Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer seems to have a Google redirect virus

Started by sliding9 , Sep 25 2010 02:38 PM

  • Please log in to reply

#1
sliding9
Posted 25 September 2010 - 02:38 PM

sliding9

    Member

  • Member
  • PipPip
  • 10 posts
I have ran spy - bot , mCafee Total Protection , Malwarebytes , hitman 3.5

I have ran the OTL.exe also. If someone has any suggestions I would be greatful.

Thanks,

David
  • 0

Advertisements

#2
CatByte
Posted 25 September 2010 - 03:04 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi

Please do the following:



Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.



NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.



NEXT


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • 0

#3
sliding9
Posted 25 September 2010 - 03:22 PM

sliding9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have ran the first and here are the results.

Thanks

Attached Files


  • 0

#4
sliding9
Posted 25 September 2010 - 03:24 PM

sliding9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry here are the details...


heck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Gateway
System Product Name: MT6728
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 152):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x80434000 \SystemRoot\system32\drivers\pci.sys
0x80425000 \SystemRoot\system32\drivers\volmgr.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040B000 \SystemRoot\System32\drivers\mountmgr.sys
0x80404000 \SystemRoot\system32\drivers\intelide.sys
0x807F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807A8000 \SystemRoot\System32\drivers\volmgrx.sys
0x806EA000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x806E2000 \SystemRoot\system32\drivers\atapi.sys
0x806C4000 \SystemRoot\system32\drivers\ataport.SYS
0x806BB000 \SystemRoot\system32\drivers\msahci.sys
0x8068A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8067A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8061E000 \SystemRoot\system32\drivers\mfehidk.sys
0x8060F000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x82DEF000 \SystemRoot\system32\drivers\TfFsMon.sys
0x82DDE000 \SystemRoot\system32\drivers\TfSysMon.sys
0x82CDA000 \SystemRoot\system32\drivers\ndis.sys
0x82CAF000 \SystemRoot\system32\drivers\msrpc.sys
0x82C76000 \SystemRoot\system32\drivers\NETIO.SYS
0x82EF8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82C0C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82EC2000 \SystemRoot\system32\drivers\volsnap.sys
0x80607000 \SystemRoot\System32\Drivers\spldr.sys
0x82EB3000 \SystemRoot\System32\drivers\partmgr.sys
0x82EA4000 \SystemRoot\System32\Drivers\mup.sys
0x82E7F000 \SystemRoot\System32\drivers\ecache.sys
0x82E6E000 \SystemRoot\system32\drivers\disk.sys
0x82E4D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82C03000 \SystemRoot\system32\drivers\crcdisk.sys
0x88E89000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B656000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B221000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B274000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B65F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8BFB3000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8BF16000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B214000 \SystemRoot\System32\drivers\watchdog.sys
0x8B209000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B685000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B242000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B620000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B60B000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8B672000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B296000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BEEA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x88E56000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B600000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BEDF000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0x8BEC7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B2E0000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0x8B335000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8BE9C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BE5C000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BE51000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BE3A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BE2F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BE0C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x88AA5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C7ED000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C7D1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x88E60000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C7A7000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B668000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C7E0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C763000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88FE0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C6C0000 \SystemRoot\system32\drivers\stwrt.sys
0x8C693000 \SystemRoot\system32\drivers\portcls.sys
0x8C66E000 \SystemRoot\system32\drivers\drmk.sys
0x8C854000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8C661000 \SystemRoot\system32\drivers\modem.sys
0x8B64D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B2C4000 \SystemRoot\System32\Drivers\Null.SYS
0x8C613000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
0x8B2CB000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BE00000 \SystemRoot\System32\drivers\vga.sys
0x8C833000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B388000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B390000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C608000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C805000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B63B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CB2B000 \SystemRoot\System32\drivers\tcpip.sys
0x8CB12000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CABF000 \SystemRoot\system32\drivers\mfetdi2k.sys
0x8CAAA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CA96000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CA64000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CA1D000 \SystemRoot\system32\drivers\afd.sys
0x8CA07000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CDE6000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x8CDD8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CDC5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CD8A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CD80000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CD69000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CD45000 \SystemRoot\system32\drivers\mfeavfk.sys
0x8CCBA000 \SystemRoot\system32\drivers\mfefirek.sys
0x8C99D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x88F50000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B2D9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8CCA8000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8B380000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8B22F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D072000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x95200000 \SystemRoot\System32\win32k.sys
0x8B6F6000 \SystemRoot\System32\drivers\Dxapi.sys
0x95690000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA6200000 \SystemRoot\System32\TSDDD.dll
0xA6210000 \SystemRoot\System32\cdd.dll
0xA6220000 \SystemRoot\System32\ATMFD.DLL
0xA6715000 \SystemRoot\system32\drivers\luafv.sys
0xA9532000 \SystemRoot\system32\drivers\spsys.sys
0x88F40000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA944D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA8A7E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA943A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA9623000 \SystemRoot\system32\drivers\HTTP.sys
0xA9414000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA960A000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAA36C000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAA34C000 \SystemRoot\system32\drivers\mrxdav.sys
0xAA32E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAA2F5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAA2E3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAA2BF000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAA26E000 \SystemRoot\System32\DRIVERS\srv.sys
0xAAA32000 \SystemRoot\system32\drivers\peauth.sys
0xA8AE2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA97A8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA8B94000 \SystemRoot\system32\drivers\cfwids.sys
0xADA5A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8BD0000 \??\C:\Windows\system32\drivers\TfNetMon.sys
0xAAE0A000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA9750000 \SystemRoot\system32\drivers\mfebopk.sys
0xA7426000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77440000 \Windows\System32\ntdll.dll

Processes (total 88):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
644 C:\Windows\System32\csrss.exe
688 C:\Windows\System32\wininit.exe
704 C:\Windows\System32\csrss.exe
736 C:\Windows\System32\services.exe
748 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
832 C:\Windows\System32\winlogon.exe
952 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\audiodg.exe
1328 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\SLsvc.exe
1408 C:\Windows\System32\svchost.exe
1572 C:\Windows\System32\svchost.exe
1704 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1792 C:\Windows\System32\spoolsv.exe
1824 C:\Windows\System32\svchost.exe
728 C:\Windows\System32\agrsmsvc.exe
752 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
992 C:\Program Files\Bonjour\mDNSResponder.exe
1392 C:\Program Files\Firebird\Firebird_2_0\bin\fb_inet_server.exe
1812 C:\Windows\System32\svchost.exe
416 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1380 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1712 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1468 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\svchost.exe
512 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\rundll32.exe
1648 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2068 C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
2168 C:\Windows\System32\svchost.exe
2192 C:\Program Files\ThreatFire\TFService.exe
2216 C:\Windows\System32\svchost.exe
2312 C:\Windows\System32\SearchIndexer.exe
2336 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2372 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2444 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2544 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3216 C:\Windows\System32\taskeng.exe
3236 C:\Windows\System32\wbem\unsecapp.exe
3328 C:\Windows\System32\alg.exe
3472 C:\Windows\System32\wbem\WmiPrvSE.exe
3772 C:\Windows\System32\taskeng.exe
3664 C:\Windows\System32\dwm.exe
3704 C:\Windows\explorer.exe
3876 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
2124 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
3464 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
732 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4100 C:\Program Files\Spare Backup\SpareBackup.exe
4108 C:\Program Files\Napster\napster.exe
4116 C:\Windows\System32\igfxtray.exe
4124 C:\Windows\System32\hkcmd.exe
4144 C:\Windows\System32\igfxpers.exe
4152 C:\Windows\System32\M-AudioTaskBarIcon.exe
4172 C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
4180 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
4204 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
4232 C:\Program Files\McAfee.com\Agent\mcagent.exe
4260 C:\Program Files\iTunes\iTunesHelper.exe
4268 C:\Program Files\ThreatFire\TFTray.exe
4276 C:\Windows\ehome\ehtray.exe
4284 C:\Program Files\Windows Media Player\wmpnscfg.exe
4304 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
4320 C:\Program Files\BigFix\bigfix.exe
4332 C:\Program Files\Creative Home\Hallmark Card Studio 2008 Premier\Planner\PLNRnote.exe
4340 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
4348 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
4356 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
4364 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
4596 C:\Windows\System32\igfxsrvc.exe
4848 C:\Windows\ehome\ehmsas.exe
4868 C:\Program Files\Windows Media Player\wmpnetwk.exe
5440 C:\Windows\System32\wuauclt.exe
5452 C:\Program Files\iPod\bin\iPodService.exe
5660 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
536 C:\Windows\System32\wercon.exe
2120 C:\Program Files\Mozilla Firefox\firefox.exe
5064 C:\Windows\System32\dllhost.exe
4796 C:\Windows\System32\dllhost.exe
6068 C:\Users\sliding9\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`c8d85c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-22RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
  • 0

#5
sliding9
Posted 25 September 2010 - 03:47 PM

sliding9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by sliding9 at 16:34:24.37 on Sat 09/25/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.843 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fb_inet_server.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Napster\napster.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2008 Premier\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\sliding9\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6728
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100420052734.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\sliding9\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{747a6a10-da58-48c2-a1f0-c15514419c8a}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: line6.net
Trusted Zone: turbotax.com
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos2.walmart.com/WalmartActivia.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {FBB7E9FA-7484-40C0-8B5E-68D2516D0850} = 208.67.222.222,208.67.220.220
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\sliding9\appdata\roaming\mozilla\firefox\profiles\wrjta6mz.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - wwww.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-23 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 385536]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-9-24 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-9-24 59664]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-4-20 64304]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-20 82952]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-20 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-17 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-17 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-20 312584]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-11-17 281088]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-9-24 33552]
S3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [2008-6-10 521472]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\drivers\mausbft.sys [2008-6-29 132096]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-20 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-17 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-17 40552]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-09-25 19:47:34 0 d-sh--w- C:\$RECYCLE.BIN
2010-09-25 18:05:58 98816 ----a-w- c:\windows\sed.exe
2010-09-25 18:05:58 77312 ----a-w- c:\windows\MBR.exe
2010-09-25 18:05:58 256512 ----a-w- c:\windows\PEV.exe
2010-09-25 18:05:58 161792 ----a-w- c:\windows\SWREG.exe
2010-09-25 13:53:16 0 d-----w- c:\users\sliding9\appdata\roaming\PeerNetworking
2010-09-25 12:56:09 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2010-09-24 22:14:40 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-24 22:14:40 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-24 22:14:40 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-24 22:14:39 0 d-----w- c:\programdata\PC Tools
2010-09-24 22:14:39 0 d-----w- c:\program files\ThreatFire
2010-09-24 22:08:06 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-24 22:07:38 0 d-----w- c:\programdata\Hitman Pro
2010-09-24 22:07:35 0 d-----w- c:\program files\Hitman Pro 3.5
2010-09-24 21:13:33 0 d-----w- c:\users\sliding9\appdata\roaming\Safer Networking
2010-09-23 23:27:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-23 23:08:26 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-23 23:08:21 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-23 23:02:15 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-23 23:01:36 0 d-----w- c:\programdata\Lavasoft
2010-09-23 23:01:36 0 d-----w- c:\program files\Lavasoft
2010-09-22 21:26:10 0 d-----w- c:\program files\Sophos
2010-09-14 20:06:12 4771840 ----a-w- c:\users\sliding9\Yard Therapy LLC (Backup Sep 14,2010 03 05 PM).QBB
2010-09-03 02:18:19 4759552 ----a-w- c:\users\sliding9\Yard Therapy LLC (Backup Sep 02,2010 09 18 PM).QBB

==================== Find3M ====================

2010-09-19 10:39:54 148946 ----a-w- c:\windows\hpoins19.dat
2010-09-04 20:09:03 4124 ----a-w- c:\users\sliding9\appdata\roaming\wklnhst.dat
2010-06-25 02:09:55 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-06-25 02:09:55 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-25 02:09:55 51200 ----a-w- c:\windows\inf\infpub.dat
2009-04-23 08:07:03 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-12 09:18:15 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-10 04:04:15 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 16:41:08.73 ===============

and here is the Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/17/2007 1:05:51 PM
System Uptime: 9/25/2010 2:58:42 PM (2 hours ago)

Motherboard: Gateway | |
Processor: Intel® Pentium® Dual CPU T2330 @ 1.60GHz | uFCPGA2 | 1600/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 138 GiB total, 22.087 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 3.882 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================


1600
1600_Help
1600Trb
32 Bit HP CIO Components Installer
3DVIA player 5.0
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Agere Systems HDA Modem
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Barbie® idesign™ Ultimate Stylist™
Barbie™ Horse Adventures™
BigFix
Bonjour
Browser Address Error Redirector
BufferChm
Canon MP Navigator EX 2.0
Canon MP240 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Clickables Online
Collab
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
Digital Photo Navigator 1.5
DocProc
DocProcQFolder
DSound GT Player Express
eSupportQFolder
Fast Track USB
Fax
Firebird 2.0.3
FL Studio 7
Gateway Connect
Gateway Games
Gateway Recovery Center Installer
GIMP 2.6.8
Hallmark Card Studio 2008 Premier
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Print Diagnostic Utility
HP Product Detection
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
IL Download Manager
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java™ SE Runtime Environment 6 Update 1
Kid's College CFA
LabelPrint
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan Plus
McAfee Total Protection
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox (3.5.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Napster
Napster Burn Engine
Power2Go 5.0
PowerCinema NE for Everio
QuickBooks
QuickBooks Pro 2010
QuickBooks Product Listing Service
Quicken 2010
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
REALTEK USB Wireless LAN Driver
Rhythm Rascal
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SigmaTel Audio
SolutionCenter
SONAR 7 Studio Edition
SONAR 8.5 Studio
Sophos Anti-Rootkit 1.5.4
Spare Backup
Spybot - Search & Destroy
Status
Super Stunt Spectacular v1.0
SupportSoft Assisted Service
Synaptics Pointing Device Driver
The Game of Life - SpongeBob SquarePants Edition
ThreatFire
Toolbox
TrayApp
TurboTax 2008 walsbpm
TurboTax 2008 WinBizFedFormset
TurboTax 2008 WinBizProgramHelp
TurboTax 2008 WinBizReleaseEngine
TurboTax 2008 WinBizTaxSupport
TurboTax 2008 WinBizUserEducation
TurboTax 2008 wrapper
TurboTax 2009 walsbpm
TurboTax 2009 WinBizFedFormset
TurboTax 2009 WinBizReleaseEngine
TurboTax 2009 WinBizTaxSupport
TurboTax 2009 wrapper
TurboTax Business 2007
TurboTax Business 2008
TurboTax Business 2009
TurboTax Home & Business 2007
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wal-Mart® Mini Movie
WebReg
Yahoo! SiteBuilder
Yahoo! Toolbar

==== End Of File ===========================
  • 0

#6
CatByte
Posted 25 September 2010 - 03:54 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
I see you have run ComboFix

Please post the log(s) for me to look at as well as the GMER log when it has finished scanning.


they will be located at c:\Combofix.txt or c:\combofix\combofix.txt or c:\qoobox\combofix2.txt, c:\qoobox\combofix3.txt etc.

thanks
  • 0

#7
sliding9
Posted 26 September 2010 - 10:38 AM

sliding9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the combo txt.

ComboFix 10-09-25.01 - sliding9 09/25/2010 13:51:17.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.705 [GMT -5:00]
Running from: c:\users\sliding9\Documents\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-25 to 2010-09-25 )))))))))))))))))))))))))))))))
.

2010-09-25 19:27 . 2010-09-25 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-25 13:53 . 2010-09-25 13:53 -------- d-----w- c:\users\sliding9\AppData\Roaming\PeerNetworking
2010-09-25 12:56 . 2010-09-25 12:56 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2010-09-24 22:14 . 2010-01-14 21:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-24 22:14 . 2010-01-14 21:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-24 22:14 . 2010-01-14 21:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-24 22:14 . 2010-09-24 22:15 -------- d-----w- c:\program files\ThreatFire
2010-09-24 22:14 . 2010-09-24 22:14 -------- d-----w- c:\programdata\PC Tools
2010-09-24 22:08 . 2010-09-25 12:57 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-24 22:07 . 2010-09-24 22:07 -------- d-----w- c:\programdata\Hitman Pro
2010-09-24 22:07 . 2010-09-24 22:07 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-24 21:13 . 2010-09-24 21:13 -------- d-----w- c:\users\sliding9\AppData\Roaming\Safer Networking
2010-09-23 23:27 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-23 23:08 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-23 23:08 . 2010-09-23 23:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-23 23:03 . 2010-09-23 23:03 -------- d-----w- c:\users\sliding9\AppData\Local\Sunbelt Software
2010-09-23 23:02 . 2010-09-23 23:02 -------- dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-23 23:02 . 2010-08-12 12:16 2979848 -c--a-w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-23 23:01 . 2010-09-23 23:08 -------- d-----w- c:\programdata\Lavasoft
2010-09-23 23:01 . 2010-09-23 23:01 -------- d-----w- c:\program files\Lavasoft
2010-09-22 21:26 . 2010-09-22 21:26 -------- d-----w- c:\program files\Sophos
2010-09-05 14:15 . 2010-09-05 14:15 -------- d-----w- c:\users\sliding9\AppData\Local\Nova Development

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 18:39 . 2008-01-06 03:00 -------- d-----w- c:\users\sliding9\AppData\Roaming\Spare Backup
2010-09-24 01:54 . 2010-04-25 20:43 2293 ----a-w- c:\programdata\Intuit\QuickBooks 2010\qbbackup.sys
2010-09-21 19:00 . 2010-01-03 13:02 -------- d-----w- c:\program files\McAfee Security Scan
2010-09-19 10:39 . 2009-03-09 02:03 148946 ----a-w- c:\windows\hpoins19.dat
2010-09-04 20:09 . 2008-01-06 12:27 4124 ----a-w- c:\users\sliding9\AppData\Roaming\wklnhst.dat
2010-09-03 22:37 . 2008-01-09 21:00 -------- d-----w- c:\users\sliding9\AppData\Roaming\Apple Computer
2010-09-03 22:37 . 2008-01-09 20:57 -------- d-----w- c:\programdata\Apple
2010-09-02 06:53 . 2010-04-28 21:18 975648 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch2.exe
2010-09-02 06:53 . 2010-04-28 21:18 44832 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch.exe
2010-09-02 05:02 . 2010-04-27 02:00 24328 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Interop.QBInstanceFinder.dll
2010-09-02 05:02 . 2010-04-27 02:00 211720 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2010-09-02 05:02 . 2010-04-27 02:00 1394440 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-08-28 19:39 . 2010-07-24 11:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-22 17:25 . 2009-07-18 00:16 680 ----a-w- c:\users\sliding9\AppData\Local\d3d9caps.dat
2010-07-10 19:24 . 2008-01-13 13:08 8023 ----a-w- c:\programdata\Intuit\QuickBooks 2007\qbbackup.sys
2010-07-02 01:01 . 2010-04-27 02:00 496944 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2010-07-02 01:01 . 2010-04-27 02:00 267568 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2010-07-02 01:01 . 2010-04-27 02:00 791856 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2010-07-02 01:01 . 2010-04-27 02:00 570672 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2010-07-02 01:01 . 2010-04-27 02:00 423216 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2010-07-02 01:01 . 2010-04-27 02:00 296240 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2010-07-02 01:01 . 2010-04-27 02:00 1152304 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2010-07-02 01:01 . 2010-04-27 02:00 763184 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2010-07-02 01:01 . 2010-04-27 02:00 398640 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2010-07-02 01:01 . 2010-04-27 02:00 2184496 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2010-07-02 01:01 . 2010-04-27 02:00 856880 ----a-w- c:\programdata\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\dblgen11.dll
2010-01-05 23:04 . 2010-04-20 10:27 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-17 1006264]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2008-04-03 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

c:\users\sliding9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-11-17 2342912]
Event Planner Reminder 2008.lnk - c:\windows\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2008-2-27 1718]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-3-24 1154848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\Drivers\L6TPortB.sys [2008-06-10 521472]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
R3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\DRIVERS\mausbft.sys [2007-11-13 132096]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C4A5.tmp [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-05 83496]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-01-05 64304]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fb_inet_server.exe [2007-09-03 1982464]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-23 1355928]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-15 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-01-05 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-01-05 141792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-01-05 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-01-05 312584]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-18 281088]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 23:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6728
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: line6.net
Trusted Zone: turbotax.com
TCP: {FBB7E9FA-7484-40C0-8B5E-68D2516D0850} = 208.67.222.222,208.67.220.220
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\sliding9\AppData\Roaming\Mozilla\Firefox\Profiles\wrjta6mz.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - wwww.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
AddRemove-Cakewalk Pro Audio 9 - c:\program files\Cakewalk\Cakewalk Pro Audio 9\CWPA9_Uninst.isu
AddRemove-Line 6 Uninstaller - c:\program files\Line6\Tools\Line 6 Uninstaller.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-25 14:28
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C4A5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'lsass.exe'(680)
c:\program files\ThreatFire\TFWAH.dll
.
Completion time: 2010-09-25 14:46:49
ComboFix-quarantined-files.txt 2010-09-25 19:46

Pre-Run: 21,058,924,544 bytes free
Post-Run: 23,650,357,248 bytes free

- - End Of File - - FB262B2A7937E628E8695D3DF96AC1F5
  • 0

#8
CatByte
Posted 26 September 2010 - 11:28 AM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

**Vista/Win7 users - right click on the IE icon and run as administrator

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

  • 0

#9
sliding9
Posted 26 September 2010 - 12:19 PM

sliding9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is Mbam. txt I ran the GMER but it keeps cutting my computer off. I will do the Kaspersky now. Thanks for all your doing.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4678

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

9/26/2010 1:02:39 PM
mbam-log-2010-09-26 (13-02-39).txt

Scan type: Quick scan
Objects scanned: 145963
Time elapsed: 14 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
sliding9
Posted 26 September 2010 - 07:48 PM

sliding9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
No threats found running the Kapersky.
  • 0

#11
CatByte
Posted 26 September 2010 - 08:22 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.3)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT


Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 21 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 21 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



NEXT


Please advise how the system is running and if you have any outstanding issues.
  • 0

#12
sliding9
Posted 09 October 2010 - 03:03 PM

sliding9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello, Well nothing has changed. I have been using firefox instead of explorer. It does not redirect me to the google pictures on firefox it just says can't find a internet connection when going from page to page or site to site. If anyone has any other options I can try I would appreciate it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP