TechSpot

HDD Defragmenter Malware need help to remove

By laylarynn224
May 30, 2011
  1. I think I have a virus HDD Defragmenter. I have tried to follow the instructions here...
    xxxxxxx Edit: Video link for instructions has been removed by Bobbye

    I have Downloaded and run Rkill
    I then downloaded Malwarebytes' Anti-Malware but when I try and run it starts the process but at the end shows an error box "access denied"

    Results from GMER are below can anyone help.......!!


    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-05-30 18:36:22
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8032GSX rev.AS112M
    Running: c5z3609b.exe; Driver: C:\DOCUME~1\Ross\LOCALS~1\Temp\kgxcypob.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7707210]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF77072A0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF77071FC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF77071D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF77071E8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7707276]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF77072B6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF770728A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Using instructions given to someone else is not recommended. I am going to delete the YouTube reference.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
    ==========================================
    Please uninstall RKill and the Malwarebytes you have on the system now, since it will have undergone some change.
    ========================================
    Download Mbam again from the link in the thread. If you cannot run Malwarebytes, please run this first:
    Please download randmbam.exe

    It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

    Once done, try running a scan again
    ================================
    Then proceed with the additional steps in the thread.

    It would be helpful if you told me what symptoms you're having that you are attributing to this malware.
     
  3. laylarynn224

    laylarynn224 TS Rookie Topic Starter

    Step 2 results

    Thankyou managed to run malware using your link first, results are below and am just about to alow it to restart and then follow the other steps.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6729

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    31/05/2011 09:56:02
    mbam-log-2011-05-31 (09-56-02).txt

    Scan type: Quick scan
    Objects scanned: 194071
    Time elapsed: 9 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kjEenXNPEgLSP (Rogue.Agent.SA) -> Value: kjEenXNPEgLSP -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Ross\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
     
  4. laylarynn224

    laylarynn224 TS Rookie Topic Starter

    Step 3 results

    GMER Results

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-05-31 10:37:58
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8032GSX rev.AS112M
    Running: buckxr7n.exe; Driver: C:\DOCUME~1\Ross\LOCALS~1\Temp\kgxcypob.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7447210]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF74472A0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF74471FC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF74471D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF74471E8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7447276]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF74472B6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF744728A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  5. laylarynn224

    laylarynn224 TS Rookie Topic Starter

    Step 4 DDS Results

    Document named attach.....

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 15/12/2007 07:25:31
    System Uptime: 31/05/2011 10:03:37 (0 hours ago)
    .
    Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
    Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U1 | 1662/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 48.17 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP371: 02/03/2011 20:18:37 - System Checkpoint
    RP372: 03/03/2011 21:33:31 - System Checkpoint
    RP373: 08/03/2011 23:03:27 - Software Distribution Service 3.0
    RP374: 10/03/2011 19:48:56 - System Checkpoint
    RP375: 12/03/2011 15:53:44 - Software Distribution Service 3.0
    RP376: 13/03/2011 00:17:35 - Software Distribution Service 3.0
    RP377: 18/03/2011 10:13:43 - Software Distribution Service 3.0
    RP378: 18/03/2011 10:18:15 - Software Distribution Service 3.0
    RP379: 24/03/2011 12:11:07 - System Checkpoint
    RP380: 25/03/2011 08:21:26 - Software Distribution Service 3.0
    RP381: 25/03/2011 08:28:57 - Software Distribution Service 3.0
    RP382: 29/03/2011 10:29:23 - System Checkpoint
    RP383: 30/03/2011 18:33:54 - System Checkpoint
    RP384: 02/04/2011 13:54:09 - System Checkpoint
    RP385: 05/04/2011 22:29:27 - System Checkpoint
    RP386: 09/04/2011 18:29:56 - Installed iTunes
    RP387: 10/04/2011 23:15:26 - System Checkpoint
    RP388: 17/04/2011 22:48:52 - System Checkpoint
    RP389: 18/04/2011 17:18:02 - Software Distribution Service 3.0
    RP390: 19/04/2011 21:25:34 - System Checkpoint
    RP391: 26/04/2011 19:52:06 - System Checkpoint
    RP392: 27/04/2011 19:53:49 - System Checkpoint
    RP393: 02/05/2011 22:20:23 - Installed Rapport
    RP394: 04/05/2011 18:18:00 - Software Distribution Service 3.0
    RP395: 08/05/2011 20:10:58 - System Checkpoint
    RP396: 09/05/2011 20:56:07 - System Checkpoint
    RP397: 12/05/2011 22:33:30 - Software Distribution Service 3.0
    RP398: 14/05/2011 15:45:20 - System Checkpoint
    RP399: 17/05/2011 11:23:58 - System Checkpoint
    RP400: 18/05/2011 21:13:36 - System Checkpoint
    RP401: 20/05/2011 19:52:49 - Installed Rapport
    RP402: 24/05/2011 23:45:22 - System Checkpoint
    RP403: 25/05/2011 23:50:29 - System Checkpoint
    RP404: 28/05/2011 16:07:05 - System Checkpoint
    RP405: 28/05/2011 20:15:58 - Unsigned driver install
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Shockwave Player 11
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CCleaner
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Freecom Backup Software 1.15
    Freecom Personal Media Suite 2.24
    Google Chrome
    Google Update Helper
    Google Updater
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HTC Driver Installer
    HTC Sync
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Lexmark Printable Web
    Lexmark S300-S400 Series
    Lexmark Toolbar
    Macromedia Flash Player
    Malwarebytes' Anti-Malware
    McAfee Internet Security
    mCore
    mDrWiFi
    Media eLinker
    mHelp
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office OneNote 2003
    Microsoft Office XP Professional
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    mIWA
    mLogView
    mMHouse
    mPfMgr
    mPfWiz
    mProSafe
    MSN
    MSN Search Toolbar
    MSVC80_x86_v2
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    mZConfig
    Nectar Search Toolbar
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Nokia Software Updater
    O2 Broadband Assistant
    PC Connectivity Solution
    QuickTime
    Rapport
    RealPlayer
    Realtek High Definition Audio Driver
    SAMSUNG USB Driver for Mobile Phones
    SD Secure Module
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sonic DLA
    Sonic Encoders
    Sonic RecordNow!
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Hotkey Utility
    TOSHIBA Manuals
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA TouchPad ON/Off Utility
    TOSHIBA Utilities
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    WebFldrs XP
    Windows Desktop Search
    Windows Driver Package - Nokia Modem (06/09/2010 4.5)
    Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports (06/02/2008 2.0.5.5)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB914548
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    X10 Hardware(TM)
    Yahoo! Install Manager
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/05/2011 23:11:38, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
    30/05/2011 23:11:38, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    30/05/2011 23:11:36, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
    30/05/2011 22:55:57, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    30/05/2011 16:02:37, error: Service Control Manager [7034] - The KService service terminated unexpectedly. It has done this 1 time(s).
    30/05/2011 15:58:57, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
    30/05/2011 15:58:54, error: SRService [104] - The System Restore initialization process failed.
    28/05/2011 18:54:49, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    28/05/2011 14:52:44, error: Service Control Manager [7022] - The KService service hung on starting.
    28/05/2011 14:51:22, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService service to connect.
    28/05/2011 14:51:22, error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    28/05/2011 10:57:36, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================

    Document named DDS

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Ross at 10:40:53 on 2011-05-31
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.495 [GMT 1:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\system32\lxeacoms.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\O2\bin\sprtsvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
    C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ross\Desktop\dds.scr
    C:\WINDOWS\system32\WSCRIPT.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearch Page = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    uSearch Bar = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uURLSearchHooks: FCToolbarURLSearchHook Class: {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - c:\program files\nectar search toolbar\Helper.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110509225246.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Nectar Search Toolbar BHO: {b7c2f0d8-2209-4693-a15d-5a537211d48b} - c:\program files\nectar search toolbar\Toolbar.dll
    BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\msntb.dll
    BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
    TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\msntb.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    TB: Nectar Search Toolbar: {8020143d-5926-4394-a04d-dd0b649da121} - c:\program files\nectar search toolbar\Toolbar.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [kdx] c:\program files\kontiki\KHost.exe -all
    uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [TFncKy] TFncKy.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [CFSServ.exe] CFSServ.exe -NoClient
    mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [NPSStartup]
    mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
    mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
    mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    StartupFolder: c:\docume~1\ross\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
    IE: &MSN Search - c:\program files\msn toolbar suite\msntb.dll/search.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    Trusted Zone: o2.co.uk\*.broadband
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-8 387480]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-8 84200]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-28 390528]
    R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
    R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-23 88176]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-8 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-8 271480]
    R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-8 271480]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-8 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-8 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-8 141792]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
    R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
    R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [2008-1-16 12160]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-8 56064]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-8 153280]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-8 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-8 88736]
    R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-9-14 7040]
    RUnknown SASDIFSV;SASDIFSV; [x]
    RUnknown SASKUTIL;SASKUTIL; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-28 136176]
    S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2010-9-22 98984]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-5 36608]
    S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [2008-1-16 7040]
    S3 humaxfl;HUMAX - Filter Driver;c:\windows\system32\drivers\humaxfl.sys [2004-6-25 19584]
    S3 humaxst;HUMAX - Stub Driver;c:\windows\system32\drivers\humaxst.sys [2004-6-25 2944]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-8 52320]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-8 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-8 84488]
    S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [2010-7-13 18432]
    S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [2010-7-13 26368]
    .
    =============== Created Last 30 ================
    .
    2011-05-31 08:38:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-31 08:38:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-31 08:38:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-30 18:16:39 -------- d--h--w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2011-05-30 18:16:18 -------- d--h--w- c:\program files\SUPERAntiSpyware
    2011-05-30 18:08:39 -------- d--h--w- c:\program files\PC Tools Security
    2011-05-28 18:37:35 -------- d--h--w- c:\program files\Humax Digital
    2011-05-28 18:15:59 -------- d--h--w- c:\documents and settings\ross\local settings\application data\Temp
    2011-05-28 18:15:42 -------- d--h--w- c:\documents and settings\ross\local settings\application data\Google
    2011-05-28 17:27:23 -------- d--h--w- c:\documents and settings\ross\application data\Malwarebytes
    2011-05-28 17:26:59 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes
    .
    ==================== Find3M ====================
    .
    2011-04-28 13:34:50 53816 ---ha-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-04-14 13:01:38 95824 ---ha-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-14 13:01:38 9344 ---ha-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 13:01:38 88736 ---ha-w- c:\windows\system32\drivers\mfendisk.sys
    2011-04-14 13:01:38 84488 ---ha-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 13:01:38 84200 ---ha-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-04-14 13:01:38 56064 ---ha-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 13:01:38 52320 ---ha-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 13:01:38 387480 ---ha-w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-14 13:01:38 314088 ---ha-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 13:01:38 153280 ---ha-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-14 13:01:38 141792 ---ha-w- c:\windows\system32\mfevtps.exe
    2011-04-10 06:27:08 2057795 ---ha-w- c:\documents and settings\all users\SPLB2.tmp
    2011-03-07 05:33:50 692736 ---ha-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ---ha-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ---ha-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 10:41:57.56 ===============
     
  6. laylarynn224

    laylarynn224 TS Rookie Topic Starter

    Symptoms

    The HDD Defragmenter diagnostic box was showing up.
    Desktop was completely blank
    Error messages flagging up (Hard disk failed etc)
    Can not view or access programs or docs

    Since running the 7( now 5) step process the HDD Defragmenter no longer shows up or the error messages, desktop is mainly blank (except for anti malware bytes dds etc) Can not access any docs or programs still.

    Hope I am giving you the information in the right way fingers crossed you can help
     
  7. laylarynn224

    laylarynn224 TS Rookie Topic Starter

    BUMP

    Hi wondered if anyone had had a chance to look at the results i posted as yet.

    Thanks

    Layla
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am sorry for the delay. My internet was down then we had a bad storm front come through.

    You are running many extra processes that put the system at risk. The Java is years out of date and is a vulnerability.Let's get some of the desktop back first. You will run Mbam again, but this time, a full scan. Please follow:

    Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scanoption is selected and then click on the Scan button.

    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Pad before copying the log to paste in your next reply.
    =======================================
    Follow with: Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    ======================================
    When finished, continue with Combofix:
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===============================
    Please leave new Malwarebytes log and Combofix log in your next reply.
     
  9. laylarynn224

    laylarynn224 TS Rookie Topic Starter

    Hi,

    Thanks so much for getting back to me I hope everything is ok your end now.

    Results from the Malwarebytes full scan are below and will let you know once I have followed the other steps.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6736

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    02/06/2011 20:55:08
    mbam-log-2011-06-02 (20-55-08).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 280844
    Time elapsed: 1 hour(s), 16 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\system volume information\_restore{1283c4c2-5c9f-4160-b9a2-ac1bc36a6a58}\rp405\a0136472.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{1283c4c2-5c9f-4160-b9a2-ac1bc36a6a58}\rp405\a0136893.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
     
  10. laylarynn224

    laylarynn224 TS Rookie Topic Starter

    Combo Fix Log is below. Thank you so so so much for your help I can now open and view files and programs as far as I can tell.

    Is there anyway I can tell if the malware has been completly removed and you mentioned that "You are running many extra processes that put the system at risk. The Java is years out of date and is a vulnerability" is this something that I can rectify?

    ComboFix 11-06-02.02 - Ross 02/06/2011 21:32:35.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.498 [GMT 1:00]
    Running from: c:\documents and settings\Ross\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\Microsoft\LocalApp
    c:\documents and settings\All Users\Application Data\Microsoft\LocalApp\alths.rc
    c:\documents and settings\All Users\Application Data\Microsoft\LocalApp\expt.rc
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Layla\WINDOWS
    c:\documents and settings\Neither\WINDOWS
    c:\documents and settings\Ross\My Documents\iexplore.exe
    c:\documents and settings\Ross\WINDOWS
    c:\windows\system32\config\systemprofile\WINDOWS
    .
    ----- BITS: Possible infected sites -----
    .
    hxxp://sync.broadband.o2.co.uk:8080
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-31 08:38 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-31 08:38 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-31 08:38 . 2011-05-31 08:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-30 20:50 . 2011-05-30 20:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
    2011-05-30 18:16 . 2011-05-30 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-05-30 18:16 . 2011-05-31 09:26 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-30 18:08 . 2011-05-30 22:08 -------- d-----w- c:\program files\PC Tools Security
    2011-05-30 18:08 . 2011-05-30 21:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-05-30 18:04 . 2011-05-30 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2011-05-28 18:37 . 2011-05-28 18:37 -------- d-----w- c:\program files\Humax Digital
    2011-05-28 18:20 . 2011-05-28 18:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2011-05-28 18:15 . 2011-05-28 18:16 -------- d-----w- c:\documents and settings\Ross\Local Settings\Application Data\Temp
    2011-05-28 18:15 . 2011-05-28 18:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2011-05-28 18:15 . 2011-05-30 18:04 -------- d-----w- c:\program files\Google
    2011-05-28 18:15 . 2011-05-28 18:17 -------- d-----w- c:\documents and settings\Ross\Local Settings\Application Data\Google
    2011-05-28 17:27 . 2011-05-28 17:27 -------- d-----w- c:\documents and settings\Ross\Application Data\Malwarebytes
    2011-05-28 17:26 . 2011-05-28 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-04-14 13:01 . 2011-01-08 14:48 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 13:01 . 2011-01-08 14:48 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2011-04-14 13:01 . 2011-01-08 14:48 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-14 13:01 . 2011-01-08 14:48 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-04-14 13:01 . 2011-01-08 14:48 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 13:01 . 2011-01-08 14:48 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-04-14 13:01 . 2011-01-08 14:48 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 13:01 . 2011-01-08 14:48 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 13:01 . 2011-01-08 14:48 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-14 13:01 . 2011-01-08 14:48 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 13:01 . 2011-01-08 14:48 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-10 06:27 . 2011-04-10 06:27 2057795 ----a-w- c:\documents and settings\All Users\SPLB2.tmp
    2011-03-07 05:33 . 2006-09-13 13:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}"= "c:\program files\Nectar Search Toolbar\Helper.dll" [2010-11-20 356864]
    .
    [HKEY_CLASSES_ROOT\clsid\{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{8021825B-2FBA-43AA-8FC9-1289DCD80B76}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}]
    2010-11-20 20:20 1532416 ----a-w- c:\program files\Nectar Search Toolbar\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{8020143D-5926-4394-A04D-DD0B649DA121}"= "c:\program files\Nectar Search Toolbar\Toolbar.dll" [2010-11-20 1532416]
    .
    [HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
    [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
    [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{8020143D-5926-4394-A04D-DD0B649DA121}"= "c:\program files\Nectar Search Toolbar\Toolbar.dll" [2010-11-20 1532416]
    .
    [HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
    [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
    [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
    "kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-30 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CFSServ.exe"="CFSServ.exe -NoClient" [X]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
    "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 16206848]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 88204]
    "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
    "TPSMain"="TPSMain.exe" [2005-08-03 266240]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
    "TFncKy"="TFncKy.exe" [BU]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-03 185896]
    "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
    "lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2010-01-18 770728]
    "EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-01-18 139944]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    c:\documents and settings\Layla\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
    .
    c:\documents and settings\Ross\Start Menu\Programs\Startup\
    BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
    backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ross^Start Menu^Programs^Startup^Freecom Personal Media Suite.lnk]
    path=c:\documents and settings\Ross\Start Menu\Programs\Startup\Freecom Personal Media Suite.lnk
    backup=c:\windows\pss\Freecom Personal Media Suite.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ross^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
    path=c:\documents and settings\Ross\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
    backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "c:\\Program Files\\O2\\bin\\wificfg.exe"=
    "c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
    "c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
    "c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\lxeacoms.exe"=
    "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
    "c:\\Program Files\\Nectar Search Toolbar\\TroubleShooter.exe"=
    "c:\\Program Files\\Nectar Search Toolbar\\ToolbarUpdate.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/04/2011 14:34 53816]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [08/01/2011 15:48 84200]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [28/02/2010 21:52 390528]
    R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [02/05/2011 22:24 57144]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34 66360]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34 158904]
    R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23/11/2008 11:46 88176]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [08/01/2011 15:48 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [08/01/2011 15:48 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [08/01/2011 15:49 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [08/01/2011 15:48 141792]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34 870200]
    R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 17:19 202280]
    R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [16/01/2008 20:00 12160]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [08/01/2011 15:48 56064]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [08/01/2011 15:48 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [08/01/2011 15:48 88736]
    R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [14/09/2006 12:10 7040]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/05/2011 19:15 136176]
    S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [22/09/2010 21:47 98984]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [05/08/2010 11:41 36608]
    S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [16/01/2008 20:00 7040]
    S3 humaxfl;HUMAX - Filter Driver;c:\windows\system32\drivers\humaxfl.sys [25/06/2004 01:31 19584]
    S3 humaxst;HUMAX - Stub Driver;c:\windows\system32\drivers\humaxst.sys [25/06/2004 01:31 2944]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [08/01/2011 15:48 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [08/01/2011 15:48 84488]
    S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [13/07/2010 18:41 18432]
    S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [13/07/2010 18:41 26368]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
    .
    2011-06-02 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-30 18:04]
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 18:15]
    .
    2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 18:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
    IE: &MSN Search - c:\program files\MSN Toolbar Suite\msntb.dll/search.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: o2.co.uk\*.broadband
    TCP: DhcpNameServer = 192.168.1.254
    DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-NPSStartup - (no file)
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-02 21:49
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1432)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2011-06-02 21:54:14
    ComboFix-quarantined-files.txt 2011-06-02 20:54
    .
    Pre-Run: 51,599,007,744 bytes free
    Post-Run: 51,814,576,128 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 8AF10AA6C356CC991A71B8EAF7A07968
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Give me time!

    The rogues are only in the restore points now. I will have you drop the old ones and create a new clean one when we finish. You should do any System restores when we're cleaning!
    =================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\documents and settings\All Users\SPLB2.tmp
    Folder::
    c:\program files\PC Tools Security
    c:\documents and settings\All Users\Application Data\TEMP
    DDS::
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}"=-
    [HKEY_CLASSES_ROOT\clsid\{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{8021825B-2FBA-43AA-8FC9-1289DCD80B76}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{8020143D-5926-4394-A04D-DD0B649DA121}"=-
    [HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
    [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
    [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{8020143D-5926-4394-A04D-DD0B649DA121}"=-
    [HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
    [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
    [HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Nectar Search Toolbar\\TroubleShooter.exe"=-
    "c:\\Program Files\\Nectar Search Toolbar\\ToolbarUpdate.exe"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please go on to my next reply when finished.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please update Java: Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    ===================================
    I have taken the liberty of removing entries for several toolbar programs that I consider a risk to the system. You should make sure the program itself is uninstalled and delete the program folder using Windows Explorer (Windows key + E) to access My Computer> Double click on Local Drive> Programs> find the folder and do a right click> Delete for each. There were multiple entries for these:
    FreeCauseURLSearchHook
    Nectar Search Toolbar

    ==================================
    There is a long list of 22 Samsung USB drivers showing as in the quote below. If you had the Samsung program that used these but no longer have it, check in Add/Remove Programs, then Windows Explorer, same as above and make sure the programs are uninstalled and the program folders deleted:
    ========================================
    You had both McAfee and PCTools Security running. I have removed PC Tools. Please make sure it is uninstalled and program folder deleted.
    ========================================
    Let me know how the system is doing.
     
  13. laylarynn224

    laylarynn224 TS Rookie Topic Starter

    Thankyou again for your help. I have completed the 1st step and the results are below.

    ComboFix 11-06-04.02 - Ross 04/06/2011 20:11:11.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.320 [GMT 1:00]
    Running from: c:\documents and settings\Ross\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Ross\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    FILE ::
    "c:\documents and settings\All Users\SPLB2.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\SPLB2.tmp
    c:\program files\java\jre1.5.0_06\bin\ssv.dll
    c:\program files\PC Tools Security
    c:\program files\PC Tools Security\Alert.cfg
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-31 08:38 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-31 08:38 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-31 08:38 . 2011-05-31 08:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-30 20:50 . 2011-05-30 20:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
    2011-05-30 18:16 . 2011-05-30 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-05-30 18:16 . 2011-05-31 09:26 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-05-30 18:04 . 2011-05-30 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2011-05-28 18:37 . 2011-05-28 18:37 -------- d-----w- c:\program files\Humax Digital
    2011-05-28 18:20 . 2011-05-28 18:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2011-05-28 18:15 . 2011-05-28 18:16 -------- d-----w- c:\documents and settings\Ross\Local Settings\Application Data\Temp
    2011-05-28 18:15 . 2011-05-28 18:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2011-05-28 18:15 . 2011-05-30 18:04 -------- d-----w- c:\program files\Google
    2011-05-28 18:15 . 2011-05-28 18:17 -------- d-----w- c:\documents and settings\Ross\Local Settings\Application Data\Google
    2011-05-28 17:27 . 2011-05-28 17:27 -------- d-----w- c:\documents and settings\Ross\Application Data\Malwarebytes
    2011-05-28 17:26 . 2011-05-28 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-04-14 13:01 . 2011-01-08 14:48 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 13:01 . 2011-01-08 14:48 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2011-04-14 13:01 . 2011-01-08 14:48 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-14 13:01 . 2011-01-08 14:48 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-04-14 13:01 . 2011-01-08 14:48 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 13:01 . 2011-01-08 14:48 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-04-14 13:01 . 2011-01-08 14:48 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 13:01 . 2011-01-08 14:48 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 13:01 . 2011-01-08 14:48 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-14 13:01 . 2011-01-08 14:48 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 13:01 . 2011-01-08 14:48 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-03-07 05:33 . 2006-09-13 13:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-02_20.49.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-06-04 10:55 . 2011-06-04 10:55 16384 c:\windows\Temp\Perflib_Perfdata_4b0.dat
    + 2006-09-18 14:54 . 2011-06-04 17:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2006-09-18 14:54 . 2011-05-31 17:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2006-09-18 14:54 . 2011-06-04 17:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2006-09-18 14:54 . 2011-05-31 17:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2011-06-04 12:30 . 2011-06-04 17:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}]
    2010-11-20 20:20 1532416 ----a-w- c:\program files\Nectar Search Toolbar\Toolbar.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
    "kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
    "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-30 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CFSServ.exe"="CFSServ.exe -NoClient" [X]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
    "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 16206848]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 88204]
    "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
    "TPSMain"="TPSMain.exe" [2005-08-03 266240]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
    "TFncKy"="TFncKy.exe" [BU]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-03 185896]
    "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
    "lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2010-01-18 770728]
    "EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-01-18 139944]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    c:\documents and settings\Layla\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
    .
    c:\documents and settings\Ross\Start Menu\Programs\Startup\
    BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
    backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ross^Start Menu^Programs^Startup^Freecom Personal Media Suite.lnk]
    path=c:\documents and settings\Ross\Start Menu\Programs\Startup\Freecom Personal Media Suite.lnk
    backup=c:\windows\pss\Freecom Personal Media Suite.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ross^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
    path=c:\documents and settings\Ross\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
    backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "c:\\Program Files\\O2\\bin\\wificfg.exe"=
    "c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
    "c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
    "c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\lxeacoms.exe"=
    "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
    "c:\\Program Files\\Nectar Search Toolbar\\TroubleShooter.exe"=
    "c:\\Program Files\\Nectar Search Toolbar\\ToolbarUpdate.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/04/2011 14:34 53816]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [08/01/2011 15:48 84200]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [28/02/2010 21:52 390528]
    R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys [02/05/2011 22:24 57144]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34 66360]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34 158904]
    R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23/11/2008 11:46 88176]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [08/01/2011 15:48 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [08/01/2011 15:48 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [08/01/2011 15:49 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [08/01/2011 15:48 141792]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34 870200]
    R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 17:19 202280]
    R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [16/01/2008 20:00 12160]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [08/01/2011 15:48 56064]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [08/01/2011 15:48 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [08/01/2011 15:48 88736]
    R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [14/09/2006 12:10 7040]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/05/2011 19:15 136176]
    S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [22/09/2010 21:47 98984]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [05/08/2010 11:41 36608]
    S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [16/01/2008 20:00 7040]
    S3 humaxfl;HUMAX - Filter Driver;c:\windows\system32\drivers\humaxfl.sys [25/06/2004 01:31 19584]
    S3 humaxst;HUMAX - Stub Driver;c:\windows\system32\drivers\humaxst.sys [25/06/2004 01:31 2944]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [08/01/2011 15:48 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [08/01/2011 15:48 84488]
    S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [13/07/2010 18:41 18432]
    S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [13/07/2010 18:41 26368]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
    .
    2011-06-04 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-30 18:04]
    .
    2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 18:15]
    .
    2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 18:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
    IE: &MSN Search - c:\program files\MSN Toolbar Suite\msntb.dll/search.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: o2.co.uk\*.broadband
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-04 21:12
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1420)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2011-06-04 21:15:24
    ComboFix-quarantined-files.txt 2011-06-04 20:15
    ComboFix2.txt 2011-06-04 12:24
    ComboFix3.txt 2011-06-04 09:44
    ComboFix4.txt 2011-06-02 20:54
    .
    Pre-Run: 51,772,100,608 bytes free
    Post-Run: 51,749,232,640 bytes free
    .
    - - End Of File - - 4E7695C018E2A59DB20A4F9639DA61E2
     
  14. laylarynn224

    laylarynn224 TS Rookie Topic Starter

    Java - updated
    FreeCauseURLSearchHook - Could not find any trace of
    Nectar Search Toolbar - Files removed
    Samsung USB drivers - removed
    PCTools Security - Could not find any trace of

    For some reason all word doc names have the first 2 letters replaced with ~$ when I try to open the doc is comes up with an error message "word can not start the converter mswrd632" do you know why that is?
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please see this site for both auto-fix from Microsoft or Manual fix by you.
    http://support.microsoft.com/kb/973904

    Note: If you decide on the Manual Fix please back up the Registry before making changes.
    =====================================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  16. laylarynn224

    laylarynn224 TS Rookie Topic Starter

    Really sorry for the late reply have follwed instructions and the results are below (From HijackThis)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:31:38, on 19/06/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Kontiki\KService.exe
    C:\WINDOWS\system32\lxeacoms.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\O2\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
    C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
    C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110509225246.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: FCTBPos00Pos - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll (file missing)
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
    O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [lxeamon.exe] "C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark S300-S400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.broadband.o2.co.uk
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
    O23 - Service: lxea_device - - C:\WINDOWS\system32\lxeacoms.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 15720 bytes
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No problem! I can always use the extra time.

    Please reopen Hijack This to 'do system scan only.' Check each of the following, if present:

    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: FCTBPos00Pos - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll (file missing)


    Close all Windows except HijackThis and click on "Fix Checked."
    ===========================================
    You have so much running in the background that are most probably on the Startup Menu. Here is a partial list of what you don't need to start on boot:
    Lexmark
    X10
    Real Player & Real Update
    Nokia PC Suite
    iPod
    QuickTime
    Java
    ScanSoft
    Canon
    ==================================
    Kontiki Enterprise Video Delivery
    Be careful with this. Any way you put it, it's files sharing. That means it's a vulnerability to your system and almost certain to bundle malware with some downloads.
    ================================
    If we have resolved all of the problems: You can remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...