcafee I've found a virus that it is not able to remove. Sometimes it points to a .dll file called "musosami.dll" I apparently cant delete it and dont even know if I should. It also pointed to: "pegojehe.dll" and "zasiyugi.dll"

Additionally when I use internet explorer I get advertisement windows that pop-up whenever I navigate anywhere this doesn't seem to be very harmful but it is quite annoying. Another possible problem is I had my bank account hacked and drained by someone online and haven't the slighest idea how that happened.....I'm desperate at this point

My log is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:08 PM, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe
C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\MSC\McLgView.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070610
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070610
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com
O1 - Hosts: 91.212.127.226 os-guardpro.com
O1 - Hosts: 91.212.127.226 www.os-guardpro.com
O2 - BHO: Adobe PDF Reader Link Helper - {015BE035-984B-4381-A5D8-5ED7467F47ED} - C:\WINDOWS\system32\AcroIEHelpe.dll
O2 - BHO: (no name) - {4CF670AA-1E5E-4D53-9E9F-39A386E98293} - C:\WINDOWS\system32\xxyARkKd.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BHO - {F5F14E7A-F59D-45a0-BDC5-A9F5454F0BCF} - C:\WINDOWS\system32\iehelper.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [83041218] C:\docume~1\alluse~1\applic~1\83041218\83041218.exe
O4 - HKLM\..\Run: [system tool] C:\Program Files\nxupaq\fjhgsysguard.exe
O4 - HKLM\..\Run: [15330618] C:\Documents and Settings\All Users\Application Data\15330618\15330618.exe
O4 - HKLM\..\Run: [93548231] C:\DOCUME~1\ALLUSE~1\APPLIC~1\93548231\93548231.exe
O4 - HKLM\..\Run: [04188526] C:\DOCUME~1\ALLUSE~1\APPLIC~1\04188526\04188526.exe
O4 - HKLM\..\Run: [55141723] C:\Documents and Settings\All Users\Application Data\55141723\55141723.exe
O4 - HKLM\..\Run: [22888432] C:\Documents and Settings\All Users\Application Data\22888432\22888432.exe
O4 - HKLM\..\Run: [59350729] C:\Documents and Settings\All Users\Application Data\59350729\59350729.exe
O4 - HKLM\..\Run: [05261519] C:\Documents and Settings\All Users\Application Data\05261519\05261519.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [75182730] C:\Documents and Settings\All Users\Application Data\75182730\75182730.exe
O4 - HKLM\..\Run: [33785632] C:\Documents and Settings\All Users\Application Data\33785632\33785632.exe
O4 - HKLM\..\Run: [55069429] C:\Documents and Settings\All Users\Application Data\55069429\55069429.exe
O4 - HKLM\..\Run: [88229938] C:\Documents and Settings\All Users\Application Data\88229938\88229938.exe
O4 - HKLM\..\Run: [80959637] C:\Documents and Settings\All Users\Application Data\80959637\80959637.exe
O4 - HKLM\..\Run: [53667431] C:\Documents and Settings\All Users\Application Data\53667431\53667431.exe
O4 - HKLM\..\Run: [15228018] C:\Documents and Settings\All Users\Application Data\15228018\15228018.exe
O4 - HKLM\..\Run: [44839533] C:\Documents and Settings\All Users\Application Data\44839533\44839533.exe
O4 - HKLM\..\Run: [48328328] C:\Documents and Settings\All Users\Application Data\48328328\48328328.exe
O4 - HKLM\..\Run: [73554226] C:\Documents and Settings\All Users\Application Data\73554226\73554226.exe
O4 - HKLM\..\Run: [39805934] C:\Documents and Settings\All Users\Application Data\39805934\39805934.exe
O4 - HKLM\..\Run: [20421312] C:\DOCUME~1\ALLUSE~1\APPLIC~1\20421312\20421312.exe
O4 - HKLM\..\Run: [08956432] C:\Documents and Settings\All Users\Application Data\08956432\08956432.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [lovoterib] Rundll32.exe "c:\windows\system32\rudadiza.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [system tool] C:\Program Files\nxupaq\fjhgsysguard.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://merillat.view22.com/release_3...iew22RTEv4.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...89/mcfscan.cab
O20 - AppInit_DLLs: c:\windows\system32\fovisuga.dll c:\windows\system32\vajizati.dll c:\windows\system32\rowavinu.dll kifabibu.dll c:\windows\system32\rudadiza.dll
O20 - Winlogon Notify: urqQiGAT - urqQiGAT.dll (file missing)
O21 - SSODL: sofejowew - {c6ad942f-967a-4bd1-b5ad-24aac6cc254c} - c:\windows\system32\hiluguba.dll (file missing)
O21 - SSODL: pusitidul - {76a47896-a2b7-4962-bccc-3654137f2a24} - c:\windows\system32\rofegivu.dll (file missing)
O21 - SSODL: diwijeriy - {e60d3d0e-fd91-4e04-9c6f-9870cd25fe87} - c:\windows\system32\nikijaru.dll (file missing)
O21 - SSODL: gomekuyik - {a0bac1b8-6fac-4c1c-ba80-882224a09ffe} - c:\windows\system32\guharufa.dll (file missing)
O21 - SSODL: bezunujuw - {6c095b9a-d44a-48df-b3c7-1b7642b7ac68} - c:\windows\system32\rudadiza.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {c6ad942f-967a-4bd1-b5ad-24aac6cc254c} - c:\windows\system32\hiluguba.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {76a47896-a2b7-4962-bccc-3654137f2a24} - c:\windows\system32\rofegivu.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {e60d3d0e-fd91-4e04-9c6f-9870cd25fe87} - c:\windows\system32\nikijaru.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {a0bac1b8-6fac-4c1c-ba80-882224a09ffe} - c:\windows\system32\guharufa.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {6c095b9a-d44a-48df-b3c7-1b7642b7ac68} - c:\windows\system32\rudadiza.dll (file missing)
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: dkab_device - - C:\WINDOWS\system32\DKabcoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
--
End of file - 12553 bytes

Any help or advice is greatly appreciated

Smessi

**sjpritch25** · 05-Nov-2009, 07:47 PM #2

Welcome to TSG

We need to see some additional information about what is happening in your machine.
Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

================================================================

We need to see some additional information about what is happening in your machine.
Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

smessi · 05-Nov-2009, 08:44 PM #3

Gentlemen, I clicked on the link you provided and my A/V flagged it as a trojan and blocked it, is this normal? I only just found this site recently and I'm concerned about safety. Please bear with me as I just had my identity stolen and my bank account drained. Caution is my rule for the time being.

**sjpritch25** · 05-Nov-2009, 09:04 PM #4

yes it is often detect by some AV's, but its safe.

smessi · 06-Nov-2009, 11:18 AM #5

Below are the log files from the "dds" scan you recommended....additional information: Everytime I run a full scan with macaphee I get several "infections" for the artemis virus that is says are quarantined and a vundo virus that it still cant seem to remove.

logs:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-10-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/15/2007 5:18:12 PM
System Uptime: 11/6/2009 9:31:56 AM (1 hours ago)
Motherboard: Dell Inc. | | 0GU083
Processor: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz | Microprocessor | 2992/1333mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 137 GiB total, 80.498 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 11/1/2009 9:28:58 PM - System Checkpoint
RP2: 11/2/2009 10:09:44 PM - System Checkpoint
RP3: 11/3/2009 11:08:05 PM - System Checkpoint
RP4: 11/4/2009 11:57:25 PM - System Checkpoint
==== Installed Programs ======================
1720 DriverTools
1720 LPSU
1720 Pubs
1720 x86_HBP
1720 x86_PS
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Apple Software Update
Broadcom Advanced Control Suite
Dassault Systemes Software B16
Dassault Systemes Software B18
Dassault Systemes Software B18_V5R8
Dassault Systemes Software B18_V8
Dassault Systemes Software Prerequisites x86
Data Access Objects (DAO) 3.5
Dell SAS RAID Storage Manager
Dell SAS RAID Storage Manager v2.08-00
Dell Software Uninstall
DivX Web Player
FabriWIN_2 (C:\FabriWIN_2)
FBTools1.2
GearDrvs
Google Toolbar for Internet Explorer
HASP HL Device Driver
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Matrix Storage Manager
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 16
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
LightWave 3D 9.2
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Combat Flight Simulator
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Plus! for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
Move Networks Media Player for Internet Explorer
NewTek SpeedEDIT
NewTek SpeedHQ Video Codec (Remove Only)
NVIDIA Drivers
PokerStars
PowerDVD 5.7
QuickTime
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SecondLife (remove only)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sentinel Protection Installer 7.3.0
SnapShot 1.0.1
Sound Blaster X-Fi
Symantec Technical Support Advanced Chat Controls
TEBIS V3.3 R6
Tebis V3.3 R6 C1
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
URL Assistant
VBA (3821b)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 3
Windows XP Winter Fun Pack for Windows Media Player 9 Series
Windows XP Winter Fun Pack Screensavers
XP Codec Pack
==== Event Viewer Messages From Past Week ========
11/4/2009 11:29:14 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
11/4/2009 11:29:14 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
11/4/2009 11:29:14 AM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/4/2009 11:29:01 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
11/4/2009 11:28:45 AM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
11/3/2009 9:37:50 PM, error: Service Control Manager [7024] - The Backbone Service service terminated with service-specific error 0 (0x0).
11/3/2009 10:20:17 PM, error: Service Control Manager [7034] - The MRMonitor service terminated unexpectedly. It has done this 1 time(s).
11/2/2009 9:47:09 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/2/2009 9:46:23 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
11/2/2009 9:45:55 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/2/2009 9:42:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt Fips intelppm IPSec LUMDriver mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip TfFsMon TfSysMon
11/2/2009 9:42:00 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/2/2009 9:42:00 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/2/2009 9:42:00 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/2/2009 9:42:00 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/2/2009 9:40:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/2/2009 9:26:28 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/1/2009 8:16:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt Fips intelppm LUMDriver mfehidk TfFsMon TfSysMon
11/1/2009 8:15:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
11/1/2009 8:15:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
11/1/2009 8:15:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/1/2009 12:11:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
11/1/2009 12:11:40 PM, error: Service Control Manager [7000] - The Creative Service for CDROM Access service failed to start due to the following error: The system cannot find the file specified.
==== End Of File ===========================

DDS (Ver_09-10-26.01) - NTFSx86
Run by Steve at 10:07:51.50 on Fri 11/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1468 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Steve\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070610
BHO: Adobe PDF Reader Link Helper: {015be035-984b-4381-a5d8-5ed7467f47ed} - c:\windows\system32\AcroIEHelpe.dll
BHO: {4cf670aa-1e5e-4d53-9e9f-39a386e98293} - c:\windows\system32\xxyARkKd.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BHO: {f5f14e7a-f59d-45a0-bdc5-a9f5454f0bcf} - c:\windows\system32\iehelper.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [system tool] c:\program files\nxupaq\fjhgsysguard.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [Popup] "c:\program files\dell sas raid storage manager\megapopup\Popup.exe"
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [83041218] c:\docume~1\alluse~1\applic~1\83041218\83041218.exe
mRun: [system tool] c:\program files\nxupaq\fjhgsysguard.exe
mRun: [15330618] c:\documents and settings\all users\application data\15330618\15330618.exe
mRun: [93548231] c:\docume~1\alluse~1\applic~1\93548231\93548231.exe
mRun: [04188526] c:\docume~1\alluse~1\applic~1\04188526\04188526.exe
mRun: [55141723] c:\documents and settings\all users\application data\55141723\55141723.exe
mRun: [22888432] c:\documents and settings\all users\application data\22888432\22888432.exe
mRun: [59350729] c:\documents and settings\all users\application data\59350729\59350729.exe
mRun: [05261519] c:\documents and settings\all users\application data\05261519\05261519.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [75182730] c:\documents and settings\all users\application data\75182730\75182730.exe
mRun: [33785632] c:\documents and settings\all users\application data\33785632\33785632.exe
mRun: [55069429] c:\documents and settings\all users\application data\55069429\55069429.exe
mRun: [88229938] c:\documents and settings\all users\application data\88229938\88229938.exe
mRun: [80959637] c:\documents and settings\all users\application data\80959637\80959637.exe
mRun: [53667431] c:\documents and settings\all users\application data\53667431\53667431.exe
mRun: [15228018] c:\documents and settings\all users\application data\15228018\15228018.exe
mRun: [44839533] c:\documents and settings\all users\application data\44839533\44839533.exe
mRun: [48328328] c:\documents and settings\all users\application data\48328328\48328328.exe
mRun: [73554226] c:\documents and settings\all users\application data\73554226\73554226.exe
mRun: [39805934] c:\documents and settings\all users\application data\39805934\39805934.exe
mRun: [20421312] c:\docume~1\alluse~1\applic~1\20421312\20421312.exe
mRun: [08956432] c:\documents and settings\all users\application data\08956432\08956432.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [lovoterib] Rundll32.exe "c:\windows\system32\wavemile.dll",a
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://merillat.view22.com/release_3_9_177/View22RTEv4.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5789/mcfscan.cab
Notify: urqQiGAT - urqQiGAT.dll
AppInit_DLLs: c:\windows\system32\fovisuga.dll c:\windows\system32\vajizati.dll c:\windows\system32\rowavinu.dll kifabibu.dll c:\windows\system32\rudadiza.dll c:\windows\system32\wavemile.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: sofejowew - {c6ad942f-967a-4bd1-b5ad-24aac6cc254c} - c:\windows\system32\hiluguba.dll
SSODL: pusitidul - {76a47896-a2b7-4962-bccc-3654137f2a24} - c:\windows\system32\rofegivu.dll
SSODL: diwijeriy - {e60d3d0e-fd91-4e04-9c6f-9870cd25fe87} - c:\windows\system32\nikijaru.dll
SSODL: gomekuyik - {a0bac1b8-6fac-4c1c-ba80-882224a09ffe} - c:\windows\system32\guharufa.dll
SSODL: bezunujuw - {6c095b9a-d44a-48df-b3c7-1b7642b7ac68} - c:\windows\system32\rudadiza.dll
SSODL: matotulol - {e6e3bba5-c71a-4350-a8f3-e993bcd83667} - c:\windows\system32\wavemile.dll
STS: jugezatag: {c6ad942f-967a-4bd1-b5ad-24aac6cc254c} - c:\windows\system32\hiluguba.dll
STS: kupuhivus: {76a47896-a2b7-4962-bccc-3654137f2a24} - c:\windows\system32\rofegivu.dll
STS: gahurihor: {e60d3d0e-fd91-4e04-9c6f-9870cd25fe87} - c:\windows\system32\nikijaru.dll
STS: jugezatag: {a0bac1b8-6fac-4c1c-ba80-882224a09ffe} - c:\windows\system32\guharufa.dll
STS: mujuzedij: {6c095b9a-d44a-48df-b3c7-1b7642b7ac68} - c:\windows\system32\rudadiza.dll
STS: tokatiluy: {e6e3bba5-c71a-4350-a8f3-e993bcd83667} - c:\windows\system32\wavemile.dll
LSA: Notification Packages = scecli musosami.dll
============= SERVICES / DRIVERS ===============
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-4-24 16688]
R2 BBDemon;Backbone Service;c:\program files\dassault systemes\b18\intel_a\code\bin\CATSysDemon.exe [2007-5-4 36864]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-6-15 2368]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
=============== Created Last 30 ================
2009-11-02 23:22:55 0 d-----w- c:\program files\Trend Micro
2009-11-02 00:07:45 9919 ----a-w- c:\windows\system32\Config.MPF
2009-11-02 00:06:01 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-02 00:06:01 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-02 00:06:01 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-02 00:05:59 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-02 00:05:42 0 d-----w- c:\program files\McAfee.com
2009-11-02 00:05:42 0 d-----w- c:\program files\common files\McAfee
2009-11-02 00:05:39 0 d-----w- c:\program files\McAfee
2009-11-02 00:02:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-24 22:50:45 0 d-----w- c:\windows\system32\appmgmt
2009-10-19 19:50:21 2855 ----a-w- C:\NTDETECT.PIF
2009-10-19 19:48:28 0 d--h--w- c:\windows\PIF
2009-10-19 19:45:08 806444234 ----a-w- C:\zooey.avi
2009-10-15 14:35:20 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE
2009-10-15 13:52:03 0 d-----w- c:\program files\common files\PC Tools
2009-10-10 10:35:14 2713 --sh--w- c:\windows\system32\woborugu.exe
2009-10-09 15:59:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-10-09 15:59:10 915456 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-10-08 21:39:28 13 ----a-w- c:\windows\system32\urhtps.dat
2009-10-08 20:12:57 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
==================== Find3M ====================
2009-11-02 13:45:18 51712 ------w- c:\windows\system32\musosami.dll
2009-10-01 20:17:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-10-01 20:16:59 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-16 17:32:03 61224 ----a-w- c:\documents and settings\steve\GoToAssistDownloadHelper.exe
2009-09-16 15:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 12:44:41 2347320 ----a-w- c:\windows\system32\rarcc.dll
2009-09-03 09:22:35 191768 ----a-w- c:\windows\system32\AcroIEHelpe.dll
2009-01-10 16:22:41 667312 --sha-w- c:\windows\system32\dKkRAyxx.ini2
2009-08-06 13:32:56 38400 --sha-w- c:\windows\system32\doguvuvo.dll
2009-08-05 16:13:47 90624 --sha-w- c:\windows\system32\kovuzuwa.dll
2009-08-05 04:13:43 38912 --sha-w- c:\windows\system32\leforoju.dll
2009-08-05 16:13:47 37888 --sha-w- c:\windows\system32\lidamuvi.dll
2009-08-05 04:13:44 91136 --sha-w- c:\windows\system32\sumonibe.dll
2009-08-03 04:12:55 38912 --sha-w- c:\windows\system32\togitata.dll
2009-08-06 13:32:56 91136 --sha-w- c:\windows\system32\wavemile.dll
2009-07-22 02:18:42 89600 --sha-w- c:\windows\system32\zufumeba.dll
2008-12-31 16:25:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008123120090101\index.dat
============= FINISH: 10:08:03.26 ===============
Thank you in advance for any help

Smessi

**sjpritch25** · 06-Nov-2009, 10:16 PM #6

Please download and run the following tool to help allow other programs to run. (Courtesy of BleepingComputer.com).
Vista and Win7 users need to right click and choose Run as Admin

rkill.scr

===========================================

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

In your next reply, please include the malwarebytes log and fresh DDS log. Thanks

smessi · 07-Nov-2009, 11:50 AM #7

I preformed the rkill and it seemed to go fine. I downloaded mbam setup and ran it but it came up with an error saying it could not find "mbam.exe"

I searched my hard dirve for it and it could not be found. I un-installed it to try again and it required a re-boot. When computer started over a message popped up and said "windows cannot find 'C\Program' and I had no icons....I hit the "ok" button and the icons reappeared and another message appeared..."unable to find available port" clicked ok. Please advise

Smessi

**sjpritch25** · 07-Nov-2009, 12:11 PM #8

okay it looks like the malware is blocking mbam from installing.

Download Combofix from this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

smessi · 07-Nov-2009, 01:33 PM #9

Please find attached below combofix log and fresh hjt log

Combofix:

ComboFix 09-11-06.03 - Steve 11/07/2009 12:16.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1473 [GMT -5:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\AcroIEHelpe.dll
c:\windows\system32\bomagave.dll
c:\windows\system32\dKkRAyxx.ini
c:\windows\system32\dKkRAyxx.ini2
c:\windows\system32\doguvuvo.dll
c:\windows\system32\leforoju.dll
c:\windows\system32\lidamuvi.dll
c:\windows\system32\musosami.dll
c:\windows\system32\rutomore.dll
c:\windows\system32\togitata.dll
c:\windows\system32\tutuparo.dll
c:\windows\system32\UAs
c:\windows\system32\UAs\3481435183_UAs001.dat
c:\windows\system32\UAs\83041218_UAs001.dat
c:\windows\system32\UAs\AcroRd32_UAs001.dat
c:\windows\system32\UAs\AdobeUpdater_UAs001.dat
c:\windows\system32\UAs\agent_UAs001.dat
c:\windows\system32\UAs\AutoDetect_UAs001.dat
c:\windows\system32\UAs\dwwin_UAs001.dat
c:\windows\system32\UAs\Explorer_UAs001.dat
c:\windows\system32\UAs\Explorer_UAs002.dat
c:\windows\system32\UAs\Explorer_UAs003.dat
c:\windows\system32\UAs\Explorer_UAs004.dat
c:\windows\system32\UAs\Explorer_UAs005.dat
c:\windows\system32\UAs\helpctr_UAs001.dat
c:\windows\system32\UAs\helpctr_UAs002.dat
c:\windows\system32\UAs\HelpHost_UAs001.dat
c:\windows\system32\UAs\HelpHost_UAs002.dat
c:\windows\system32\UAs\housecall_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs002.dat
c:\windows\system32\UAs\iexplore_UAs003.dat
c:\windows\system32\UAs\iexplore_UAs004.dat
c:\windows\system32\UAs\iexplore_UAs005.dat
c:\windows\system32\UAs\iexplore_UAs006.dat
c:\windows\system32\UAs\iexplore_UAs007.dat
c:\windows\system32\UAs\iexplore_UAs008.dat
c:\windows\system32\UAs\iexplore_UAs009.dat
c:\windows\system32\UAs\iexplore_UAs010.dat
c:\windows\system32\UAs\iexplore_UAs011.dat
c:\windows\system32\UAs\install_UAs001.dat
c:\windows\system32\UAs\install_UAs002.dat
c:\windows\system32\UAs\install_UAs003.dat
c:\windows\system32\UAs\javasetup6u16[1]_UAs001.dat
c:\windows\system32\UAs\javasetup6u16[1]_UAs002.dat
c:\windows\system32\UAs\javaw_UAs001.dat
c:\windows\system32\UAs\jre-6u15-windows-i586-iftw_UAs001.dat
c:\windows\system32\UAs\jucheck_UAs001.dat
c:\windows\system32\UAs\jusched_UAs001.dat
c:\windows\system32\UAs\lmi_rescue_UAs001.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs001.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs002.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs003.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs004.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs005.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs006.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs007.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs008.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs009.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs010.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs011.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs012.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs013.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs014.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs015.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs016.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs017.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs018.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs019.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs020.dat
c:\windows\system32\UAs\LuComServer_3_4_UAs021.dat
c:\windows\system32\UAs\mcsync_UAs001.dat
c:\windows\system32\UAs\mcupdmgr_UAs001.dat
c:\windows\system32\UAs\mvtapp_UAs001.dat
c:\windows\system32\UAs\mvtapp_UAs002.dat
c:\windows\system32\UAs\powerdvd_UAs001.dat
c:\windows\system32\UAs\sdasetup[1]_UAs001.dat
c:\windows\system32\UAs\setup_UAs001.dat
c:\windows\system32\UAs\setup_UAs002.dat
c:\windows\system32\UAs\setup_UAs003.dat
c:\windows\system32\UAs\softwareupdate_UAs001.dat
c:\windows\system32\UAs\softwareupdate_UAs002.dat
c:\windows\system32\UAs\ssautorn_UAs001.dat
c:\windows\system32\UAs\Stub_UAs001.dat
c:\windows\system32\UAs\SWHELP~1_UAs001.dat
c:\windows\system32\UAs\SymCUW_UAs001.dat
c:\windows\system32\UAs\symnrt_UAs001.dat
c:\windows\system32\UAs\wgasetup_UAs001.dat
c:\windows\system32\UAs\WgaTray_UAs001.dat
c:\windows\system32\UAs\xpnetdiag_UAs001.dat
c:\windows\system32\woborugu.exe
c:\windows\system32\zufumeba.dll
----- BITS: Possible infected sites -----
hxxp://193.33.61.160
.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.
2009-11-07 15:23 . 2009-11-07 15:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-07 15:23 . 2009-11-07 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-07 15:02 . 2009-11-07 15:02 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2009-11-04 15:51 . 2009-11-04 15:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-11-02 23:22 . 2009-11-02 23:22 -------- d-----w- c:\program files\Trend Micro
2009-11-02 00:06 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-02 00:06 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-02 00:06 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-02 00:05 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-02 00:05 . 2009-11-02 00:06 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-02 00:05 . 2009-11-02 00:05 -------- d-----w- c:\program files\McAfee.com
2009-11-02 00:05 . 2009-11-02 13:48 -------- d-----w- c:\program files\McAfee
2009-11-02 00:02 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-01 23:59 . 2009-11-02 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-19 19:50 . 2009-10-19 19:50 2855 ----a-w- C:\NTDETECT.PIF
2009-10-19 19:48 . 2009-10-19 19:48 -------- d--h--w- c:\windows\PIF
2009-10-15 14:35 . 2009-10-15 14:35 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE
2009-10-15 13:52 . 2009-10-15 14:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-09 15:59 . 2009-07-03 17:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-10-09 15:59 . 2009-07-03 17:09 915456 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-10-08 21:39 . 2009-10-08 21:39 13 ----a-w- c:\windows\system32\urhtps.dat
2009-10-08 20:12 . 2009-10-15 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 16:28 . 2007-09-10 21:29 -------- d-----w- c:\program files\PokerStars
2009-11-02 13:26 . 2009-11-04 15:15 191374 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-11-02 00:07 . 2007-06-10 15:12 20248 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-24 22:50 . 2007-06-10 15:03 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-17 20:43 . 2007-10-25 12:48 -------- d-----w- c:\program files\SecondLife
2009-10-15 13:38 . 2007-06-10 15:06 -------- d-----w- c:\program files\Google
2009-10-12 11:52 . 2007-08-16 01:02 -------- d-----w- c:\program files\Temp
2009-10-04 15:42 . 2009-01-09 16:32 -------- d-----w- c:\program files\RegistryFix7
2009-10-03 15:39 . 2007-07-16 18:49 -------- d-----w- c:\program files\WebEx
2009-10-01 20:17 . 2009-10-01 20:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-10-01 20:16 . 2009-10-01 20:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-16 18:00 . 2007-06-10 14:58 -------- d-----w- c:\program files\Java
2009-09-16 17:59 . 2009-09-16 17:59 152576 ----a-w- c:\documents and settings\Steve\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-16 17:32 . 2008-07-07 15:41 61224 ----a-w- c:\documents and settings\Steve\GoToAssistDownloadHelper.exe
2009-09-16 15:22 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 13:25 . 2009-09-16 13:25 49152 ----a-r- c:\documents and settings\Steve\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-09-16 13:25 . 2009-09-16 13:25 49152 ----a-r- c:\documents and settings\Steve\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-09-16 13:19 . 2009-09-16 13:19 128 ----a-w- c:\documents and settings\Steve\Local Settings\Application Data\fusioncache.dat
2009-09-16 12:44 . 2009-09-16 12:44 2347320 ----a-w- c:\windows\system32\rarcc.dll
2009-09-02 13:53 . 2009-09-02 13:53 112 ----a-w- c:\windows\system32\srvblck2.tmp
2009-08-05 16:13 . 2009-08-05 16:13 90624 --sha-w- c:\windows\system32\kovuzuwa.dll
2009-08-05 04:13 . 2009-08-05 04:13 91136 --sha-w- c:\windows\system32\sumonibe.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"Popup"="c:\program files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2006-08-15 77920]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2008-11-11 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"combofix"="c:\combofix\CF15096.exe" [2009-11-07 389120]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2009-10-15 18944]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\WINDOWS\\system32\\DKabcoms.exe"=
"c:\\Program Files\\Dell SAS RAID Storage Manager\\MegaPopup\\popup.exe"=
"c:\\Documents and Settings\\Steve\\Desktop\\WS_FTP32.EXE"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\MetalsoftProtection\\ProtectServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\hub.exe"=
"c:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\modeler.exe"=
"c:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\WINDOWS\\system32\\services.exe"=
"c:\\Program Files\\Internet Explorer\\iexplore.exe"=
"c:\\WINDOWS\\system32\\CTXFIHLP.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lsass.exe"=
"c:\\FabriWIN_2\\cadcam.exe"=
"c:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Dell SAS RAID Storage Manager\\JRE\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"135:TCP"= 135:TCP

COM
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [4/24/2007 7:52 AM 16688]
R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe [5/4/2007 1:24 PM 36864]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [6/15/2007 5:22 PM 2368]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-11-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-02 17:22]
2009-11-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-02 17:22]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070610
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -
BHO-{015BE035-984B-4381-A5D8-5ED7467F47ED} - c:\windows\system32\AcroIEHelpe.dll
BHO-{4CF670AA-1E5E-4D53-9E9F-39A386E98293} - c:\windows\system32\xxyARkKd.dll
BHO-{a5f313d4-dbdc-4d39-b560-a6d10db6ae37} - tiledovo.dll
BHO-{F5F14E7A-F59D-45a0-BDC5-A9F5454F0BCF} - c:\windows\system32\iehelper.dll
HKCU-Run-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe
HKCU-Run-system tool - c:\program files\nxupaq\fjhgsysguard.exe
HKLM-Run-AudioDrvEmulator - c:\program files\Creative\Shared Files\Module Loader\DLLML.exe
HKLM-Run-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
HKLM-Run-DLA - c:\windows\System32\DLA\DLACTRLW.EXE
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
HKLM-Run-83041218 - c:\docume~1\alluse~1\applic~1\83041218\83041218.exe
HKLM-Run-system tool - c:\program files\nxupaq\fjhgsysguard.exe
HKLM-Run-15330618 - c:\documents and settings\All Users\Application Data\15330618\15330618.exe
HKLM-Run-93548231 - c:\docume~1\ALLUSE~1\APPLIC~1\93548231\93548231.exe
HKLM-Run-04188526 - c:\docume~1\ALLUSE~1\APPLIC~1\04188526\04188526.exe
HKLM-Run-55141723 - c:\documents and settings\All Users\Application Data\55141723\55141723.exe
HKLM-Run-22888432 - c:\documents and settings\All Users\Application Data\22888432\22888432.exe
HKLM-Run-59350729 - c:\documents and settings\All Users\Application Data\59350729\59350729.exe
HKLM-Run-05261519 - c:\documents and settings\All Users\Application Data\05261519\05261519.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
HKLM-Run-75182730 - c:\documents and settings\All Users\Application Data\75182730\75182730.exe
HKLM-Run-33785632 - c:\documents and settings\All Users\Application Data\33785632\33785632.exe
HKLM-Run-55069429 - c:\documents and settings\All Users\Application Data\55069429\55069429.exe
HKLM-Run-88229938 - c:\documents and settings\All Users\Application Data\88229938\88229938.exe
HKLM-Run-80959637 - c:\documents and settings\All Users\Application Data\80959637\80959637.exe
HKLM-Run-53667431 - c:\documents and settings\All Users\Application Data\53667431\53667431.exe
HKLM-Run-15228018 - c:\documents and settings\All Users\Application Data\15228018\15228018.exe
HKLM-Run-44839533 - c:\documents and settings\All Users\Application Data\44839533\44839533.exe
HKLM-Run-48328328 - c:\documents and settings\All Users\Application Data\48328328\48328328.exe
HKLM-Run-73554226 - c:\documents and settings\All Users\Application Data\73554226\73554226.exe
HKLM-Run-39805934 - c:\documents and settings\All Users\Application Data\39805934\39805934.exe
HKLM-Run-20421312 - c:\docume~1\ALLUSE~1\APPLIC~1\20421312\20421312.exe
HKLM-Run-08956432 - c:\documents and settings\All Users\Application Data\08956432\08956432.exe
HKLM-Run-lovoterib - c:\windows\system32\bomagave.dll
HKLM-Run-witudaguwe - musosami.dll
SharedTaskScheduler-{c6ad942f-967a-4bd1-b5ad-24aac6cc254c} - c:\windows\system32\hiluguba.dll
SharedTaskScheduler-{76a47896-a2b7-4962-bccc-3654137f2a24} - c:\windows\system32\rofegivu.dll
SharedTaskScheduler-{e60d3d0e-fd91-4e04-9c6f-9870cd25fe87} - c:\windows\system32\nikijaru.dll
SharedTaskScheduler-{a0bac1b8-6fac-4c1c-ba80-882224a09ffe} - c:\windows\system32\guharufa.dll
SharedTaskScheduler-{6c095b9a-d44a-48df-b3c7-1b7642b7ac68} - c:\windows\system32\rudadiza.dll
SharedTaskScheduler-{d6a207ef-9b4e-4526-a7c8-f58159feb8f8} - c:\windows\system32\bomagave.dll
SSODL-sofejowew-{c6ad942f-967a-4bd1-b5ad-24aac6cc254c} - c:\windows\system32\hiluguba.dll
SSODL-pusitidul-{76a47896-a2b7-4962-bccc-3654137f2a24} - c:\windows\system32\rofegivu.dll
SSODL-diwijeriy-{e60d3d0e-fd91-4e04-9c6f-9870cd25fe87} - c:\windows\system32\nikijaru.dll
SSODL-gomekuyik-{a0bac1b8-6fac-4c1c-ba80-882224a09ffe} - c:\windows\system32\guharufa.dll
SSODL-bezunujuw-{6c095b9a-d44a-48df-b3c7-1b7642b7ac68} - c:\windows\system32\rudadiza.dll
SSODL-vihorirok-{d6a207ef-9b4e-4526-a7c8-f58159feb8f8} - c:\windows\system32\bomagave.dll
Notify-urqQiGAT - urqQiGAT.dll

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 12:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2009-11-07 12:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 17:25
Pre-Run: 86,386,442,240 bytes free
Post-Run: 88,800,940,032 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
- - End Of File - - BC9B6F91E3A42C0AF67FB76DD949CD4D

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:26 PM, on 11/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070610
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://merillat.view22.com/release_3...iew22RTEv4.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...89/mcfscan.cab
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: dkab_device - - C:\WINDOWS\system32\DKabcoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
--
End of file - 6632 bytes
Thank you in advance for all your help

Smessi

**sjpritch25** · 07-Nov-2009, 02:10 PM **#10**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://forums.techguy.org/malware-removal-hijackthis-logs/873941-artemis-virus.html#post7020393

Collect::[70]
c:\windows\system32\kovuzuwa.dll
c:\windows\system32\sumonibe.dll
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\WINDOWS\\explorer.exe"=-
"c:\\WINDOWS\\system32\\winlogon.exe"=-
"c:\\WINDOWS\\system32\\logonui.exe"=-
"c:\\WINDOWS\\system32\\sessmgr.exe"=-
"c:\\WINDOWS\\system32\\lsass.exe"=-
"c:\\WINDOWS\\system32\\spoolsv.exe"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Let me know if you can install mbam now.

smessi · 09-Nov-2009, 11:07 AM **#11**

Below is the combofix log updated with CTScript:

ComboFix 09-11-08.03 - Steve 11/09/2009 9:47.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1580 [GMT -5:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.
2009-11-08 14:36 . 2009-11-08 14:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-07 15:23 . 2009-11-07 15:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-07 15:23 . 2009-11-07 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-07 15:02 . 2009-11-07 15:02 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2009-11-04 15:51 . 2009-11-04 15:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-11-02 23:22 . 2009-11-02 23:22 -------- d-----w- c:\program files\Trend Micro
2009-11-02 00:06 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-02 00:06 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-02 00:06 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-02 00:05 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-02 00:05 . 2009-11-02 00:06 -------- d-----w- c:\program files\Common Files\McAfee
2009-11-02 00:05 . 2009-11-02 00:05 -------- d-----w- c:\program files\McAfee.com
2009-11-02 00:05 . 2009-11-02 13:48 -------- d-----w- c:\program files\McAfee
2009-11-02 00:02 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-01 23:59 . 2009-11-02 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-19 19:50 . 2009-10-19 19:50 2855 ----a-w- C:\NTDETECT.PIF
2009-10-19 19:48 . 2009-10-19 19:48 -------- d--h--w- c:\windows\PIF
2009-10-15 14:35 . 2009-10-15 14:35 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE
2009-10-15 13:52 . 2009-10-15 14:45 -------- d-----w- c:\program files\Common Files\PC Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 16:40 . 2007-09-10 21:29 -------- d-----w- c:\program files\PokerStars
2009-11-02 13:26 . 2009-11-04 15:15 191374 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-11-02 00:07 . 2007-06-10 15:12 20248 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-24 22:50 . 2007-06-10 15:03 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-17 20:43 . 2007-10-25 12:48 -------- d-----w- c:\program files\SecondLife
2009-10-15 14:22 . 2009-10-08 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-15 13:38 . 2007-06-10 15:06 -------- d-----w- c:\program files\Google
2009-10-12 11:52 . 2007-08-16 01:02 -------- d-----w- c:\program files\Temp
2009-10-08 21:39 . 2009-10-08 21:39 13 ----a-w- c:\windows\system32\urhtps.dat
2009-10-04 15:42 . 2009-01-09 16:32 -------- d-----w- c:\program files\RegistryFix7
2009-10-03 15:39 . 2007-07-16 18:49 -------- d-----w- c:\program files\WebEx
2009-10-01 20:17 . 2009-10-01 20:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-10-01 20:16 . 2009-10-01 20:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-16 18:00 . 2007-06-10 14:58 -------- d-----w- c:\program files\Java
2009-09-16 17:59 . 2009-09-16 17:59 152576 ----a-w- c:\documents and settings\Steve\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-16 17:32 . 2008-07-07 15:41 61224 ----a-w- c:\documents and settings\Steve\GoToAssistDownloadHelper.exe
2009-09-16 15:22 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 13:25 . 2009-09-16 13:25 49152 ----a-r- c:\documents and settings\Steve\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-09-16 13:25 . 2009-09-16 13:25 49152 ----a-r- c:\documents and settings\Steve\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-09-16 13:19 . 2009-09-16 13:19 128 ----a-w- c:\documents and settings\Steve\Local Settings\Application Data\fusioncache.dat
2009-09-16 12:44 . 2009-09-16 12:44 2347320 ----a-w- c:\windows\system32\rarcc.dll
2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 13:53 . 2009-09-02 13:53 112 ----a-w- c:\windows\system32\srvblck2.tmp
2009-08-29 08:08 . 2009-10-09 15:59 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-11 22:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-07_17.21.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-08 14:31 . 2009-11-08 14:31 16384 c:\windows\Temp\Perflib_Perfdata_220.dat
+ 2007-08-13 23:54 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 23:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-11 22:00 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
- 2004-08-11 22:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2009-09-16 15:15 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-09-16 15:15 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
- 2007-12-15 15:32 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-12-15 15:32 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
- 2007-06-10 14:56 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-06-10 14:56 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-06-15 20:59 . 2009-11-07 16:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-06-15 20:59 . 2009-11-09 11:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-07 20:15 . 2009-11-09 11:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-06-15 20:59 . 2009-11-07 16:11 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-10-02 17:48 . 2008-07-09 07:38 26488 c:\windows\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\u pdate\spcustom.dll
- 2009-10-02 17:48 . 2008-07-09 07:38 17272 c:\windows\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\s pmsg.dll
+ 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-11-08 04:25 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-11-08 04:25 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-11-08 04:25 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-11-08 04:24 . 2009-11-08 04:24 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000. 0__b03f5f7f11d50a3a_ab89e5e5\System.Drawing.Design.dll
+ 2009-11-08 04:24 . 2009-11-08 04:24 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b0 3f5f7f11d50a3a_31c25b16\CustomMarshalers.dll
+ 2004-08-11 22:00 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll
- 2004-08-11 22:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
- 2007-08-13 23:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
+ 2004-08-11 22:00 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
- 2004-08-11 22:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-11 22:00 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 22:00 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-11 22:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:00 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-10-09 15:59 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-08-21 14:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2006-08-21 14:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
- 2007-08-13 23:44 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 23:44 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-12-15 15:32 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2007-12-15 15:32 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-09-16 15:15 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-09-16 15:15 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-06-10 14:56 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
- 2007-06-10 14:56 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 23:39 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 23:39 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 23:39 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-11-08 14:36 . 2009-11-08 14:36 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-10-02 17:48 . 2008-07-09 07:38 382840 c:\windows\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\u pdate\updspapi.dll
- 2009-10-02 17:48 . 2008-07-09 07:38 755576 c:\windows\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\u pdate\update.exe
- 2009-10-02 17:48 . 2008-07-09 07:38 231288 c:\windows\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\s puninst.exe
- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-11-08 04:25 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-11-08 04:25 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-11-08 04:25 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-11-08 04:25 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-11-08 04:25 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-11-08 04:25 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-11-08 04:25 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-11-08 04:25 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-11-08 04:25 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-11-08 04:24 . 2009-11-08 04:24 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f 5f7f11d50a3a_68108a78\System.Drawing.dll
+ 2009-11-07 17:48 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.2 2319_x-ww_f0b4c2df\GdiPlus.dll
- 2004-08-11 22:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-11 22:00 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-11 22:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
- 2004-08-11 22:00 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
+ 2004-08-11 22:00 . 2009-08-04 15:13 2145280 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 03:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 03:59 . 2009-08-04 14:20 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-11 22:00 . 2009-08-29 08:08 5940224 c:\windows\system32\mshtml.dll
+ 2007-08-13 23:34 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
- 2007-08-13 23:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
- 2007-06-10 14:56 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2007-06-10 14:56 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-10-14 17:34 . 2009-08-05 01:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-14 17:34 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-14 17:34 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-14 17:34 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-14 17:34 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-14 17:34 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-14 17:34 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-06-10 14:56 . 2009-08-29 08:08 5940224 c:\windows\system32\dllcache\mshtml.dll
+ 2007-12-15 15:32 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2007-12-15 15:32 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-11-08 04:25 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-11-08 04:25 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-11-08 04:25 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2004-08-11 22:24 . 2006-08-21 20:57 1077321 c:\windows\Help\SBSI\Training\orun32.exe
+ 2008-10-14 17:34 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-14 17:34 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-14 17:34 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-14 17:34 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 17:34 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-14 17:34 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-14 17:34 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-11-08 04:24 . 2009-11-08 04:24 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934 e089_e0d6bab9\System.dll
+ 2009-11-08 04:24 . 2009-11-08 04:24 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c56 1934e089_d2085a81\System.Xml.dll
+ 2009-11-08 04:24 . 2009-11-08 04:24 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0 __b77a5c561934e089_a746213c\System.Windows.Forms.dll
+ 2009-11-08 04:24 . 2009-11-08 04:24 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5 f7f11d50a3a_f0adeb00\System.Design.dll
+ 2009-11-08 04:24 . 2009-11-08 04:24 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c5619 34e089_16bc789e\mscorlib.dll
- 2007-07-11 07:00 . 2007-07-11 07:00 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-11-08 04:23 . 2009-11-08 04:23 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-11-08 04:23 . 2009-11-08 04:23 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web. dll
- 2007-07-11 07:00 . 2007-07-11 07:00 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web. dll
+ 2009-11-08 04:24 . 2009-10-02 16:01 25198016 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2009-08-29 08:08 11069440 c:\windows\system32\ieframe.dll
+ 2007-12-15 15:32 . 2009-08-29 08:08 11069440 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninsta ll.msp
+ 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\24b6c83.msp
+ 2009-11-08 04:25 . 2009-07-19 22:48 11067392 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"Popup"="c:\program files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" [2006-08-15 77920]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2008-11-11 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2009-10-15 18944]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\WINDOWS\\system32\\DKabcoms.exe"=
"c:\\Program Files\\Dell SAS RAID Storage Manager\\MegaPopup\\popup.exe"=
"c:\\Documents and Settings\\Steve\\Desktop\\WS_FTP32.EXE"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\MetalsoftProtection\\ProtectServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\hub.exe"=
"c:\\Program Files\\NewTek\\LightWave 3D 9.2\\Programs\\modeler.exe"=
"c:\\Program Files\\Dassault Systemes\\B16\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\WINDOWS\\system32\\CTXFIHLP.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\FabriWIN_2\\cadcam.exe"=
"c:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Dell SAS RAID Storage Manager\\JRE\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"135:TCP"= 135:TCP

COM
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [4/24/2007 7:52 AM 16688]
R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe [5/4/2007 1:24 PM 36864]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [6/15/2007 5:22 PM 2368]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-11-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-02 17:22]
2009-11-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-02 17:22]
.
.
------- Supplementary Scan -------
.
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://merillat.view22.com/release_3_9_177/View22RTEv4.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 09:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-09 9:52
ComboFix-quarantined-files.txt 2009-11-09 14:52
ComboFix2.txt 2009-11-07 17:26
Pre-Run: 88,333,029,376 bytes free
Post-Run: 88,342,073,344 bytes free
- - End Of File - - 21A8A9CC76C7BE3EA918EE09BDF48A1A

mbam log in next post

smessi · 09-Nov-2009, 11:08 AM **#12**

Here is the mbam log (loaded and run sucessfully):

Malwarebytes' Anti-Malware 1.41
Database version: 3133
Windows 5.1.2600 Service Pack 3
11/9/2009 10:04:04 AM
mbam-log-2009-11-09 (10-04-04).txt
Scan type: Quick Scan
Objects scanned: 113033
Time elapsed: 1 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 162
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{1c1ebef0-37cf-4408-b494-f6c000fd6ed7} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{339949fb-4a8c-4aa3-bd04-8b888d9a642a} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf3e4737-a002-49ce-8e07-3460cb177a28} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{30fcf052-3649-4543-b924-ba7ab9facc8a} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{050c8642-c1a9-480b-95a1-55fecb2b8c9a} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{050c 8642-c1a9-480b-95a1-55fecb2b8c9a} (Spyware.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\acroie.dll (Spyware.Banker) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\xmldm\83041218_UAs001.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\iexplore_UAs011.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.011841_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.011841_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.011841_steve@doubleclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.011841_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.014749_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.020254_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.024636_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.032147_steve@ad.doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.032147_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.032147_steve@doubleclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.032147_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.032247_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.033250_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.033922_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.033922_steve@zedo[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.034855_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.035557_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.041031_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.041733_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.042806_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.042806_steve@cdn4.specificcli ck[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.042806_steve@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.042806_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.042806_steve@specificclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.042836_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.042836_steve@cdn4.specificcli ck[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.042836_steve@doubleclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.042836_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.042836_steve@specificclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.043739_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.051049_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.052022_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.052855_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.052855_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.052855_steve@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.052855_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.053629_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.053629_steve@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.053629_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.054030_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.055103_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.055605_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.055605_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.055605_steve@doubleclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.055605_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.055705_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.055705_steve@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.055705_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.060337_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.060337_steve@apmebf[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.060337_steve@doubleclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.060337_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.061109_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.061140_steve@adbrite[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062113_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062113_steve@adbrite[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062113_steve@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062113_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062143_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062143_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062143_steve@cdn4.specificcli ck[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062143_steve@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062143_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062143_steve@specificclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062143_steve@tribalfusion[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062213_steve@cdn4.specificcli ck[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062213_steve@specificclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062945_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.062945_steve@tribalfusion[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063015_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063015_steve@cdn4.specificcli ck[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063015_steve@specificclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063146_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063146_steve@adbrite[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063146_steve@tribalfusion[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063347_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063347_steve@cdn4.specificcli ck[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063347_steve@specificclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063347_steve@tribalfusion[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063547_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063547_steve@adbrite[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063547_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063547_steve@tribalfusion[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063718_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063718_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.063919_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.064722_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.064722_steve@adbrite[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.064752_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.064752_steve@doubleclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.064752_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.065926_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.071201_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.071201_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.071201_steve@tribalfusion[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.071502_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.071803_steve@cdn4.specificcli ck[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.071803_steve@specificclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.072435_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.072435_steve@tribalfusion[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.074342_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.075918_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.075949_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.075949_steve@tribalfusion[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.092721_steve@tribalfusion[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.112843_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.112843_steve@adbrite[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.113445_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.120510_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.120510_steve@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.120711_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.120711_steve@adbrite[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.120711_steve@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.120741_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.120741_steve@adbrite[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.120741_steve@doubleclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.120811_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.120811_steve@adbrite[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.121413_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.121744_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.123519_steve@apmebf[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.123519_steve@atdmt[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.123850_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.123850_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.123850_steve@content.yieldman ager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.123850_steve@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.123850_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.124130_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.124130_steve@atdmt[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.124130_steve@content.yieldman ager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.124130_steve@content.yieldman ager[3].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.124130_steve@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.124130_steve@revsci[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.124501_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.124501_steve@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.124501_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.125905_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.125905_steve@doubleclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.09.125905_steve@revsci[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.023110_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.023140_steve@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.045901_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.045932_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.050002_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.050102_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.050203_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.050303_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.050403_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.050534_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.050604_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.050735_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.050835_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.050906_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.050936_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.051036_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.051137_steve@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.051237_steve@advertising[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.052040_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.083756_steve@ad.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbanke_2009.10.10.083756_steve@adbrite[1].txt (Stolen.Data) -> Quarantined and deleted successfully.

Thank you for your help

Smessi

**sjpritch25** · 09-Nov-2009, 02:16 PM **#13**

did you save CFScript.txt to your desktop? It doesn't look like you did because of this

C:\CFScript.txt

Please follow my instructions again and drag it into ComboFix. Thanks

smessi · 10-Nov-2009, 04:23 PM **#14**

Thank you for all the help with this issue. I can report that my system is clear of all virus'.

Thanks again,

Smessi

smessi · 10-Nov-2009, 04:23 PM **#15**

problem solved

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard netgear network printer problem ram registry repair router slow software sound toshiba trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!