niknak Posted October 3, 2009 Posted October 3, 2009 Hi, newbie here, hoping someone can help me out. Last couple of days Internet Explorer has been running slowly, some pages do not load at all, just a "http" in the address bar or "address not valid". Its really annoying and i can only assume its malware of some sort. Im running Mcafee on Vista, on a Dell Inspiron laptop. Im trying to avoid paid support from Dell who want £67 plus vat for a single issue. I have attempted to read up on this on the forums but if im honest im clueless and i dont want to attempt anything and then make the issue worse! Any help greatly greatly appreciated! Thanks! Quote
Plastic Nev Posted October 3, 2009 Posted October 3, 2009 Hi Niknak, and welcome to Extreme Tech Support - Free PC Help. Our security expert will be here to take over shortly, but in the meantime please follow these instructions carefully so he has something to work on when he gets here. Please download the latest version of HijackThis from Trend Micro and save it to your desktop. Download HJTInstall.exe to your desktop. Doubleclick HJTInstall.exe to install HijackThis. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Include this log in your next reply. Notes: Do not use the AnalyseThis button, its findings are dangerous if misinterpreted. Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should. Quote Need help with your computer problems? Then why not join Free PC Help. Register here. If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. -------------------------------------------------------------------- I have installed Windows, now how do I install the curtains? 😄
niknak Posted October 3, 2009 Author Posted October 3, 2009 Here is the log thanks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:59:13, on 03/10/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\taskeng.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = %s - Yahoo! Search Results R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe O23 - Service: dlbu_device - - C:\Windows\system32\dlbucoms.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing) -- End of file - 10726 bytes Quote
chiaz Posted October 4, 2009 Posted October 4, 2009 Hello. :) A few things before we start.... 1. Please Read All Instructions Carefully. 2. If you don't understand something, stop and ask! Don't keep going on. 3. Please do not run any other tools or scans whilst I am helping you. 4. If you have to go away for an extended period of time, let me know. 5. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) First, There is a program on your PC called Ask Toolbar/Askbar. I recommend you uninstall it, it was likely installed with another program and you didn't see the notice that it was an optional component at the start of the install process. Many programs (even widely known legitimate programs) have toolbars as optional bundled installs these days because they get money from the business relationship. You can read more about Ask.com here. If you uninstalled the Ask Toolbar as recommended, restart your PC first. Then use Windows Explorer and delete the following folders if found: C:\Program Files\AskBarDis C:\Program Files\AskSearch ===== Next, Please download Malwarebytes' Anti-Malware by clicking the link below: http://www.besttechie.net/tools/mbam-setup.exe Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * You'll be required to post the contents of this log later. Please Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. ===== Now download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool: Go here ======> A guide and tutorial on using ComboFix <====== Go here Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems. Quote
niknak Posted October 4, 2009 Author Posted October 4, 2009 thanks for your help, here is the info you requested in two parts..:) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:59:13, on 03/10/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\taskeng.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = %s - Yahoo! Search Results R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\aestsrv.exe O23 - Service: dlbu_device - - C:\Windows\system32\dlbucoms.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing) -- End of file - 10726 bytes Quote
niknak Posted October 4, 2009 Author Posted October 4, 2009 ComboFix 09-10-03.01 - dukestreet 04/10/2009 15:55.1.2 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3034.1710 [GMT 1:00]Running from: c:\users\dukestreet\Downloads\ComboFix.exeSP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Resident AV is active.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500c:\$recycle.bin\S-1-5-21-3914775888-4088661394-887693425-500c:\program files\QUAD Utilitiesc:\program files\QUAD Utilities\QUAD RegistryCleaner\program.logc:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstylesc:\windows\system32\oem5.inf.((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 ))))))))))))))))))))))))))))))).2009-10-04 15:02 . 2009-10-04 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp2009-10-04 14:41 . 2009-10-04 14:41 -------- d-----w- c:\users\dukestreet\AppData\Roaming\Malwarebytes2009-10-04 14:41 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-10-04 14:41 . 2009-10-04 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2009-10-04 14:41 . 2009-10-04 14:41 -------- d-----w- c:\programdata\Malwarebytes2009-10-04 14:41 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-10-03 07:12 . 2009-10-03 07:19 -------- dc----w- c:\windows\system32\DRVSTORE2009-10-03 07:02 . 2009-10-03 07:02 -------- d-----w- c:\program files\Trend Micro2009-10-03 07:00 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe2009-10-02 16:28 . 2009-10-02 16:34 -------- d-----w- c:\program files\Privacy and Registry Cleaner2009-10-02 15:29 . 2009-10-02 15:29 -------- d-----w- c:\users\dukestreet\AppData\Local\Mozilla2009-10-02 13:13 . 2009-10-02 13:14 -------- d-----w- c:\windows\system32\ca-ES2009-10-02 13:13 . 2009-10-02 13:14 -------- d-----w- c:\windows\system32\eu-ES2009-10-02 13:13 . 2009-10-02 13:14 -------- d-----w- c:\windows\system32\vi-VN2009-10-02 12:43 . 2009-04-11 06:28 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll2009-10-02 12:42 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll2009-10-02 12:42 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll2009-10-02 12:42 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe2009-10-02 12:42 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll2009-10-02 09:26 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll2009-10-02 09:26 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe2009-10-02 09:26 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll2009-10-02 09:26 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll2009-10-02 09:26 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll2009-10-02 09:26 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll2009-10-02 09:26 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll2009-10-02 09:26 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll2009-10-02 09:26 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe2009-10-02 08:34 . 2009-10-02 08:34 -------- d-----w- c:\program files\AVG2009-10-02 08:34 . 2009-10-02 08:34 -------- d-----w- c:\programdata\avg82009-10-02 07:40 . 2009-10-02 07:52 -------- d-----w- c:\program files\Free Window Registry Repair2009-10-02 07:01 . 2009-10-02 07:01 -------- d-----w- c:\programdata\Yahoo! Companion2009-10-01 17:00 . 2009-10-02 07:02 -------- d-----w- c:\program files\RegistryFix82009-09-30 10:32 . 2009-10-02 09:17 -------- d-----w- C:\4db11413268c14deff0971ae5ac82009-09-09 13:37 . 2009-09-09 13:37 -------- d-----w- c:\users\dukestreet\AppData\Roaming\Trusteer2009-09-09 13:37 . 2009-09-09 13:37 -------- d-----w- c:\programdata\Trusteer2009-09-09 13:37 . 2009-09-09 13:37 -------- d-----w- c:\program files\Trusteer.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-10-03 15:01 . 2008-11-27 18:43 -------- d--h--w- c:\program files\InstallShield Installation Information2009-10-03 11:55 . 2009-01-09 16:36 -------- d-----w- c:\program files\dl_Cats2009-10-03 07:12 . 2008-11-27 18:53 -------- d-----w- c:\program files\Common Files\PX Storage Engine2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar2009-10-02 13:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender2009-10-02 09:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Reference Assemblies2009-10-02 09:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild2009-10-02 09:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games2009-09-17 13:47 . 2009-09-17 13:47 4453282 ----a-w- c:\programdata\SPL7EE9.tmp2009-09-09 18:31 . 2009-01-12 12:49 -------- d-----w- c:\programdata\Microsoft Help2009-09-03 14:14 . 2009-09-03 14:14 -------- d-----w- c:\programdata\Office Genuine Advantage2009-08-29 00:27 . 2009-09-03 02:03 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll2009-08-29 00:14 . 2009-09-03 02:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll2009-08-14 16:27 . 2009-09-09 09:49 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys2009-08-14 15:53 . 2009-09-09 09:49 17920 ----a-w- c:\windows\system32\netevent.dll2009-08-14 13:49 . 2009-09-09 09:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE2009-08-14 13:49 . 2009-09-09 09:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE2009-08-14 13:49 . 2009-09-09 09:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE2009-08-14 13:49 . 2009-09-09 09:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE2009-08-14 13:49 . 2009-09-09 09:49 19968 ----a-w- c:\windows\system32\ARP.EXE2009-08-14 13:49 . 2009-09-09 09:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE2009-08-14 13:49 . 2009-09-09 09:49 10240 ----a-w- c:\windows\system32\finger.exe2009-08-14 13:48 . 2009-09-09 09:49 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2009-08-14 13:48 . 2009-09-09 09:49 105984 ----a-w- c:\windows\system32\netiohlp.dll2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe2009-07-21 21:52 . 2009-07-29 07:25 915456 ----a-w- c:\windows\system32\wininet.dll2009-07-21 21:47 . 2009-07-29 07:25 109056 ----a-w- c:\windows\system32\iesysprep.dll2009-07-21 21:47 . 2009-07-29 07:25 71680 ----a-w- c:\windows\system32\iesetup.dll2009-07-21 20:13 . 2009-07-29 07:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe2009-07-17 13:54 . 2009-08-13 08:43 71680 ----a-w- c:\windows\system32\atl.dll2009-07-16 11:32 . 2008-11-27 18:49 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys2009-07-15 12:40 . 2009-08-13 08:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL2009-07-15 12:39 . 2009-08-13 08:42 313344 ----a-w- c:\windows\system32\wmpdxm.dll2009-07-15 12:39 . 2009-08-13 08:42 4096 ----a-w- c:\windows\system32\dxmasf.dll2009-07-15 12:39 . 2009-08-13 08:42 7680 ----a-w- c:\windows\system32\spwmp.dll2009-07-11 19:01 . 2009-09-09 09:49 513536 ----a-w- c:\windows\system32\wlansvc.dll2009-07-11 19:01 . 2009-09-09 09:49 293376 ----a-w- c:\windows\system32\wlanmsm.dll2009-07-11 19:01 . 2009-09-09 09:49 302592 ----a-w- c:\windows\system32\wlansec.dll2009-07-11 19:01 . 2009-09-09 09:49 65024 ----a-w- c:\windows\system32\wlanapi.dll2009-07-11 17:03 . 2009-09-09 09:49 127488 ----a-w- c:\windows\system32\L2SecHC.dll2009-07-08 14:13 . 2009-07-08 14:13 720300 ----a-w- c:\programdata\SPL3895.tmp2009-07-08 12:44 . 2008-11-27 18:49 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2009-07-08 12:44 . 2008-11-27 18:49 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys2009-07-08 12:44 . 2008-11-27 18:49 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys2009-07-08 12:44 . 2008-11-27 18:49 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys2009-07-08 12:43 . 2008-11-27 18:49 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys2008-11-27 20:10 . 2008-11-27 20:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 170520]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 145944]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-27 30192]"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328]"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]"DLBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2007-02-12 73728]"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-17 442460]c:\users\dukestreet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]2008-11-27 18:54 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]SetupExecute REG_MULTI_SZ \0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]"VistaSp2"=hex(b):1a,f8,fd,0e,63,43,ca,01[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{1DD613C3-3C4A-4143-BCEA-F9A2646D05AE}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent"{F6E47C6E-0421-407B-A658-1F2B99348884}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX"{D05775A0-CDF2-4541-82FF-1F88529EB7F1}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program"{96BCD348-C6F3-4863-B773-7398ACC33951}"= UDP:c:\windows\System32\dlbucoms.exe:Photo AIO Printer 942 Server"{0021A7C6-F629-4653-A305-1E81BA201631}"= TCP:c:\windows\System32\dlbucoms.exe:Photo AIO Printer 942 Server"{F05F013B-2CE5-4EE4-8949-366CE1E74DA1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{28E72F42-681E-4857-91ED-570BB1F9D29F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{8D29ED83-13D7-4A55-8BA7-57ED96B70F0A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{91B84198-84B6-45A5-91EC-C644002C0456}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{B559162F-7D30-4E2D-9909-7FF3F14B6FEE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{6D83D18B-ACA1-4050-9628-702F089AFB19}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger"{61258463-6E77-4383-A671-814033A75144}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger"TCP Query User{4DD629E0-DA1B-4250-8813-39AF2F9EA3EA}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer"UDP Query User{CD91FF88-07A0-4808-B0A3-28D56B30CB84}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer"TCP Query User{3CDA6459-46F9-4DB7-B732-0997E5B6DAF0}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger"UDP Query User{DE95746C-6150-4862-B0B3-F0B8C8EB814A}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger"TCP Query User{88973BEB-ACF2-481F-92F6-B40DEFE72DD1}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer"UDP Query User{A344739E-6156-4511-9283-FFF0005E09E2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer"TCP Query User{3B8567D6-9BBF-4189-8A75-0466D226E2B1}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver"UDP Query User{BE42E5FF-1EAA-4BCC-8648-F7BD007D61E3}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast AdverR1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [03/09/2009 18:34 58856]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/09/2009 18:34 333928]R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe [27/11/2008 21:23 73728]R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [24/09/2008 05:09 155648]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [16/02/2009 09:51 210216]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/09/2009 18:34 967912]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [04/10/2009 15:41 38224]S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/11/2008 19:48 30192]--- Other Services/Drivers In Memory ---*NewlyCreated* - MBAMSWISSARMY[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12.Contents of the 'Scheduled Tasks' folder2009-06-08 c:\windows\Tasks\DriverCure.job- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-04-26 12:44]2008-11-27 c:\windows\Tasks\McDefragTask.job- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-15 20:26]2008-11-27 c:\windows\Tasks\McQcTask.job- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-15 20:26]2009-10-02 c:\windows\Tasks\ParetoLogic Registration.job- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]2009-06-08 c:\windows\Tasks\ParetoLogic Update Version2.job- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]..------- Supplementary Scan -------.uStart Page = hxxp://uk.yahoo.com/uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%sTrusted Zone: internetTrusted Zone: mcafee.comFF - ProfilePath - c:\users\dukestreet\AppData\Roaming\Mozilla\Firefox\Profiles\trxdbfhb.default\FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dllFF - plugin: c:\program files\Veetle\Player\npvlc.dllFF - plugin: c:\program files\Veetle\plugins\npVeetle.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-10-04 16:03Windows 6.0.6002 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2009-10-04 16:04ComboFix-quarantined-files.txt 2009-10-04 15:04Pre-Run: 193,892,249,600 bytes freePost-Run: 193,901,031,424 bytes freeCurrent=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7237 --- E O F --- 2009-10-03 07:00 Quote
chiaz Posted October 5, 2009 Posted October 5, 2009 Did you decide to remove AskBar? Also your ComboFix log is unreadable. This is caused by having Word Wrap checked. 1. Click Start > All Programs > Accessories > Notepad 2. On the menu bar in Notepad select Format and click on WordWrap so it appears un-checked and then post Combofix report again. Thank you. :) Quote
niknak Posted October 5, 2009 Author Posted October 5, 2009 Hi Chiaz, Ok, sorry, i have removed the ask toolbar and now include the report again, thanks! ComboFix 09-10-04.01 - dukestreet 05/10/2009 7:39.2.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3034.1876 [GMT 1:00] Running from: c:\users\dukestreet\Downloads\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 ))))))))))))))))))))))))))))))) . 2009-10-05 06:46 . 2009-10-05 06:46 -------- d-----w- c:\users\dukestreet\AppData\Local\temp 2009-10-05 06:46 . 2009-10-05 06:46 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-10-05 06:46 . 2009-10-05 06:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-04 14:41 . 2009-10-04 14:41 -------- d-----w- c:\users\dukestreet\AppData\Roaming\Malwarebytes 2009-10-04 14:41 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-04 14:41 . 2009-10-04 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-04 14:41 . 2009-10-04 14:41 -------- d-----w- c:\programdata\Malwarebytes 2009-10-04 14:41 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-03 07:12 . 2009-10-03 07:19 -------- dc----w- c:\windows\system32\DRVSTORE 2009-10-03 07:02 . 2009-10-03 07:02 -------- d-----w- c:\program files\Trend Micro 2009-10-03 07:00 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-02 16:28 . 2009-10-02 16:34 -------- d-----w- c:\program files\Privacy and Registry Cleaner 2009-10-02 15:29 . 2009-10-02 15:29 -------- d-----w- c:\users\dukestreet\AppData\Local\Mozilla 2009-10-02 13:13 . 2009-10-02 13:14 -------- d-----w- c:\windows\system32\ca-ES 2009-10-02 13:13 . 2009-10-02 13:14 -------- d-----w- c:\windows\system32\eu-ES 2009-10-02 13:13 . 2009-10-02 13:14 -------- d-----w- c:\windows\system32\vi-VN 2009-10-02 12:43 . 2009-04-11 06:28 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-10-02 12:42 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2009-10-02 12:42 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2009-10-02 12:42 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2009-10-02 12:42 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2009-10-02 09:26 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-02 09:26 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-02 09:26 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-02 09:26 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-02 09:26 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-02 09:26 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-02 09:26 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-02 09:26 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-02 09:26 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-02 08:34 . 2009-10-02 08:34 -------- d-----w- c:\program files\AVG 2009-10-02 08:34 . 2009-10-02 08:34 -------- d-----w- c:\programdata\avg8 2009-10-02 07:40 . 2009-10-02 07:52 -------- d-----w- c:\program files\Free Window Registry Repair 2009-10-02 07:01 . 2009-10-02 07:01 -------- d-----w- c:\programdata\Yahoo! Companion 2009-10-01 17:00 . 2009-10-02 07:02 -------- d-----w- c:\program files\RegistryFix8 2009-09-30 10:32 . 2009-10-02 09:17 -------- d-----w- C:\4db11413268c14deff0971ae5ac8 2009-09-09 13:37 . 2009-09-09 13:37 -------- d-----w- c:\users\dukestreet\AppData\Roaming\Trusteer 2009-09-09 13:37 . 2009-09-09 13:37 -------- d-----w- c:\programdata\Trusteer 2009-09-09 13:37 . 2009-09-09 13:37 -------- d-----w- c:\program files\Trusteer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-03 15:01 . 2008-11-27 18:43 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-03 11:55 . 2009-01-09 16:36 -------- d-----w- c:\program files\dl_Cats 2009-10-03 07:12 . 2008-11-27 18:53 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-10-02 13:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-10-02 09:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Reference Assemblies 2009-10-02 09:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild 2009-10-02 09:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games 2009-09-17 13:47 . 2009-09-17 13:47 4453282 ----a-w- c:\programdata\SPL7EE9.tmp 2009-09-09 18:31 . 2009-01-12 12:49 -------- d-----w- c:\programdata\Microsoft Help 2009-09-03 14:14 . 2009-09-03 14:14 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-08-29 00:27 . 2009-09-03 02:03 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-03 02:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-14 16:27 . 2009-09-09 09:49 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 15:53 . 2009-09-09 09:49 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 13:49 . 2009-09-09 09:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 13:49 . 2009-09-09 09:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 13:49 . 2009-09-09 09:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 13:49 . 2009-09-09 09:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 13:49 . 2009-09-09 09:49 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 13:49 . 2009-09-09 09:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 13:49 . 2009-09-09 09:49 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 13:48 . 2009-09-09 09:49 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 13:48 . 2009-09-09 09:49 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-21 21:52 . 2009-07-29 07:25 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 07:25 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 07:25 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-29 07:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-17 13:54 . 2009-08-13 08:43 71680 ----a-w- c:\windows\system32\atl.dll 2009-07-16 11:32 . 2008-11-27 18:49 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-07-15 12:40 . 2009-08-13 08:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-07-15 12:39 . 2009-08-13 08:42 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-15 12:39 . 2009-08-13 08:42 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-15 12:39 . 2009-08-13 08:42 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-07-11 19:01 . 2009-09-09 09:49 513536 ----a-w- c:\windows\system32\wlansvc.dll 2009-07-11 19:01 . 2009-09-09 09:49 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2009-07-11 19:01 . 2009-09-09 09:49 302592 ----a-w- c:\windows\system32\wlansec.dll 2009-07-11 19:01 . 2009-09-09 09:49 65024 ----a-w- c:\windows\system32\wlanapi.dll 2009-07-11 17:03 . 2009-09-09 09:49 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2009-07-08 14:13 . 2009-07-08 14:13 720300 ----a-w- c:\programdata\SPL3895.tmp 2009-07-08 12:44 . 2008-11-27 18:49 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-07-08 12:44 . 2008-11-27 18:49 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-07-08 12:44 . 2008-11-27 18:49 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-07-08 12:44 . 2008-11-27 18:49 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-07-08 12:43 . 2008-11-27 18:49 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2008-11-27 20:10 . 2008-11-27 20:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-10-04_15.03.20 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2009-10-05 06:27 47584 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-10-05 06:27 67884 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-01-09 17:03 . 2009-10-04 15:03 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-09 17:03 . 2009-10-05 06:46 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-09 17:03 . 2009-10-05 06:46 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-01-09 17:03 . 2009-10-04 15:03 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-09 17:03 . 2009-10-05 06:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-01-09 17:03 . 2009-10-04 15:03 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-09 17:07 . 2009-10-05 06:27 9296 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3914775888-4088661394-887693425-1000_UserData.bin - 2009-10-04 14:15 . 2009-10-04 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-10-05 06:25 . 2009-10-05 06:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-10-04 14:15 . 2009-10-04 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-10-05 06:25 . 2009-10-05 06:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 10:33 . 2009-10-05 06:32 600378 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-10-04 14:22 600378 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-10-05 06:32 105852 c:\windows\System32\perfc009.dat - 2006-11-02 10:33 . 2009-10-04 14:22 105852 c:\windows\System32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 145944] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-27 30192] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "DLBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2007-02-12 73728] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-17 442460] c:\users\dukestreet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-11-27 18:54 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):1a,f8,fd,0e,63,43,ca,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1DD613C3-3C4A-4143-BCEA-F9A2646D05AE}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{F6E47C6E-0421-407B-A658-1F2B99348884}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX "{D05775A0-CDF2-4541-82FF-1F88529EB7F1}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program "{96BCD348-C6F3-4863-B773-7398ACC33951}"= UDP:c:\windows\System32\dlbucoms.exe:Photo AIO Printer 942 Server "{0021A7C6-F629-4653-A305-1E81BA201631}"= TCP:c:\windows\System32\dlbucoms.exe:Photo AIO Printer 942 Server "{F05F013B-2CE5-4EE4-8949-366CE1E74DA1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{28E72F42-681E-4857-91ED-570BB1F9D29F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{8D29ED83-13D7-4A55-8BA7-57ED96B70F0A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{91B84198-84B6-45A5-91EC-C644002C0456}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B559162F-7D30-4E2D-9909-7FF3F14B6FEE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6D83D18B-ACA1-4050-9628-702F089AFB19}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{61258463-6E77-4383-A671-814033A75144}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "TCP Query User{4DD629E0-DA1B-4250-8813-39AF2F9EA3EA}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{CD91FF88-07A0-4808-B0A3-28D56B30CB84}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{3CDA6459-46F9-4DB7-B732-0997E5B6DAF0}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "UDP Query User{DE95746C-6150-4862-B0B3-F0B8C8EB814A}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "TCP Query User{88973BEB-ACF2-481F-92F6-B40DEFE72DD1}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{A344739E-6156-4511-9283-FFF0005E09E2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{3B8567D6-9BBF-4189-8A75-0466D226E2B1}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{BE42E5FF-1EAA-4BCC-8648-F7BD007D61E3}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [03/09/2009 18:34 58856] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/09/2009 18:34 333928] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe [27/11/2008 21:23 73728] R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [24/09/2008 05:09 155648] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [16/02/2009 09:51 210216] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/09/2009 18:34 967912] R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/11/2008 19:48 30192] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-06-08 c:\windows\Tasks\DriverCure.job - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-04-26 12:44] 2008-11-27 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-15 20:26] 2008-11-27 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-15 20:26] 2009-10-02 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59] 2009-06-08 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59] . . Quote
niknak Posted October 5, 2009 Author Posted October 5, 2009 ------- Supplementary Scan ------- . uStart Page = hxxp://uk.yahoo.com/ uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-10-05 07:46 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(1696) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Trusteer\Rapport\bin\rooksbas.dll . Completion time: 2009-10-05 7:48 ComboFix-quarantined-files.txt 2009-10-05 06:48 ComboFix2.txt 2009-10-04 15:04 Pre-Run: 193,828,962,304 bytes free Post-Run: 193,829,801,984 bytes free Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7 246 --- E O F --- 2009-10-03 07:00 Quote
niknak Posted October 5, 2009 Author Posted October 5, 2009 Hi, im also getting an error message if i try to open anything from the start menu "Illegal operation attempted on a registry key that has been marked for deletion" Quote
chiaz Posted October 5, 2009 Posted October 5, 2009 Have you tried restarting your PC yet? Do you have your Vista disc with you? Quote
niknak Posted October 5, 2009 Author Posted October 5, 2009 Pc is running quicker but still freezes and fails to bring up relevant page, e.g. i type in AOL.com - Welcome to AOL and it goes to a yahoo search page. Registry error i mentioned in last post has gone however. i have no vista disk. Quote
chiaz Posted October 5, 2009 Posted October 5, 2009 Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* and copy/paste the text in the quotebox below into it: File:: c:\programdata\SPL7EE9.tmp Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt in your new reply later. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.* ========== Next go HERE to run Panda ActiveScan 2.0Click the big green Scan now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Once the scan is completed, please hit the notepad icon next to the text Export to: Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply, along with the ComboFix.txt. Quote
niknak Posted October 5, 2009 Author Posted October 5, 2009 Combo report : - ComboFix 09-10-04.01 - dukestreet 05/10/2009 13:10.3.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3034.1599 [GMT 1:00] Running from: c:\users\dukestreet\Downloads\ComboFix.exe Command switches used :: c:\users\dukestreet\Desktop\CFScript.lnk SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 ))))))))))))))))))))))))))))))) . 2009-10-05 12:16 . 2009-10-05 12:16 -------- d-----w- c:\users\dukestreet\AppData\Local\temp 2009-10-05 12:16 . 2009-10-05 12:16 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-10-05 12:16 . 2009-10-05 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-04 14:41 . 2009-10-04 14:41 -------- d-----w- c:\users\dukestreet\AppData\Roaming\Malwarebytes 2009-10-04 14:41 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-04 14:41 . 2009-10-04 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-04 14:41 . 2009-10-04 14:41 -------- d-----w- c:\programdata\Malwarebytes 2009-10-04 14:41 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-03 07:12 . 2009-10-03 07:19 -------- dc----w- c:\windows\system32\DRVSTORE 2009-10-03 07:02 . 2009-10-03 07:02 -------- d-----w- c:\program files\Trend Micro 2009-10-03 07:00 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-02 16:28 . 2009-10-05 11:42 -------- d-----w- c:\program files\Privacy and Registry Cleaner 2009-10-02 15:29 . 2009-10-02 15:29 -------- d-----w- c:\users\dukestreet\AppData\Local\Mozilla 2009-10-02 13:13 . 2009-10-02 13:14 -------- d-----w- c:\windows\system32\ca-ES 2009-10-02 13:13 . 2009-10-02 13:14 -------- d-----w- c:\windows\system32\eu-ES 2009-10-02 13:13 . 2009-10-02 13:14 -------- d-----w- c:\windows\system32\vi-VN 2009-10-02 12:43 . 2009-04-11 06:28 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-10-02 12:42 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2009-10-02 12:42 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2009-10-02 12:42 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2009-10-02 12:42 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2009-10-02 09:26 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-02 09:26 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-02 09:26 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-02 09:26 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-02 09:26 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-02 09:26 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-02 09:26 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-02 09:26 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-02 09:26 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-02 08:34 . 2009-10-02 08:34 -------- d-----w- c:\program files\AVG 2009-10-02 08:34 . 2009-10-02 08:34 -------- d-----w- c:\programdata\avg8 2009-10-02 07:40 . 2009-10-02 07:52 -------- d-----w- c:\program files\Free Window Registry Repair 2009-10-02 07:01 . 2009-10-02 07:01 -------- d-----w- c:\programdata\Yahoo! Companion 2009-10-01 17:00 . 2009-10-02 07:02 -------- d-----w- c:\program files\RegistryFix8 2009-09-30 10:32 . 2009-10-02 09:17 -------- d-----w- C:\4db11413268c14deff0971ae5ac8 2009-09-09 13:37 . 2009-09-09 13:37 -------- d-----w- c:\users\dukestreet\AppData\Roaming\Trusteer 2009-09-09 13:37 . 2009-09-09 13:37 -------- d-----w- c:\programdata\Trusteer 2009-09-09 13:37 . 2009-09-09 13:37 -------- d-----w- c:\program files\Trusteer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-03 15:01 . 2008-11-27 18:43 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-03 11:55 . 2009-01-09 16:36 -------- d-----w- c:\program files\dl_Cats 2009-10-03 07:12 . 2008-11-27 18:53 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-10-02 13:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-10-02 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-10-02 09:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Reference Assemblies 2009-10-02 09:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild 2009-10-02 09:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games 2009-09-17 13:47 . 2009-09-17 13:47 4453282 ----a-w- c:\programdata\SPL7EE9.tmp 2009-09-09 18:31 . 2009-01-12 12:49 -------- d-----w- c:\programdata\Microsoft Help 2009-09-03 14:14 . 2009-09-03 14:14 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-08-29 00:27 . 2009-09-03 02:03 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-03 02:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-14 16:27 . 2009-09-09 09:49 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 15:53 . 2009-09-09 09:49 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 13:49 . 2009-09-09 09:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 13:49 . 2009-09-09 09:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 13:49 . 2009-09-09 09:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 13:49 . 2009-09-09 09:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 13:49 . 2009-09-09 09:49 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 13:49 . 2009-09-09 09:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 13:49 . 2009-09-09 09:49 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 13:48 . 2009-09-09 09:49 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 13:48 . 2009-09-09 09:49 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-21 21:52 . 2009-07-29 07:25 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 07:25 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 07:25 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-29 07:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-17 13:54 . 2009-08-13 08:43 71680 ----a-w- c:\windows\system32\atl.dll 2009-07-16 11:32 . 2008-11-27 18:49 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-07-15 12:40 . 2009-08-13 08:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-07-15 12:39 . 2009-08-13 08:42 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-15 12:39 . 2009-08-13 08:42 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-15 12:39 . 2009-08-13 08:42 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-07-11 19:01 . 2009-09-09 09:49 513536 ----a-w- c:\windows\system32\wlansvc.dll 2009-07-11 19:01 . 2009-09-09 09:49 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2009-07-11 19:01 . 2009-09-09 09:49 302592 ----a-w- c:\windows\system32\wlansec.dll 2009-07-11 19:01 . 2009-09-09 09:49 65024 ----a-w- c:\windows\system32\wlanapi.dll 2009-07-11 17:03 . 2009-09-09 09:49 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2009-07-08 14:13 . 2009-07-08 14:13 720300 ----a-w- c:\programdata\SPL3895.tmp 2009-07-08 12:44 . 2008-11-27 18:49 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-07-08 12:44 . 2008-11-27 18:49 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-07-08 12:44 . 2008-11-27 18:49 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-07-08 12:44 . 2008-11-27 18:49 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-07-08 12:43 . 2008-11-27 18:49 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2008-11-27 20:10 . 2008-11-27 20:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-10-04_15.03.20 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2009-10-05 11:31 47584 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-10-05 11:31 67892 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-01-09 17:03 . 2009-10-04 15:03 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-09 17:03 . 2009-10-05 12:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-09 17:03 . 2009-10-05 12:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-01-09 17:03 . 2009-10-04 15:03 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-09 17:03 . 2009-10-05 12:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-01-09 17:03 . 2009-10-04 15:03 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-10 10:41 . 2009-10-05 06:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-01-10 10:41 . 2009-10-02 12:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-10 10:41 . 2009-10-05 06:52 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-01-10 10:41 . 2009-10-02 12:52 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-10 10:41 . 2009-10-05 06:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-01-10 10:41 . 2009-10-02 12:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-09 17:07 . 2009-10-05 11:31 9296 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3914775888-4088661394-887693425-1000_UserData.bin + 2009-10-05 07:01 . 2009-10-05 07:01 5148 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\D85350C5E0A1299BEB084ED15F14D40BD7FC6C58\D85350C5E0A1299BEB084ED15F14D40BD7FC6C58\Data.dat + 2009-10-05 07:19 . 2009-10-05 07:19 4798 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\4A2A30891E570CC07B14854E120DFAE4CB6520E1\4A2A30891E570CC07B14854E120DFAE4CB6520E1\Data.dat - 2009-10-04 14:15 . 2009-10-04 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-10-05 11:29 . 2009-10-05 11:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-10-04 14:15 . 2009-10-04 14:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-10-05 11:29 . 2009-10-05 11:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2006-11-02 10:33 . 2009-10-04 14:22 600378 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-10-05 11:34 600378 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-10-04 14:22 105852 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2009-10-05 11:34 105852 c:\windows\System32\perfc009.dat - 2009-05-04 10:33 . 2009-10-04 14:17 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-05-04 10:33 . 2009-10-05 07:02 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat . Quote
niknak Posted October 5, 2009 Author Posted October 5, 2009 Combo part 2 ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 145944] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-27 30192] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "DLBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2007-02-12 73728] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-17 442460] c:\users\dukestreet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-11-27 18:54 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):1a,f8,fd,0e,63,43,ca,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1DD613C3-3C4A-4143-BCEA-F9A2646D05AE}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{F6E47C6E-0421-407B-A658-1F2B99348884}"= c:\program files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX "{D05775A0-CDF2-4541-82FF-1F88529EB7F1}"= c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program "{96BCD348-C6F3-4863-B773-7398ACC33951}"= UDP:c:\windows\System32\dlbucoms.exe:Photo AIO Printer 942 Server "{0021A7C6-F629-4653-A305-1E81BA201631}"= TCP:c:\windows\System32\dlbucoms.exe:Photo AIO Printer 942 Server "{F05F013B-2CE5-4EE4-8949-366CE1E74DA1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{28E72F42-681E-4857-91ED-570BB1F9D29F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{8D29ED83-13D7-4A55-8BA7-57ED96B70F0A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{91B84198-84B6-45A5-91EC-C644002C0456}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B559162F-7D30-4E2D-9909-7FF3F14B6FEE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6D83D18B-ACA1-4050-9628-702F089AFB19}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{61258463-6E77-4383-A671-814033A75144}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "TCP Query User{4DD629E0-DA1B-4250-8813-39AF2F9EA3EA}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{CD91FF88-07A0-4808-B0A3-28D56B30CB84}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{3CDA6459-46F9-4DB7-B732-0997E5B6DAF0}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "UDP Query User{DE95746C-6150-4862-B0B3-F0B8C8EB814A}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "TCP Query User{88973BEB-ACF2-481F-92F6-B40DEFE72DD1}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{A344739E-6156-4511-9283-FFF0005E09E2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{3B8567D6-9BBF-4189-8A75-0466D226E2B1}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{BE42E5FF-1EAA-4BCC-8648-F7BD007D61E3}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [03/09/2009 18:34 58856] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/09/2009 18:34 333928] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe [27/11/2008 21:23 73728] R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [24/09/2008 05:09 155648] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [16/02/2009 09:51 210216] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/09/2009 18:34 967912] R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/11/2008 19:48 30192] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-06-08 c:\windows\Tasks\DriverCure.job - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-04-26 12:44] 2008-11-27 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-15 20:26] 2008-11-27 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-15 20:26] 2009-10-02 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59] 2009-06-08 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://uk.yahoo.com/ uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-10-05 13:16 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... c:\users\DUKEST~1\AppData\Local\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(6368) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Trusteer\Rapport\bin\rooksbas.dll . Completion time: 2009-10-05 13:18 ComboFix-quarantined-files.txt 2009-10-05 12:18 ComboFix2.txt 2009-10-05 06:48 ComboFix3.txt 2009-10-04 15:04 Pre-Run: 192,748,445,696 bytes free Post-Run: 192,710,410,240 bytes free Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7 259 --- E O F --- 2009-10-03 07:00 Quote
chiaz Posted October 5, 2009 Posted October 5, 2009 OK can I see the Panda ActiveScan log once the scan is complete? Quote
niknak Posted October 5, 2009 Author Posted October 5, 2009 ActiveScan report ;*********************************************************************************************************************************************************************************** ANALYSIS: 2009-10-05 14:36:54 PROTECTIONS: 1 MALWARE: 2 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== McAfee VirusScan Yes Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\dukestreet\AppData\Roaming\Microsoft\Windows\Cookies\Low\dukestreet@doubleclick[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\dukestreet\AppData\Roaming\Microsoft\Windows\Cookies\Low\dukestreet@atdmt[2].txt ;=================================================================================================================================================================================== SUSPECTS Sent Location ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== Quote
chiaz Posted October 5, 2009 Posted October 5, 2009 I think our work is done here - your PC should be clean now. It's time to remove ComboFix. Go to to Start > Run Type in box combofix /u Note: the space between the X and the /u Press Enter. This command will: Delete the following: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Reset System Restore. ======= Pc is running quicker but still freezes and fails to bring up relevant page, e.g. i type in AOL.com - Welcome to AOL and it goes to a yahoo search page. Did you type the full URL, aka http://www.aol.com? This is because your default search URL is set as Yahoo, and if the browser does not recognize what you're typing into the URL box, it would consider it as a search and would redirect to Yahoo search pages. Quote
niknak Posted October 5, 2009 Author Posted October 5, 2009 Hi Chiaz, The problem still exists, bbc website is in my favorites, still getting "address not valid". Very frustrating. Quote
chiaz Posted October 6, 2009 Posted October 6, 2009 Give this a try... Download HostsXpert Here and unzip it to your desktop. Next, open HostsXpert Make sure that the "make hosts writable?" button in the upper right corner is checked Now, click on 'back up Host files' then click on 'Restore orginal host files' Finally, close HostsXpert. Maybe others will have more to suggest if this doesn't work. Quote
RandyL Posted October 6, 2009 Posted October 6, 2009 chiaz is right as this might be a HOSTS file problem. I'm still unclear on one thing he asked of you. Click on the following two links and see what happens. AOL.com - Welcome to AOL BBC - Homepage Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.