GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Safety Center infection

View previous topic View next topic Go down

Solved Safety Center infection

Post by sb24 on Tue Sep 08, 2009 2:57 am

My PC is infected with SafetyCenter. I have tried to download and run HIjack this. Once I select to scan and save results in log file, as soon as the window opens with the log file, it immediately closes, so I cannot copy/paste the data to include with this post.

Next steps?

Thanks.

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Tue Sep 08, 2009 8:04 am

Hello. Thanks for registering.

Please locate the HijackThis logfile, (usually found in C:\Program Files\Trend Micro\HijackThis), and attempt to post the results of that in your next reply.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

In your next reply, please make sure the following is attached:

-HijackThis log (if possible)
-Malwarebytes log

Also, please tell me how your computer is running.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Tue Sep 08, 2009 12:45 pm

Thanks for the reply.

I've checked the folder - C:\Program Files\Trend Micro\HijackThis - and there is no log file.
I downloaded Malwarebytes Anti-Malware. It found an update (from 2551 to 2758).
After I selected "Perform Full Scan", then clicked Scan, the next window showed 'Enumerating registry objects ... - time elapsed 11 seconds - then the window closed. Is this expected? I expected the window to remain open, and when the scan completed to see an 'OK' button to proceed to 'Show Results'.

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Belahzur on Tue Sep 08, 2009 2:29 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Tue Sep 08, 2009 2:57 pm

Hello,
After I double click DDS.scr from the desktop, a window popped up but closed within a second or so. There was nothing to save. I tried it a second time (Maybe I shouldn't have?), and I get a popup screen with informational text -
D.D.S
KIndly ensure any script blocking tools have been disabled ...
Non-invasive diagnostic tool ...
etc.

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Tue Sep 08, 2009 5:05 pm

Hi,

Please navigate to C:\Program Files\Malwarebytes' Anti-Malware and look for mbam.exe. Rename it to malscan.exe. Then, try and run the scan again.

If the scan fails again, then please download A-Squared HiJackFree from [You must be registered and logged in to see this link.] and save it to your Desktop. Double-click to install. When you launch the program, please wait 1 minute to allow it to load all the Processes, Services, etc.
Then, click the following:
Save the log to the Desktop, or some other memorable place. Then, the log shall launch in Notepad. Please post the results of that log in your next reply.

HiJackFree helps advanced users to detect and remove Malware manually. If HijackThis and Malwarebytes are locked down, A-Squared free has the ability to launch and do a HijackThis compatible log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Tue Sep 08, 2009 5:57 pm

Hello,
Here's what has occurred.

I'm blocked from renaming mbam.exe.
I downloaded A-Squared HiJackFree, and saved it to the Desktop. Double-clicked to install. Launched the program - a window opened and within a couple seconds closed.
Tried to launch it again, and get the 'Cannot open the specified file - you may not have permissions ...' popup.

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Tue Sep 08, 2009 6:23 pm

Hi,


Please download ComboFix from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective
    programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Do not mouse-click Combofix's window while it is running. That may cause it to stall.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Tue Sep 08, 2009 10:23 pm

Hello,
I followed your instructions. Here is the contents of ComboFix.txt
What's next?

ComboFix 09-09-08.02 - Frank Batzel 09/08/2009 17:58.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.195 [GMT -4:00]
Running from: c:\documents and settings\Frank Batzel\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\FRANKB~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Frank Batzel\Application Data\none
c:\documents and settings\Frank Batzel\Local Settings\Temp\IadHide5.dll
c:\program files\SafetyCenter
c:\program files\SafetyCenter\main.ico
c:\program files\SafetyCenter\protector.exe
c:\program files\SafetyCenter\sound.wav
c:\windows\Installer\15737.msi
c:\windows\Installer\1fd2c.msi
c:\windows\Installer\7a17.msi
c:\windows\Installer\89df1.msi
c:\windows\system32\temp.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-09-08 17:51 . 2009-09-08 17:52 -------- d-----w- c:\program files\a-squared HiJackFree
2009-09-08 12:18 . 2009-09-08 21:58 -------- d--h--w- c:\windows\PIF
2009-09-08 12:17 . 2009-09-08 12:17 -------- d-----w- c:\program files\Trend Micro
2009-09-08 12:04 . 2009-09-08 12:04 -------- d-----w- c:\documents and settings\Frank Batzel\Application Data\Viewpoint
2009-09-08 02:26 . 2009-09-08 02:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-08 01:26 . 2009-09-08 01:26 -------- d-----w- c:\documents and settings\Frank Batzel\Application Data\Malwarebytes
2009-09-08 01:26 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 01:26 . 2009-09-08 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 01:26 . 2009-09-08 17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 01:26 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-01 12:32 . 2009-09-08 21:58 -------- d--h--w- c:\windows\msdownld.tmp
2009-09-01 12:30 . 2009-09-04 22:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-31 14:59 . 2009-08-31 14:59 -------- d-----w- c:\program files\Common Files\TSCUninstall
2009-08-31 14:59 . 2009-09-08 22:03 -------- d-----w- c:\program files\TSC
2009-08-26 07:11 . 2009-08-26 07:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-26 07:11 . 2009-08-26 07:11 -------- d-----w- c:\program files\MSBuild
2009-08-26 07:11 . 2009-08-26 07:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-26 07:10 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-26 07:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-26 07:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-26 07:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-26 07:10 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-26 07:10 . 2009-08-26 07:11 -------- d-----w- C:\4f2ce98953f26370316ec8fc659f46b5
2009-08-26 07:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-26 07:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-13 12:49 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 21:48 . 2007-01-09 23:13 -------- d-----w- c:\program files\McAfee
2009-09-08 12:04 . 2006-11-02 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-08 02:48 . 2009-06-05 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-08 02:30 . 2004-12-06 22:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-08 02:21 . 2004-11-28 23:57 -------- d-----w- c:\program files\Java
2009-09-08 02:09 . 2008-12-06 23:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-08 00:48 . 2008-09-30 03:05 -------- d-----w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp
2009-09-08 00:41 . 2009-03-16 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-03 00:07 . 2008-09-12 20:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-05 09:01 . 2008-09-30 02:10 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2008-09-30 02:11 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 20:57 . 2006-12-02 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-03 17:09 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2008-09-30 02:10 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-09-30 02:10 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2008-09-30 02:10 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 32768]
"cdloader"="c:\documents and settings\Frank Batzel\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 39408]
"TSC"="c:\program files\TSC\tsc.exe" [2009-08-31 1544736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2005-05-03 135168]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-12 282624]
"mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\Frank Batzel\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - c:\program files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 327680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-2-28 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-28 450560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\Sandra Batzel\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Frank Batzel\\Application Data\\mjusbsp\\magicJack.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/9/2008 1:39 PM 210216]
S2 0253771252446497mcinstcleanup;McAfee Application Installer Cleanup (0253771252446497);c:\windows\TEMP\025377~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\025377~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9a687388bc690;Google Update Service (gupdate1c9a687388bc690);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2009 6:33 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0253771252446497MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 06:39]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 22:33]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 22:33]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-09 14:53]

2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-09 14:53]

2009-09-08 c:\windows\Tasks\User_Feed_Synchronization-{B0D5CE08-5429-442E-BB5A-AC34BD3DE66E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-08 18:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3648)
c:\windows\system32\WININET.dll
c:\docume~1\FRANKB~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\SYSTEM32\UTSCSI.EXE
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2009-09-08 18:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-08 22:19

Pre-Run: 57,278,070,784 bytes free
Post-Run: 61,203,402,752 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

225 --- E O F --- 2009-09-08 02:59

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Tue Sep 08, 2009 11:50 pm

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\4f2ce98953f26370316ec8fc659f46b5
Folder::
c:\program files\TSC

Save this as CFScript.txt, in the same location as ComboFix.exe




Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Wed Sep 09, 2009 10:52 am

Hello,
Followed last set of instructions. Here is the content of combofix.txt.
Next steps?


ComboFix 09-09-08.06 - Frank Batzel 09/09/2009 6:29.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.173 [GMT -4:00]
Running from: c:\documents and settings\Frank Batzel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Frank Batzel\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\4f2ce98953f26370316ec8fc659f46b5"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\FRANKB~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Frank Batzel\Local Settings\temp\IadHide5.dll
c:\program files\TSC
c:\program files\TSC\tsc.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-08 19:06 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 17:51 . 2009-09-08 17:52 -------- d-----w- c:\program files\a-squared HiJackFree
2009-09-08 12:18 . 2009-09-08 21:58 -------- d--h--w- c:\windows\PIF
2009-09-08 12:17 . 2009-09-08 12:17 -------- d-----w- c:\program files\Trend Micro
2009-09-08 12:04 . 2009-09-08 12:04 -------- d-----w- c:\documents and settings\Frank Batzel\Application Data\Viewpoint
2009-09-08 02:26 . 2009-09-08 02:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-08 01:26 . 2009-09-08 01:26 -------- d-----w- c:\documents and settings\Frank Batzel\Application Data\Malwarebytes
2009-09-08 01:26 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 01:26 . 2009-09-08 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 01:26 . 2009-09-08 17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 01:26 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-01 12:32 . 2009-09-08 21:58 -------- d--h--w- c:\windows\msdownld.tmp
2009-09-01 12:30 . 2009-09-09 10:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-31 14:59 . 2009-08-31 14:59 -------- d-----w- c:\program files\Common Files\TSCUninstall
2009-08-26 07:11 . 2009-08-26 07:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-26 07:11 . 2009-08-26 07:11 -------- d-----w- c:\program files\MSBuild
2009-08-26 07:11 . 2009-08-26 07:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-26 07:10 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-26 07:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-26 07:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-26 07:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-26 07:10 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-26 07:10 . 2009-08-26 07:11 -------- d-----w- C:\4f2ce98953f26370316ec8fc659f46b5
2009-08-26 07:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-26 07:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-13 12:49 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 10:22 . 2007-01-09 23:13 -------- d-----w- c:\program files\McAfee
2009-09-09 10:09 . 2009-03-16 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-08 22:24 . 2004-12-05 21:31 35464 ----a-w- c:\documents and settings\Frank Batzel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-08 12:04 . 2006-11-02 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-08 02:48 . 2009-06-05 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-08 02:30 . 2004-12-06 22:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-08 02:21 . 2004-11-28 23:57 -------- d-----w- c:\program files\Java
2009-09-08 02:09 . 2008-12-06 23:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-08 00:48 . 2008-09-30 03:05 -------- d-----w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp
2009-09-03 00:07 . 2008-09-12 20:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-05 09:01 . 2008-09-30 02:10 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2008-09-30 02:11 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 20:57 . 2006-12-02 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-03 17:09 . 2004-08-04 11:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2008-09-30 02:10 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-09-30 02:10 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2008-09-30 02:10 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-09-08 22:10 . 2009-09-08 22:10 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat
+ 2009-09-09 10:39 . 2009-09-09 10:39 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat
+ 2004-12-05 21:22 . 2009-09-09 10:22 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-12-05 21:22 . 2009-09-08 21:48 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-12-05 21:22 . 2009-09-09 10:22 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2004-12-05 21:22 . 2009-09-08 21:48 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2008-09-30 02:10 . 2009-06-22 06:44 726528 c:\windows\SYSTEM32\jscript.dll
- 2008-09-30 02:10 . 2009-03-08 08:33 726528 c:\windows\SYSTEM32\jscript.dll
- 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2009-09-09 10:21 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-09 10:21 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-09 10:21 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-09-09 10:23 . 2009-09-09 10:23 15709696 c:\windows\Installer\d302e.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 32768]
"cdloader"="c:\documents and settings\Frank Batzel\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2005-05-03 135168]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-12 282624]
"mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\Frank Batzel\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - c:\program files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 327680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-2-28 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-28 450560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\Sandra Batzel\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Frank Batzel\\Application Data\\mjusbsp\\magicJack.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/9/2008 1:39 PM 210216]
S2 0093241252491753mcinstcleanup;McAfee Application Installer Cleanup (0093241252491753);c:\windows\TEMP\009324~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\009324~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9a687388bc690;Google Update Service (gupdate1c9a687388bc690);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2009 6:33 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0093241252491753MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 06:39]

2009-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 22:33]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 22:33]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-09 14:53]

2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-09 14:53]

2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{B0D5CE08-5429-442E-BB5A-AC34BD3DE66E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TSC - c:\program files\TSC\tsc.exe
AddRemove-TSC - c:\program files\TSC\tsc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-09 06:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3544)
c:\windows\system32\WININET.dll
c:\docume~1\FRANKB~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\SYSTEM32\UTSCSI.EXE
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2009-09-09 6:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-09 10:48
ComboFix2.txt 2009-09-08 22:19

Pre-Run: 61,129,887,744 bytes free
Post-Run: 61,089,210,368 bytes free

226 --- E O F --- 2009-09-09 10:24

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Wed Sep 09, 2009 5:53 pm

Hi

Open notepad and copy/paste the text in the quotebox below into it:


Suspect::
C:\4f2ce98953f26370316ec8fc659f46b5
File::
c:\docume~1\FRANKB~1\LOCALS~1\Temp\IadHide5.dll


Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

====

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


==

In your next reply, please attach the contents of the following logs:

-ComboFix log
-Kaspersky log

Also, please tell me how your computer is running.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Thu Sep 10, 2009 7:58 am

Hello again.
Here is combofix log.
ComboFix 09-09-09.04 - Frank Batzel 09/09/2009 21:56.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.131 [GMT -4:00]
Running from: c:\documents and settings\Frank Batzel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Frank Batzel\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\FRANKB~1\LOCALS~1\Temp\IadHide5.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\FRANKB~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Frank Batzel\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-08 19:06 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 17:51 . 2009-09-08 17:52 -------- d-----w- c:\program files\a-squared HiJackFree
2009-09-08 12:18 . 2009-09-08 21:58 -------- d--h--w- c:\windows\PIF
2009-09-08 12:17 . 2009-09-08 12:17 -------- d-----w- c:\program files\Trend Micro
2009-09-08 12:04 . 2009-09-08 12:04 -------- d-----w- c:\documents and settings\Frank Batzel\Application Data\Viewpoint
2009-09-08 02:26 . 2009-09-08 02:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-08 01:26 . 2009-09-08 01:26 -------- d-----w- c:\documents and settings\Frank Batzel\Application Data\Malwarebytes
2009-09-08 01:26 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 01:26 . 2009-09-08 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 01:26 . 2009-09-08 17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 01:26 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-01 12:32 . 2009-09-08 21:58 -------- d--h--w- c:\windows\msdownld.tmp
2009-09-01 12:30 . 2009-09-09 10:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-31 14:59 . 2009-08-31 14:59 -------- d-----w- c:\program files\Common Files\TSCUninstall
2009-08-26 07:11 . 2009-08-26 07:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-26 07:11 . 2009-08-26 07:11 -------- d-----w- c:\program files\MSBuild
2009-08-26 07:11 . 2009-08-26 07:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-26 07:10 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-26 07:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-26 07:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-26 07:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-26 07:10 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-26 07:10 . 2009-08-26 07:11 -------- d-----w- C:\4f2ce98953f26370316ec8fc659f46b5
2009-08-26 07:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-26 07:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-13 12:49 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 01:53 . 2007-01-09 23:13 -------- d-----w- c:\program files\McAfee
2009-09-09 10:09 . 2009-03-16 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-08 22:24 . 2004-12-05 21:31 35464 ----a-w- c:\documents and settings\Frank Batzel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-08 12:04 . 2006-11-02 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-08 02:48 . 2009-06-05 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-08 02:30 . 2004-12-06 22:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-08 02:21 . 2004-11-28 23:57 -------- d-----w- c:\program files\Java
2009-09-08 02:09 . 2008-12-06 23:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-08 00:48 . 2008-09-30 03:05 -------- d-----w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp
2009-09-03 00:07 . 2008-09-12 20:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-05 09:01 . 2008-09-30 02:10 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2008-09-30 02:11 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 20:57 . 2006-12-02 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-03 17:09 . 2004-08-04 11:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2008-09-30 02:10 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-09-30 02:10 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2008-09-30 02:10 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-10 02:07 . 2009-09-10 02:07 16384 c:\windows\Temp\Perflib_Perfdata_14c.dat
- 2004-12-05 21:22 . 2009-09-08 21:48 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-12-05 21:22 . 2009-09-10 01:53 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-10 01:49 . 2009-09-10 01:53 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2004-12-05 21:22 . 2009-09-08 21:48 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2008-09-30 02:10 . 2009-06-22 06:44 726528 c:\windows\SYSTEM32\jscript.dll
- 2008-09-30 02:10 . 2009-03-08 08:33 726528 c:\windows\SYSTEM32\jscript.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
- 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2009-09-09 10:21 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-09 10:21 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-09 10:21 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-09-09 10:23 . 2009-09-09 10:23 15709696 c:\windows\Installer\d302e.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 32768]
"cdloader"="c:\documents and settings\Frank Batzel\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2005-05-03 135168]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-12 282624]
"mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\Frank Batzel\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - c:\program files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 327680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-2-28 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-28 450560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\Sandra Batzel\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Frank Batzel\\Application Data\\mjusbsp\\magicJack.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/9/2008 1:39 PM 210216]
S2 0277991252547582mcinstcleanup;McAfee Application Installer Cleanup (0277991252547582);c:\windows\TEMP\027799~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\027799~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9a687388bc690;Google Update Service (gupdate1c9a687388bc690);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2009 6:33 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0277991252547582MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 06:39]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 22:33]

2009-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 22:33]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-09 14:53]

2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-09 14:53]

2009-09-10 c:\windows\Tasks\User_Feed_Synchronization-{B0D5CE08-5429-442E-BB5A-AC34BD3DE66E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-09 22:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1268)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\SYSTEM32\UTSCSI.EXE
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-10 22:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 02:16
ComboFix2.txt 2009-09-09 10:48
ComboFix3.txt 2009-09-08 22:19

Pre-Run: 61,081,825,280 bytes free
Post-Run: 61,043,642,368 bytes free

220 --- E O F --- 2009-09-09 10:24

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Thu Sep 10, 2009 8:02 am

Here is Kaspersky log
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, September 10, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, September 10, 2009 03:23:28
Records in database: 2768520


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Objects scanned 67701
Threats found 2
Infected objects found 3
Suspicious objects found 0
Scan duration 01:43:36

File name Threat Threats count
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll Infected: not-a-virus:AdWare.Win32.MyWay.v 1

C:\Qoobox\Quarantine\C\Program Files\SafetyCenter\protector.exe.vir Infected: Trojan.Win32.FraudPack.sxa 1

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\temp.exe.vir Infected: Trojan.Win32.FraudPack.sxa 1

Selected area has been scanned.


The computer seems to be running a little slow, but I don't see any of the safety center screens that were previously popping up continually.

Will look for your next reply.

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Thu Sep 10, 2009 2:54 pm

Hi

Go to start > run and copy and paste next command in the field:
ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

==


  • Download random's system information tool (RSIT) by random/random from [You must be registered and logged in to see this link.].
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Fri Sep 11, 2009 12:44 am

Hi,
When I did this:
Go to start > run and copy and paste next command in the field:
ComboFix /u

I get an error message - Windows cannot find 'ComboFix'.
I ran a Search for ComboFix and the results returned 4 ComboFix .txt.files, no executable.

I did not yet download/run rsit.exe

Do you want me to go ahead and download/run rsit.exe, since combofix doesn't seem to be there to uninstall? Or is there something else to do before running rsit.exe?

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Fri Sep 11, 2009 2:26 am

Hi

Actually, it can be taken care of later.

Please go ahead with RSIT. I need to take a closer look. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Sat Sep 12, 2009 2:22 am

I ran rsit on Thursday and posted the results - but I don't see them in this stream - not sure what happened. So I just ran it again, but it only created one file - log. Here are the contents

Logfile of random's system information tool 1.06 (written by random/random)
Run by Frank Batzel at 2009-09-11 22:17:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 58 GB (80%) free of 73 GB
Total RAM: 510 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:40 PM, on 9/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Frank Batzel\Desktop\RSIT.exe
C:\Program Files\trend micro\Frank Batzel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Frank Batzel\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: bw+0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c9a687388bc690) (gupdate1c9a687388bc690) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 22042 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{B0D5CE08-5429-442E-BB5A-AC34BD3DE66E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll [2004-09-27 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-11-16 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-09 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-11 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-09 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [2008-12-04 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [2008-12-04 83800]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-09 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-06-30 1388544]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"MMTray"=C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe [2005-05-03 135168]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"Dell Photo AIO Printer 922"=C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [2004-06-18 290816]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-11-16 127035]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-05-12 282624]
"mmtask"=C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe [2005-05-03 53248]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-07 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-28 32768]
"cdloader"=C:\Documents and Settings\Frank Batzel\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-16 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\Frank Batzel\Start Menu\Programs\Startup
V CAST Music Monitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Documents and Settings\Sandra Batzel\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Sandra Batzel\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Documents and Settings\Frank Batzel\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Frank Batzel\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2009-09-11 08:00:53 ----D---- C:\rsit
2009-09-10 20:33:48 ----SHD---- C:\RECYCLER
2009-09-10 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 22:16:57 ----A---- C:\ComboFix.txt
2009-09-09 06:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-08 17:55:40 ----A---- C:\Boot.bak
2009-09-08 17:55:20 ----RASHD---- C:\cmdcons
2009-09-08 17:53:38 ----A---- C:\WINDOWS\zip.exe
2009-09-08 17:53:38 ----A---- C:\WINDOWS\SWSC.exe
2009-09-08 17:53:38 ----A---- C:\WINDOWS\SWREG.exe
2009-09-08 17:53:38 ----A---- C:\WINDOWS\sed.exe
2009-09-08 17:53:38 ----A---- C:\WINDOWS\PEV.exe
2009-09-08 17:53:38 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-08 17:53:38 ----A---- C:\WINDOWS\grep.exe
2009-09-08 17:53:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-08 17:53:30 ----D---- C:\WINDOWS\ERDNT
2009-09-08 17:52:34 ----D---- C:\Qoobox
2009-09-08 13:51:52 ----D---- C:\Program Files\a-squared HiJackFree
2009-09-08 08:18:00 ----HD---- C:\WINDOWS\PIF
2009-09-08 08:17:00 ----D---- C:\Program Files\Trend Micro
2009-09-08 08:04:06 ----D---- C:\Documents and Settings\Frank Batzel\Application Data\Viewpoint
2009-09-07 22:26:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-07 22:26:34 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-09-07 22:09:50 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-07 22:09:50 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-07 22:09:50 ----A---- C:\WINDOWS\system32\java.exe
2009-09-07 21:26:22 ----D---- C:\Documents and Settings\Frank Batzel\Application Data\Malwarebytes
2009-09-07 21:26:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-07 21:26:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-01 08:32:40 ----HD---- C:\WINDOWS\msdownld.tmp
2009-09-01 08:30:56 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-31 11:04:56 ----D---- C:\WINDOWS\Minidump
2009-08-31 10:59:25 ----D---- C:\Program Files\Common Files\TSCUninstall
2009-08-27 03:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-26 03:11:42 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-26 03:11:35 ----D---- C:\Program Files\MSBuild
2009-08-26 03:11:19 ----D---- C:\Program Files\Reference Assemblies
2009-08-26 03:10:16 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-26 03:10:16 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-26 03:10:15 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-26 03:10:15 ----D---- C:\4f2ce98953f26370316ec8fc659f46b5
2009-08-26 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-14 03:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-14 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-14 03:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-14 03:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-14 03:04:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-14 03:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-14 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-14 03:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-14 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

======List of files/folders modified in the last 1 months======

2009-09-11 22:17:28 ----D---- C:\WINDOWS\Temp
2009-09-11 22:15:44 ----SD---- C:\WINDOWS\Tasks
2009-09-11 22:15:29 ----D---- C:\WINDOWS\Prefetch
2009-09-11 22:14:11 ----D---- C:\WINDOWS
2009-09-11 22:14:00 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-09-11 22:13:57 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2009-09-11 08:08:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-11 07:59:36 ----D---- C:\Program Files\McAfee
2009-09-11 07:59:31 ----HD---- C:\WINDOWS\INF
2009-09-11 07:59:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-10 03:00:54 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-09-10 03:00:54 ----D---- C:\WINDOWS\SYSTEM32
2009-09-09 22:17:01 ----D---- C:\WINDOWS\system32\DRIVERS
2009-09-09 22:09:11 ----A---- C:\WINDOWS\system.ini
2009-09-09 22:02:28 ----D---- C:\WINDOWS\AppPatch
2009-09-09 22:02:20 ----D---- C:\Program Files\Common Files
2009-09-09 21:51:24 ----SHD---- C:\WINDOWS\Installer
2009-09-09 06:36:48 ----RD---- C:\Program Files
2009-09-09 06:28:44 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 06:24:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-09 06:21:39 ----D---- C:\WINDOWS\ie8updates
2009-09-08 18:08:56 ----D---- C:\WINDOWS\system32\CONFIG
2009-09-08 17:58:30 ----D---- C:\WINDOWS\system32\XIRCOM
2009-09-08 17:58:30 ----D---- C:\WINDOWS\system32\WINS
2009-09-08 17:58:29 ----D---- C:\WINDOWS\system32\ShellExt
2009-09-08 17:58:29 ----D---- C:\WINDOWS\system32\INETSRV
2009-09-08 17:58:29 ----D---- C:\WINDOWS\system32\FxsTmp
2009-09-08 17:58:29 ----D---- C:\WINDOWS\system32\EXPORT
2009-09-08 17:58:29 ----D---- C:\WINDOWS\system32\DHCP
2009-09-08 17:58:28 ----D---- C:\WINDOWS\system32\3COM_DMI
2009-09-08 17:58:28 ----D---- C:\WINDOWS\system32\3076
2009-09-08 17:58:28 ----D---- C:\WINDOWS\system32\2052
2009-09-08 17:58:28 ----D---- C:\WINDOWS\system32\1054
2009-09-08 17:58:28 ----D---- C:\WINDOWS\system32\1042
2009-09-08 17:58:28 ----D---- C:\WINDOWS\system32\1041
2009-09-08 17:58:28 ----D---- C:\WINDOWS\system32\1037
2009-09-08 17:58:28 ----D---- C:\WINDOWS\system32\1031
2009-09-08 17:58:28 ----D---- C:\WINDOWS\system32\1028
2009-09-08 17:58:28 ----D---- C:\WINDOWS\system32\1025
2009-09-08 17:58:28 ----D---- C:\WINDOWS\MUI
2009-09-08 17:58:27 ----D---- C:\WINDOWS\Connection Wizard
2009-09-08 17:58:27 ----D---- C:\WINDOWS\Config
2009-09-08 17:55:40 ----RASH---- C:\BOOT.INI
2009-09-08 08:04:01 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-09-07 22:48:52 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-09-07 22:48:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-07 22:30:01 ----D---- C:\Program Files\Common Files\Adobe
2009-09-07 22:29:49 ----D---- C:\WINDOWS\WinSxS
2009-09-07 22:28:48 ----D---- C:\Program Files\Adobe
2009-09-07 22:26:56 ----D---- C:\Documents and Settings\Frank Batzel\Application Data\Adobe
2009-09-07 22:21:13 ----D---- C:\Program Files\Java
2009-09-07 22:09:15 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-07 21:15:31 ----A---- C:\WINDOWS\dellstat.ini
2009-09-07 20:48:06 ----D---- C:\Documents and Settings\Frank Batzel\Application Data\mjusbsp
2009-09-02 03:05:02 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-01 08:37:01 ----D---- C:\Program Files\Internet Explorer
2009-08-28 17:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-27 03:02:36 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-26 03:37:30 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-08-26 03:18:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-26 03:11:38 ----D---- C:\WINDOWS\system32\en-US
2009-08-26 03:11:27 ----RSD---- C:\WINDOWS\Fonts
2009-08-26 03:10:54 ----D---- C:\WINDOWS\system32\SPOOL
2009-08-14 03:04:15 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-11-16 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-11-16 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-11-16 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-11-16 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-11-16 86554]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-11-16 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-11-16 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-11-16 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-11-16 100603]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-05-20 13056]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2005-05-20 54528]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-05-20 68352]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-08-13 258368]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2004-11-07 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2004-11-07 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2004-11-07 137884]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2004-11-07 108003]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-07 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE [2009-03-30 45056]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c9a687388bc690;Google Update Service (gupdate1c9a687388bc690); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-16 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-03-16 421888]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Sat Sep 12, 2009 3:47 am

Hi

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

==

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following quotebox into the main textfield:


    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

In your next reply, please include logs from both MBAM and SystemLook.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Sat Sep 12, 2009 4:17 am

Here are the results of mbam and systemlook

Malwarebytes' Anti-Malware 1.41
Database version: 2782
Windows 5.1.2600 Service Pack 3

9/12/2009 12:10:07 AM
mbam-log-2009-09-12 (00-09-40).txt

Scan type: Quick Scan
Objects scanned: 101290
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWebSearch) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\TSC (Rogue.Total.Security) -> No action taken.

Files Infected:
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Frank Batzel\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> No action taken.




SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:12 on 12/09/2009 by Frank Batzel (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\I386\SCECLI.DLL --a--- 180224 bytes [22:46 08/12/2004] [11:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [23:42 06/12/2008] [11:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ERDNT\cache\scecli.dll --a--- 181248 bytes [22:18 08/09/2009] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [21:04 12/09/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\SYSTEM32\scecli.dll ------ 181248 bytes [02:10 30/09/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\I386\NETLOGON.DLL --a--- 407040 bytes [22:43 08/12/2004] [11:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [23:42 06/12/2008] [11:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ERDNT\cache\netlogon.dll --a--- 407040 bytes [22:18 08/09/2009] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [21:02 12/09/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\SYSTEM32\netlogon.dll ------ 407040 bytes [02:10 30/09/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\I386\EVENTLOG.DLL --a--- 55808 bytes [22:42 08/12/2004] [11:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [23:43 06/12/2008] [11:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ERDNT\cache\eventlog.dll --a--- 56320 bytes [22:18 08/09/2009] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [20:59 12/09/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\SYSTEM32\eventlog.dll ------ 56320 bytes [02:10 30/09/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

-=End Of File=-

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Sat Sep 12, 2009 4:24 am

Hi

Please re-open Malwarebytes, select Perform Full Scan, and press Scan.

It appears after Malwarebytes removes all of it, your computer will be clean. Smile

Please post the log from Malwarebytes in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Sat Sep 12, 2009 5:38 am

Here are the scan results

Malwarebytes' Anti-Malware 1.41
Database version: 2782
Windows 5.1.2600 Service Pack 3

9/12/2009 1:36:07 AM
mbam-log-2009-09-12 (01-35-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 161960
Time elapsed: 1 hour(s), 3 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\TSC (Rogue.Total.Security) -> No action taken.

Files Infected:
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\SafetyCenter\protector.exe.vir (Rogue.Installer) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\eventlog.dll.vir (Trojan.Sirefef) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\temp.exe.vir (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Frank Batzel\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> No action taken.

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Sat Sep 12, 2009 5:44 am

Hi

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Sat Sep 12, 2009 3:57 pm

Here are kaspersky results.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, September 12, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, September 12, 2009 13:45:24
Records in database: 2784153
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 69307
Threats found: 3
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 01:45:55


File name / Threat / Threats count
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll Infected: not-a-virus:AdWare.Win32.MyWay.v 1
C:\Qoobox\Quarantine\C\Program Files\SafetyCenter\protector.exe.vir Infected: Trojan.Win32.FraudPack.sxa 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\eventlog.dll.vir Infected: Trojan.Win32.Pakes.npx 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\temp.exe.vir Infected: Trojan.Win32.FraudPack.sxa 1

Selected area has been scanned.

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Sat Sep 12, 2009 5:57 pm

Hi

Please delete the following folder using Windows Explorer: C:\Qoobox

==
Let's see if we can remove the rest of this MyWay infection.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Sun Sep 13, 2009 1:35 pm

Hi,
Here is the malwarebytes log.
By the way, I am getting a message that I need to reinstall McAfee Security Suite. Is it ok to do that now?

Malwarebytes' Anti-Malware 1.41
Database version: 2788
Windows 5.1.2600 Service Pack 3

9/13/2009 9:31:05 AM
mbam-log-2009-09-13 (09-30-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 162859
Time elapsed: 56 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\TSC (Rogue.Total.Security) -> No action taken.

Files Infected:
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWebSearch) -> No action taken.
C:\RECYCLER\S-1-5-21-2326354844-2418413832-741119529-1006\Dc1\Quarantine\C\Program Files\SafetyCenter\protector.exe.vir (Rogue.Installer) -> No action taken.
C:\RECYCLER\S-1-5-21-2326354844-2418413832-741119529-1006\Dc1\Quarantine\C\WINDOWS\SYSTEM32\eventlog.dll.vir (Trojan.Sirefef) -> No action taken.
C:\RECYCLER\S-1-5-21-2326354844-2418413832-741119529-1006\Dc1\Quarantine\C\WINDOWS\SYSTEM32\temp.exe.vir (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Frank Batzel\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> No action taken.

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Sun Sep 13, 2009 6:02 pm

Hi

Don't worry about McAfee yet. Doing that fix now might be pointless, especially if malware is holding the McAfee suite down.

==

I noticed that you did not remove selected, many times before. Please re-open Malwarebytes, do a Full Scan, Remove Selected, then post a log in your next reply.

==

Please download [You must be registered and logged in to see this link.] to your desktop and run it.

  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.


==

In your next reply, please include the RunScanner log and the Malwarebytes log. Also, please tell me how your computer is running.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Mon Sep 14, 2009 12:06 am

Hi,
I must have missed the 'remove selected' in the instructions. Did it this time.
Please explain how to 'upload' the .run file.
Here are the 2 logs.
Runscanner logfile

* = signed file
- = file not found

General info
------------
Computer name : FRANK
Creation time : 9/13/2009 7:58:18 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 8.0.6001.18702
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 1.8.1.0
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Technology Ltd)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
* C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
* C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
* C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
* C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
* C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
* C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE (Logitech Inc.)
C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
* c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
* C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
* c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
* C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
* C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
* C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe (Microsoft Corp.)
* C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
* C:\Documents and Settings\Frank Batzel\Desktop\runscanner.exe (Runscanner.net)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe (Smith Micro Software, Inc.)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

Unrated items
-------------
002 C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
002 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
002 * C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
002 * C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
002 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
002 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
002 C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
002 C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
002 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
002 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
003 * C:\Documents and Settings\Frank Batzel\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
003 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
004 C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe (Smith Micro Software, Inc.)
005 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
005 C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
010 C:\WINDOWS\system32\UTSCSI.EXE (CLCV0)
010 C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Service for CDROM Access)
010 C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (InstallDriver Table Manager)
010 C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel NCS NetService)
010 * c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee Network Agent)
010 * C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee Personal Firewall Service)
010 * c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service)
010 * C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee Real-time Scanner)
010 C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee Scanner)
010 * C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services)
010 * C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee SiteAdvisor Service)
011 C:\WINDOWS\system32\drivers\drvmcdb.sys (drvmcdb)
011 C:\WINDOWS\system32\drivers\drvnddm.sys (drvnddm)
011 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (DSproct)
011 C:\WINDOWS\System32\Drivers\SQcaptur.sys (Dual-Mode DSC(2770))
011 * C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee Inc. mfeavfk)
011 * C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee Inc. mfebopk)
011 * C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee Inc. mfehidk)
011 * C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee Inc. mferkdk)
011 * C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee Inc. mfesmfk)
011 * C:\WINDOWS\System32\Drivers\Mpfp.sys (MPFP)
011 C:\WINDOWS\system32\drivers\pfc.sys (Padus ASPI Shell)
011 C:\WINDOWS\system32\drivers\PfModNT.sys (PfModNT)
011 C:\WINDOWS\System32\Drivers\PxHelp20.sys (PxHelp20)
011 C:\WINDOWS\system32\drivers\sscdbhk5.sys (sscdbhk5)
011 C:\WINDOWS\system32\drivers\ssrtln.sys (ssrtln)
011 C:\WINDOWS\system32\dla\tfsnboio.sys (tfsnboio)
011 C:\WINDOWS\system32\dla\tfsncofs.sys (tfsncofs)
011 C:\WINDOWS\system32\dla\tfsndrct.sys (tfsndrct)
011 C:\WINDOWS\system32\dla\tfsndres.sys (tfsndres)
011 C:\WINDOWS\system32\dla\tfsnifs.sys (tfsnifs)
011 C:\WINDOWS\system32\dla\tfsnopio.sys (tfsnopio)
011 C:\WINDOWS\system32\dla\tfsnpool.sys (tfsnpool)
011 C:\WINDOWS\system32\dla\tfsnudf.sys (tfsnudf)
011 C:\WINDOWS\system32\dla\tfsnudfa.sys (tfsnudfa)
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {9462A756-7B47-47BC-8C80-C34B9B80B32B}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {fab98d1c-9d21-4e05-8f56-f1297630c6c4}
031 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) {FAB98D1C-9D21-4E05-8F56-F1297630C6C4}
031 * c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {5513F07E-936B-4E52-9B00-067394E91CC5}
041 * c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
042 GUID / CLSID not found {d81ca86b-ef63-42af-bee3-4502d9a03c2d}
052 C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
052 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
052 * c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll {B164E929-A1B6-4A06-B104-2CD0E90A88FF}
052 * c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.) {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
061 C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
061 C:\Program Files\Creative\Creative MuVo N200\CTMvns.dll (Creative Technology Ltd) {328D8DA1-64BF-4138-8CD6-1FB6741CA645}
061 C:\Program Files\Sonic\RecordNow!\shlext.dll {DEE12703-6333-4D4E-8F34-738C4DCC2E04}
073 McDefragTask.job : c:\program files\mcafee\mqc\QcConsol.exe (McAfee, Inc.)
073 McQcTask.job : c:\program files\mcafee\mqc\QcConsol.exe (McAfee, Inc.)
100 SearchUrl HKCU : [You must be registered and logged in to see this link.]
104 * C:\WINDOWS\system32\mcinsctl.dll (McAfee, Inc) {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
104 GUID / CLSID not found {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
173 GUID / CLSID not found
173 * c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}
221 GUID / CLSID not found
221 * c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}
223 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}
225 * c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (McAfee, Inc.) {01576F39-90DE-4D6E-A068-5B20C22BAAEE}
227 GUID / CLSID not found

Missing files
-------------
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\bvrp_pci.sys
011 C:\ComboFix\catchme.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\DDMI2.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll


Malwarebytes' Anti-Malware 1.41
Database version: 2793
Windows 5.1.2600 Service Pack 3

9/13/2009 7:50:02 PM
mbam-log-2009-09-13 (19-49-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 163023
Time elapsed: 58 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\TSC (Rogue.Total.Security) -> No action taken.

Files Infected:
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWebSearch) -> No action taken.
C:\RECYCLER\S-1-5-21-2326354844-2418413832-741119529-1006\Dc1\Quarantine\C\Program Files\SafetyCenter\protector.exe.vir (Rogue.Installer) -> No action taken.
C:\RECYCLER\S-1-5-21-2326354844-2418413832-741119529-1006\Dc1\Quarantine\C\WINDOWS\SYSTEM32\eventlog.dll.vir (Trojan.Sirefef) -> No action taken.
C:\RECYCLER\S-1-5-21-2326354844-2418413832-741119529-1006\Dc1\Quarantine\C\WINDOWS\SYSTEM32\temp.exe.vir (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Frank Batzel\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> No action taken.


PC seems to be running ok -except I always get an error when closing IE.

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Mon Sep 14, 2009 1:04 am

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the log in your next reply.

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Please post the Checkup log and the MBAM log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Mon Sep 14, 2009 1:21 am

Here you go

Malwarebytes' Anti-Malware 1.41
Database version: 2794
Windows 5.1.2600 Service Pack 3

9/13/2009 9:18:05 PM
mbam-log-2009-09-13 (21-18-05).txt

Scan type: Quick Scan
Objects scanned: 101885
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!

a-squared HiJackFree 3.1

``````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent



``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Mon Sep 14, 2009 2:17 am

Hi

Your computer is clean. Hooray!

You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) [You must be registered and logged in to see this link.]
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) [You must be registered and logged in to see this link.]
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by sb24 on Mon Sep 14, 2009 11:05 am

Many thanks. Your site is awesome.

I will read through all of the software recs that you sent.

My question is - is there a reason why I should not continue to use Mcafee Security Suite (other than the obvious one which is how did the PC get infected in the first place)?

sb24
Novice
Novice

Status :
Online
Offline

Posts : 38
Joined : 2009-09-08
OS : XP
Points : 26578
# Likes : 0

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Mon Sep 14, 2009 7:38 pm

Well, McAfee has a history of bad reports. It will still protect you from most threats, but there are better security suites - especially free. Would you like McAfee removed?

If so, I have a resource to help you remove it.

If you would like to leave feedback or contribute to the site, please see this page: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Solved Re: Safety Center infection

Post by Dr Jay on Mon Sep 14, 2009 10:28 pm

Since this issue appears to be solved, this topic is now closed and being marked solved.

If you need the topic reopened, PM an administrator, moderator, or staff.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum