Jump to content

leyanni

Members
  • Content Count

    25
  • Joined

  • Last visited

About leyanni

  • Rank
    Member

Contact Methods

  • Website URL
    http://

Previous Fields

  • System Specifications:
    80 GB HD space, 2000 MB RAM, 1.73 cpu speed, windows XP SP3
  • TechExpress Link:
    http://www.pcpitstop.com/betapit/sec.asp?conid=21831745
  • Teams:
    Nothing Selected
  1. Hi again Thanks for your reply. But my connection is set as WPA and it does not disconnect from my brother's laptop for example (in the same home). So since it's only happening from MY laptop...why should it be a password or configuration problem in the connection itself? Also I don't think that the router I have can generate passwords (how can I know this?)
  2. Hello from Lebanon and thanks in advance for your valuable help. I have been having a weird problem with my internet connection since a while. My connection is a 256K wireless DSL connection (I use a router). While the router is ok and does not show a red @, the connection suddenly cuts ONLY FROM MY LAPTOP, not from the network or provider: 2-3 secs before cutting, a yellow balloon pops up from the wireless internet connection icon in the taskbar (blue PC) that says: "connected to: name of connection(UNSECURED)" and then cuts. I then have to reconnect manually. This happens randomly with no specific task running or program open (it can happen 4-5 times in an hour or not happen at all in 3 hours). And this is really annoying when you are downloading and it suddenly stops... Note that UNSECURED does not mean that my connection is not protected; it is, since it has a password. I have also resolved and fixed all my viruses and malware issues previously even with highjackthis (for another problem). So my PC is not infected, I am clean. What could be the cause of such a behavior and how to fix it? Could it be a problem in the network card for example? Thanks again
  3. OK I will. I want to deeply thank you for all your valuable help...from the ceadars of Lebanon my dear Juliet!
  4. [quote name='Juliet' date='5:20pm Thu Mar 5 2009' post='1576270' We're running out of options. Please post: DDS.logs ark.txt I know we are running out of options... Here are the 2 dds and the GMER logs: DDS (Ver_09-02-01.01) - NTFSx86 Run by new at 18:23:49.17 on Thu 03/05/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1448 [GMT 2:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW: McAfee Personal Firewall *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Microsoft SQL Server\MSSQL$STP_TRAINING_08\Binn\sqlservr.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\McAfee\Anti-Theft\McPvTray.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\new\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\new\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe mRun: [McPvTray] c:\program files\mcafee\anti-theft\McPvTray.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" StartupFolder: c:\docume~1\new\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe StartupFolder: c:\docume~1\new\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\new\applic~1\mozilla\firefox\profiles\vz7j20tp.default\ FF - prefs.js: network.proxy.http - http://autoproxy.aub.edu.lb/autoproxy.pac FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\new\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-24 64160] R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [2008-5-28 61688] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 213640] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-23 206096] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-23 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-23 144704] R2 MSSQL$STP_TRAINING_08;MSSQL$STP_TRAINING_08;c:\program files\microsoft sql server\mssql$stp_training_08\binn\sqlservr.exe -sstp_training_08 --> c:\program files\microsoft sql server\mssql$stp_training_08\binn\sqlservr.exe -sSTP_TRAINING_08 [?] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-6-12 33792] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-23 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-23 79304] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-23 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-23 40552] S3 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys --> c:\windows\system32\drivers\epm-shd.sys [?] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-23 34216] S3 SQLAgent$STP_TRAINING_08;SQLAgent$STP_TRAINING_08;c:\program files\microsoft sql server\mssql$stp_training_08\binn\sqlagent.exe -i stp_training_08 --> c:\program files\microsoft sql server\mssql$stp_training_08\binn\sqlagent.EXE -i STP_TRAINING_08 [?] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096] S4 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2009-03-05 18:11 250 a------- c:\windows\gmer.ini 2009-03-02 23:54 <DIR> a-dshr-- C:\cmdcons 2009-03-02 23:33 161,792 a------- c:\windows\SWREG.exe 2009-03-02 23:33 98,816 a------- c:\windows\sed.exe 2009-02-28 14:49 <DIR> --d----- c:\documents and settings\new\DoctorWeb 2009-02-28 14:46 <DIR> --d----- c:\windows\system32\CatRoot2 2009-02-27 00:31 <DIR> --d----- C:\_OTMoveIt 2009-02-25 20:58 <DIR> --d----- c:\docume~1\new\applic~1\Malwarebytes 2009-02-25 20:58 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-02-25 20:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-25 20:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-02-25 20:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-02-24 22:18 406 a------- c:\windows\system32\ioloBootDefrag.cfg 2009-02-24 16:44 <DIR> --d----- c:\program files\Trend Micro 2009-02-24 14:36 15,688 a------- c:\windows\system32\lsdelete.exe 2009-02-24 14:21 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-02-24 14:18 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-24 14:18 <DIR> --d----- c:\program files\Lavasoft 2009-02-24 13:29 110 a------- c:\windows\wininit.ini 2009-02-24 12:57 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-02-24 12:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-02-23 20:01 13,849 a------- c:\windows\system32\Config.MPF 2009-02-23 18:37 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys 2009-02-23 18:37 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys 2009-02-23 18:37 35,272 a------- c:\windows\system32\drivers\mfebopk.sys 2009-02-23 18:37 120,136 a------- c:\windows\system32\drivers\Mpfp.sys 2009-02-23 18:35 <DIR> --d----- c:\program files\common files\McAfee 2009-02-23 18:35 <DIR> --d----- c:\program files\McAfee.com 2009-02-23 17:57 34,216 a------- c:\windows\system32\drivers\mferkdk.sys 2009-02-23 16:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee Anti-Theft 2009-02-23 12:19 <DIR> --d----- c:\docume~1\new\applic~1\iolo 2009-02-23 12:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo 2009-02-07 17:53 <DIR> --dshr-- C:\CONFIG ==================== Find3M ==================== 2009-02-02 20:36 81,984 a------- c:\windows\system32\bdod.bin 2009-01-09 12:03 213,640 a------- c:\windows\system32\drivers\mfehidk.sys 2008-12-26 10:19 410,984 a------- c:\windows\system32\deploytk.dll 2008-12-21 01:15 826,368 a------- c:\windows\system32\wininet.dll 2007-10-05 21:31 411,248 a------- c:\program files\FLV PlayerRCSetup.exe 2008-08-28 11:11 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat ============= FINISH: 18:25:08.39 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-02-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 8/17/2006 12:34:23 PM System Uptime: 3/5/2009 1:46:13 PM (5 hours ago) Motherboard: Acer, Inc. | | Crane II Processor: Intel® Pentium® M processor 1.73GHz | U1 | 1729/533mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 75 GiB total, 29.872 GiB free. D: is CDROM () F: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Broadcom 440x 10/100 Integrated Controller Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_00661025&REV_02\4&1D3F0FBB&0&40F0 Manufacturer: Broadcom Name: Broadcom 440x 10/100 Integrated Controller PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_00661025&REV_02\4&1D3F0FBB&0&40F0 Service: bcm4sbxp ==== System Restore Points =================== RP1: 3/2/2009 11:34:04 PM - System Checkpoint RP2: 3/2/2009 11:34:51 PM - ComboFix created restore point RP3: 3/3/2009 1:36:31 PM - Supprimé Gestionnaire de téléchargement MusiClassics RP4: 3/4/2009 12:25:29 AM - ComboFix created restore point RP5: 3/4/2009 1:06:28 PM - Installed Adobe Reader 9. ==== Installed Programs ====================== µTorrent Acrobat.com Ad-Aware Adobe Acrobat 7.0 Professional Adobe Acrobat 7.1.0 Professional Adobe AIR Adobe Audition 3.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9 AiO_Scan_CDA AiOSoftwareNPI Analyseur et SDK MSXML 4.0 SP2 Apple Mobile Device Support Apple Software Update Assistant de connexion Windows Live AutoCAD 2008 - English Autodesk DWF Viewer 7 BufferChm Choice Guard Compatibility Pack for the 2007 Office system Conexant AC-Link Audio CustomerResearchQFolder Destinations DeviceManagementQFolder East West Orchestra 1 - Strings East West Orchestra 2 - Woodwinds East West Orchestra 3 - Brass East West Orchestra 4 - Percussion East West Ra East West Symphonic Choirs eSupportQFolder F300 F300_Help Fax_CDA Finale 2007 FLV Player Garritan Ambiance Installer Google Chrome Google Earth Google Updater Google Video Player Harmony Practice 3 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954708) HP Customer Participation Program 7.0 HP Imaging Device Functions 7.0 HP Photosmart Essential HP Photosmart, Officejet and Deskjet 7.0.A HP Solution Center 7.0 HP Update HPPhotoSmartExpress HPProductAssistant InstantShareDevicesMFC Intel® Graphics Media Accelerator Driver for Mobile iTunes J2SE Runtime Environment 5.0 Update 3 Java 6 Update 11 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Launch Manager LightScribe System Software 1.10.13.1 MagicDisc 2.5.74 Malwarebytes' Anti-Malware MarketResearch McAfee Anti-Theft McAfee SecurityCenter Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Desktop Engine (STP_TRAINING_08) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.5) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) Music Write 2000 Professional Musicnotes Player V1.22.3 Native Instruments Finale GPO 2.0 Nero 7 Essentials neroxml NewCopy_CDA Nokia Connectivity Cable Driver OpenOffice.org Installer 1.0 Petit Larousse 2009 PowerDVD ProductContextNPI QuickTime Readme RealPlayer Saf-T-Pak Infectious Training 6.1 Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB960715) Sibelius Scorch (ActiveX Only) Skype 2.0 SmartMusic 9 SoftV92 Data Fax Modem with SmartCP SolutionCenter SPSS 16.0 for Windows Spybot - Search & Destroy Status Steinberg Cubase SX v3.1.1.944 Steinberg Nuendo v3.1.1.944 SweetIM Toolbar for Internet Explorer 3.1 Symantec KB-DocID:2003093015493306 Synaptics Pointing Device Driver Syncrosoft's License Control SyncroSoft Emu (Remove only) Teton Viewer Texas Instruments PCIxx21/x515 drivers. TIxx21 Toolbox TrayApp Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) URGE vanBasco's Karaoke Player VBA (2627.01) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP WebReg Webshots Desktop WIDCOMM Bluetooth Software Winamp (remove only) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Live Mail Windows Live Messenger Windows Media Format 11 runtime Windows Media Player 11 Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 Windows XP Service Pack 3 WinRAR archiver WinZip Yahoo! Toolbar YAMAHA Musicsoft Downloader 5 ==== Event Viewer Messages From Past Week ======== 3/1/2009 3:32:05 PM, error: Service Control Manager [7000] - The Acer EPM System Hardware Driver service failed to start due to the following error: The system cannot find the file specified. 3/1/2009 3:31:12 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0012F0E7DE6B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 2/28/2009 1:12:42 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/28/2009 1:12:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 2/28/2009 1:02:10 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0012F0E7DE6B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 2/26/2009 10:32:13 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0012F0E7DE6B. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 2/26/2009 10:11:25 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0012F0E7DE6B has been denied by the DHCP server 192.168.140.129 (The DHCP Server sent a DHCPNACK message). 3/1/2009 8:31:50 PM, error: BTHUSB [17] - The local Bluetooth radio has failed in an undetermined manner and will be unloaded. 3/2/2009 9:41:34 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect. 3/2/2009 9:41:34 AM, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/3/2009 12:53:09 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{2D72AD17-5F9E-4870-A51D-54E72FCCE5B1} because another computer on the network has the same name. The server could not start. 3/5/2009 5:27:57 PM, error: Dhcp [1002] - The IP address lease 192.168.130.245 for the Network Card with network address 0012F0E7DE6B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). ==== End Of File =========================== GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-03-05 18:45:39 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA8F887E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA8F8C10] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA94DD44A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA94DD3F8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA94DD40C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA94DD4F7] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA94DD523] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA94DD591] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA94DD57B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA94DD48A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA94DD5BD] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA94DD4CD] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA94DD3D0] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA94DD3E4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA94DD45E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA94DD5F9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA94DD565] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA94DD54F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA94DD50D] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA94DD5E5] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA94DD5D1] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA94DD436] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA94DD422] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA94DD4B9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA94DD5A7] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA94DD4A0] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA94DD474] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b6b91a870 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b6b91a870@001060d00219 0x50 0xB9 0x8F 0xE0 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b6b91a870 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b6b91a870@001060d00219 0x50 0xB9 0x8F 0xE0 ... ---- EOF - GMER 1.0.14 ----
  5. Hi again I checked and fixed with Highjackthis. But immediately after fixing it asked me to reboot the machine. However, as you suggested, I ran to stop Lavasoft BEFORE rebooting. Is that ok? Now the AAWService.exe process is killed but the PC is still taking high CPU usage. Note: I still have the Ad-Aware software installed. Do I have to delete it? Thank you
  6. I don't think there is a way to close SQL when not in use. I don't have Ad-Aware 2007 service in the list in the services manager.
  7. Yes the SQL reference you see is something I use. It's a training CD. My HDD is 40% free (total capacity 80 GB, used space 44.6 GB with all the dowloads I did from this forum) I defragmented the drive recently and I always analyse it. I says no need to defragment now. I am 200% sure that the problem is not because of McAfee; it began BEFORE I purchased it (I bought it liscenced from the official McAfee website especially to scan my computer). Thanks for all your valuable help anyway!
  8. Hi again Below are the processes taking high CPU usage without any program running (the CPU usage is being CONTINUOUSLY high) McUICut.exe McNASvc.exe sqlservr.exe AAWService.exe WLLoginProxy.exe svchost.exe explorer.exe McAfeeDataBackup.exe McShield.exe Below is the OTMove It log followed by the new highjackthis log: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== File/Folder e:\config\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe not found. File/Folder e:\config\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55611002-ba0c-11dd-9166-0012f0e7de6b}\\ deleted successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\new\LOCALS~1\Temp\fb_308.lck scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\mcafee_0AzlCj96YnS3ZjD scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcafee_hjgxCTmDEnTOkB7 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_2qcqGMbJFlP4G4Q scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_kWdtIuuhzGQ72o9 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4ac.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_730.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_9p7nabiyJmRZRU7 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_EoW6ztcrlj5Pb9H scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_eViyzBTtq6E70Cz scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_HYeCrrVKD2rENGT scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_iVSbWf9e0mDZqQt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_KuTqlThcHxvwc8J scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\sqlite_QbqXhDwYoe1KOGD scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03042009_124150 Files moved on Reboot... File C:\DOCUME~1\new\LOCALS~1\Temp\fb_308.lck not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\mcafee_0AzlCj96YnS3ZjD not found! File C:\WINDOWS\temp\mcafee_hjgxCTmDEnTOkB7 not found! File C:\WINDOWS\temp\mcmsc_2qcqGMbJFlP4G4Q not found! File C:\WINDOWS\temp\mcmsc_kWdtIuuhzGQ72o9 not found! File C:\WINDOWS\temp\Perflib_Perfdata_4ac.dat not found! File C:\WINDOWS\temp\Perflib_Perfdata_730.dat not found! File C:\WINDOWS\temp\sqlite_9p7nabiyJmRZRU7 not found! C:\WINDOWS\temp\sqlite_EoW6ztcrlj5Pb9H moved successfully. File C:\WINDOWS\temp\sqlite_eViyzBTtq6E70Cz not found! C:\WINDOWS\temp\sqlite_HYeCrrVKD2rENGT moved successfully. File C:\WINDOWS\temp\sqlite_iVSbWf9e0mDZqQt not found! File C:\WINDOWS\temp\sqlite_KuTqlThcHxvwc8J not found! C:\WINDOWS\temp\sqlite_QbqXhDwYoe1KOGD moved successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:04:55 PM, on 3/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Microsoft SQL Server\MSSQL$STP_TRAINING_08\Binn\sqlservr.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\McAfee\Anti-Theft\McPvTray.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\McAfee\Anti-Theft\McUiCnt.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\NOS\bin\getPlus_HelperSvc.exe C:\Program Files\NOS\bin\getPlus_HelperSvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.aub.edu.lb/autoproxy.pac O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 12268 bytes Now the computer is still as before.
  9. Hi again Juliet I still was not able to download flash disinfector even after renaming it (still gives the same error and the download STOPS at 99%, meaning there is no icon saved on the desktop). I continued with the steps described above. Below are the combofix log (after dragging the NOTEPAD file you told me to create) followed by a new hijack this log: ComboFix 09-03-02.03 - new 2009-03-04 0:26:19.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1433 [GMT 2:00] Running from: c:\documents and settings\new\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\new\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point FILE :: c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe e:\config\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\mfc45.dll . ((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 ))))))))))))))))))))))))))))))) . 2009-02-28 14:49 . 2009-02-28 14:49 <DIR> d-------- c:\documents and settings\new\DoctorWeb 2009-02-28 14:46 . 2009-03-04 00:26 <DIR> d-------- c:\windows\system32\CatRoot2 2009-02-27 00:31 . 2009-02-27 00:31 <DIR> d-------- C:\_OTMoveIt 2009-02-25 20:58 . 2009-02-25 20:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-25 20:58 . 2009-02-25 20:58 <DIR> d-------- c:\documents and settings\new\Application Data\Malwarebytes 2009-02-25 20:58 . 2009-02-25 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-25 20:58 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-25 20:58 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-24 22:18 . 2009-02-24 22:18 406 --a------ c:\windows\system32\ioloBootDefrag.cfg 2009-02-24 22:17 . 2009-02-24 22:17 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo 2009-02-24 16:44 . 2009-02-24 16:44 <DIR> d-------- c:\program files\Trend Micro 2009-02-24 14:36 . 2009-02-24 18:54 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-02-24 14:21 . 2009-01-18 23:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-02-24 14:18 . 2009-02-24 14:18 <DIR> d-------- c:\program files\Lavasoft 2009-02-24 14:18 . 2009-02-24 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-24 14:18 . 2009-02-24 14:18 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-24 13:29 . 2009-02-24 13:29 110 --a------ c:\windows\wininit.ini 2009-02-24 12:57 . 2009-02-24 12:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-02-24 12:57 . 2009-02-24 13:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-23 20:01 . 2009-03-03 23:53 12,877 --a------ c:\windows\system32\Config.MPF 2009-02-23 18:37 . 2008-10-23 13:08 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys 2009-02-23 18:37 . 2009-01-09 12:03 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys 2009-02-23 18:37 . 2009-01-09 12:03 40,552 --a------ c:\windows\system32\drivers\mfesmfk.sys 2009-02-23 18:37 . 2009-01-09 12:03 35,272 --a------ c:\windows\system32\drivers\mfebopk.sys 2009-02-23 18:35 . 2009-02-23 18:36 <DIR> d-------- c:\program files\McAfee.com 2009-02-23 18:35 . 2009-02-23 18:37 <DIR> d-------- c:\program files\Common Files\McAfee 2009-02-23 17:57 . 2009-01-09 12:03 34,216 --a------ c:\windows\system32\drivers\mferkdk.sys 2009-02-23 16:18 . 2009-02-23 16:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee Anti-Theft 2009-02-23 12:19 . 2009-02-24 22:18 <DIR> d-------- c:\documents and settings\new\Application Data\iolo 2009-02-23 12:19 . 2009-03-03 13:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo 2009-02-13 20:50 . 2009-02-13 20:50 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore 2009-02-07 17:53 . 2009-02-07 17:53 <DIR> dr-hs---- C:\CONFIG 2009-02-03 11:12 . 2009-02-03 11:12 <DIR> d-------- c:\documents and settings\LocalService\Application Data\McAfee 2009-02-03 09:47 . 2009-02-14 03:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-02-03 09:45 . 2006-03-03 11:07 143,360 --a------ c:\windows\system32\dunzip32.dll 2009-02-03 09:41 . 2009-02-27 00:20 <DIR> d-------- c:\program files\McAfee . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-03 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-02-26 22:31 --------- d-----w c:\program files\MSN Messenger 2009-02-25 21:10 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-24 20:44 --------- d-----w c:\documents and settings\new\Application Data\uTorrent 2009-02-23 18:01 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-02-02 18:36 81,984 ----a-w c:\windows\system32\bdod.bin 2009-02-02 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender 2009-01-09 10:03 213,640 ----a-w c:\windows\system32\drivers\mfehidk.sys 2008-12-26 08:19 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2007-10-05 19:31 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe 2008-08-28 09:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082820080829\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-02_23.41.12.84 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-02 18:53:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-03-03 20:56:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-03-02 18:53:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-03-03 20:56:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-03-03 11:43:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_180.dat + 2009-03-03 11:43:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_80.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218] "LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024] "McPvTray"="c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2008-05-28 655360] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808] "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864] c:\documents and settings\new\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-11-24 534016] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2006-09-05 25214] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-05-25 565309] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"= xgusb.cpl "midi2"= xgusb.cpl "vidc.ffds"= ffdshow.ax [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\admin\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hyperappel du Petit Larousse 2009.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hyperappel du Petit Larousse 2009.lnk backup=c:\windows\pss\Hyperappel du Petit Larousse 2009.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^new^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\new\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] --a------ 2009-02-24 18:52 509784 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-06-02 10:13 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-05-19 17:11 18577448 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-03-30 10:42 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"= "c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"= "c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-24 64160] R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [2008-05-28 61688] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-23 206096] R2 MSSQL$STP_TRAINING_08;MSSQL$STP_TRAINING_08;c:\program files\Microsoft SQL Server\MSSQL$STP_TRAINING_08\Binn\sqlservr.exe -sSTP_TRAINING_08 --> c:\program files\Microsoft SQL Server\MSSQL$STP_TRAINING_08\Binn\sqlservr.exe -sSTP_TRAINING_08 [?] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-06-12 33792] S3 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\Drivers\epm-shd.sys --> c:\windows\system32\Drivers\epm-shd.sys [?] S3 SQLAgent$STP_TRAINING_08;SQLAgent$STP_TRAINING_08;c:\program files\Microsoft SQL Server\MSSQL$STP_TRAINING_08\Binn\sqlagent.EXE -i STP_TRAINING_08 --> c:\program files\Microsoft SQL Server\MSSQL$STP_TRAINING_08\Binn\sqlagent.EXE -i STP_TRAINING_08 [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55611002-ba0c-11dd-9166-0012f0e7de6b}] \Shell\AutoRun\command - e:\config\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe \Shell\open\command - e:\config\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-03-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-24 18:52] 2009-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-484763869-682003330-1010.job - c:\documents and settings\new\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 19:18] 2009-02-23 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53] 2009-02-28 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53] 2009-03-03 c:\windows\Tasks\User_Feed_Synchronization-{05B5FDC3-99D2-4358-B76D-1BA3B726A256}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 12:58] 2009-03-03 c:\windows\Tasks\User_Feed_Synchronization-{9C9AFE10-A78F-417D-AE5D-E1A91EB495D3}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 12:58] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html Trusted Zone: internet Trusted Zone: mcafee.com FF - ProfilePath - c:\documents and settings\new\Application Data\Mozilla\Firefox\Profiles\vz7j20tp.default\ FF - prefs.js: network.proxy.http - http://autoproxy.aub.edu.lb/autoproxy.pac FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\new\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-04 00:29:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*] "AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL . Completion time: 2009-03-04 0:33:13 ComboFix-quarantined-files.txt 2009-03-03 22:32:54 ComboFix2.txt 2009-03-02 22:00:36 ComboFix3.txt 2009-03-02 21:43:35 Pre-Run: 32,499,507,200 bytes free Post-Run: 32,488,902,656 bytes free 242 --- E O F --- 2009-02-25 21:10:15 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:36:33 AM, on 3/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Microsoft SQL Server\MSSQL$STP_TRAINING_08\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\McAfee\Anti-Theft\McPvTray.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\new\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 11714 bytes Now the computer is a bit faster in closing windows and tabs (but not always) but still with this annoying high CPU processing (between 65 and 100%) NOTE: when I ran combofix this time it prompted me that there is a new version to download and I clicked "yes" then it began scanning. When done, the machine did not reboot.
  10. Hi again Juliet I am not able to complete the download of flash disinfector.exe. from any of the links provided. When it arrives to 99% an error says "cannot copy file. access is denied. make sure the disk is right-protected". Why is that happening? Do I continue with the following steps (combofix) and skip this? Thanks again:)
  11. OK! This time I was able to download and run combofix properly:)) But the Recovery console did not download successfully the 1st time because my wireless internet connection went down for 1 sec. However combofix continued with scanning and here is the log below. I then re-ran combofix again and this time the recovery console downloaded completly and I scanned once again (the second log is not shown here). Does downloading (or not) the recovery console affects the scan results? (would there be a difference between the 1st and the 2nd scan?) ComboFix 09-03-02.01 - new 2009-03-02 23:37:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1400 [GMT 2:00] Running from: c:\documents and settings\new\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\mfc45.dll c:\windows\system32\tmp.reg . ((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 ))))))))))))))))))))))))))))))) . 2009-02-28 14:49 . 2009-02-28 14:49 <DIR> d-------- c:\documents and settings\new\DoctorWeb 2009-02-28 14:46 . 2009-03-02 23:37 <DIR> d-------- c:\windows\system32\CatRoot2 2009-02-27 00:31 . 2009-02-27 00:31 <DIR> d-------- C:\_OTMoveIt 2009-02-25 20:58 . 2009-02-25 20:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-25 20:58 . 2009-02-25 20:58 <DIR> d-------- c:\documents and settings\new\Application Data\Malwarebytes 2009-02-25 20:58 . 2009-02-25 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-25 20:58 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-25 20:58 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-24 22:18 . 2009-02-24 22:18 406 --a------ c:\windows\system32\ioloBootDefrag.cfg 2009-02-24 22:17 . 2009-02-24 22:17 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo 2009-02-24 22:17 . 2009-02-11 19:04 936,288 --a------ c:\windows\system32\Incinerator.dll 2009-02-24 22:17 . 2008-09-24 09:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe 2009-02-24 22:17 . 2008-11-18 11:51 8,192 --a------ c:\windows\system32\smrgdf.exe 2009-02-24 22:16 . 2009-02-24 22:16 <DIR> d-------- c:\program files\iolo 2009-02-24 16:44 . 2009-02-24 16:44 <DIR> d-------- c:\program files\Trend Micro 2009-02-24 14:36 . 2009-02-24 18:54 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-02-24 14:21 . 2009-01-18 23:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-02-24 14:18 . 2009-02-24 14:18 <DIR> d-------- c:\program files\Lavasoft 2009-02-24 14:18 . 2009-02-24 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-24 14:18 . 2009-02-24 14:18 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-24 13:29 . 2009-02-24 13:29 110 --a------ c:\windows\wininit.ini 2009-02-24 12:57 . 2009-02-24 12:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-02-24 12:57 . 2009-02-24 13:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-23 20:01 . 2009-03-02 23:37 12,681 --a------ c:\windows\system32\Config.MPF 2009-02-23 18:37 . 2008-10-23 13:08 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys 2009-02-23 18:37 . 2009-01-09 12:03 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys 2009-02-23 18:37 . 2009-01-09 12:03 40,552 --a------ c:\windows\system32\drivers\mfesmfk.sys 2009-02-23 18:37 . 2009-01-09 12:03 35,272 --a------ c:\windows\system32\drivers\mfebopk.sys 2009-02-23 18:35 . 2009-02-23 18:36 <DIR> d-------- c:\program files\McAfee.com 2009-02-23 18:35 . 2009-02-23 18:37 <DIR> d-------- c:\program files\Common Files\McAfee 2009-02-23 17:57 . 2009-01-09 12:03 34,216 --a------ c:\windows\system32\drivers\mferkdk.sys 2009-02-23 16:18 . 2009-02-23 16:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee Anti-Theft 2009-02-23 12:19 . 2009-02-24 22:18 <DIR> d-------- c:\documents and settings\new\Application Data\iolo 2009-02-23 12:19 . 2009-02-24 22:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo 2009-02-13 20:50 . 2009-02-13 20:50 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore 2009-02-07 17:53 . 2009-02-07 17:53 <DIR> dr-hs---- C:\CONFIG 2009-02-03 11:12 . 2009-02-03 11:12 <DIR> d-------- c:\documents and settings\LocalService\Application Data\McAfee 2009-02-03 09:47 . 2009-02-14 03:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-02-03 09:45 . 2006-03-03 11:07 143,360 --a------ c:\windows\system32\dunzip32.dll 2009-02-03 09:41 . 2009-02-27 00:20 <DIR> d-------- c:\program files\McAfee 2009-02-02 20:34 . 2009-02-23 20:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-02 14:47 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-02-26 22:31 --------- d-----w c:\program files\MSN Messenger 2009-02-25 21:10 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-24 20:44 --------- d-----w c:\documents and settings\new\Application Data\uTorrent 2009-02-02 18:36 81,984 ----a-w c:\windows\system32\bdod.bin 2009-02-02 18:36 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender 2009-01-09 10:03 213,640 ----a-w c:\windows\system32\drivers\mfehidk.sys 2008-12-26 08:19 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2007-10-05 19:31 411,248 ----a-w c:\program files\FLV PlayerRCSetup.exe 2008-08-28 09:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082820080829\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218] "LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024] "McPvTray"="c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2008-05-28 655360] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808] "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864] c:\documents and settings\new\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-11-24 534016] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2006-09-05 25214] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-05-25 565309] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"= xgusb.cpl "midi2"= xgusb.cpl "vidc.ffds"= ffdshow.ax [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\admin\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hyperappel du Petit Larousse 2009.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hyperappel du Petit Larousse 2009.lnk backup=c:\windows\pss\Hyperappel du Petit Larousse 2009.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^new^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\new\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] --a------ 2009-02-24 18:52 509784 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-06-02 10:13 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-05-19 17:11 18577448 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-03-30 10:42 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"= "c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"= "c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-24 64160] R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [2008-05-28 61688] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-24 712048] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-24 712048] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-23 206096] R2 MSSQL$STP_TRAINING_08;MSSQL$STP_TRAINING_08;c:\program files\Microsoft SQL Server\MSSQL$STP_TRAINING_08\Binn\sqlservr.exe -sSTP_TRAINING_08 --> c:\program files\Microsoft SQL Server\MSSQL$STP_TRAINING_08\Binn\sqlservr.exe -sSTP_TRAINING_08 [?] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-06-12 33792] S3 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\Drivers\epm-shd.sys --> c:\windows\system32\Drivers\epm-shd.sys [?] S3 SQLAgent$STP_TRAINING_08;SQLAgent$STP_TRAINING_08;c:\program files\Microsoft SQL Server\MSSQL$STP_TRAINING_08\Binn\sqlagent.EXE -i STP_TRAINING_08 --> c:\program files\Microsoft SQL Server\MSSQL$STP_TRAINING_08\Binn\sqlagent.EXE -i STP_TRAINING_08 [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1706b5b-2f53-11db-8d25-0012f0e7de6b}] \Shell\AutoRun\command - E:\ \Shell\open\command - e:\config\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C635622}] c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe . Contents of the 'Scheduled Tasks' folder 2009-03-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-24 18:52] 2009-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2009-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-484763869-682003330-1010.job - c:\documents and settings\new\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 19:18] 2009-02-23 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53] 2009-02-28 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53] 2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{05B5FDC3-99D2-4358-B76D-1BA3B726A256}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 12:58] 2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{9C9AFE10-A78F-417D-AE5D-E1A91EB495D3}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 12:58] . - - - - ORPHANS REMOVED - - - - HKLM-Run-<NO NAME> - (no file) . ------- Supplementary Scan ------- . uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html Trusted Zone: internet Trusted Zone: mcafee.com FF - ProfilePath - c:\documents and settings\new\Application Data\Mozilla\Firefox\Profiles\vz7j20tp.default\ FF - prefs.js: network.proxy.http - http://autoproxy.aub.edu.lb/autoproxy.pac FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\new\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-02 23:40:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*] "AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(656) c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL . Completion time: 2009-03-02 23:43:30 ComboFix-quarantined-files.txt 2009-03-02 21:43:04 Pre-Run: 32,532,279,296 bytes free Post-Run: 32,547,459,072 bytes free 248 --- E O F --- 2009-02-25 21:10:15 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:06:17 AM, on 3/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Microsoft SQL Server\MSSQL$STP_TRAINING_08\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\new\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 12091 bytes Do you want me to post the second combofix log?
  12. Hi once more, I Forgot to tell you that now I just noticed that the "show hidden files and folders" option is back and hidden files can be shown. So this was fixed. I also notice that my PC is somewhat faster and when I close windows and tabs they close a bit faster. However there is always between 70 and 100% process running constantly in the background even with no program open.
  13. Hi again Juliet I ran again DrWeb and It opened the same as it opened with me the 1st time (with START and UPDATE options). I even clicked on UPDATE, it took me to download a 12.1 MB file called launch.exe. It is also DrWeb (the same file). I opened it and it opened again exactly the same (with UPDATE and START). I clicked on START and it also opened exactly the same window I told you about. I scanned the PC again and no viruses were found.
  14. OK done with FixPolicies. but..what did this fix exactly? and what to do now? Do I run DrWeb again? You may have misunderstood...Dial-a-Fix DID WORK but at the end it closed with an error (not responding). Thanks for your help anyway
  15. Hi again I checked the settings you told me above. Note that when I was done with Dial-a-Fix it closed as "not reponding" (I closed it by End now). But how can I let you know exaclty what I found in the event viewer? Under Application and System tabs I found many "information", "warning" and "error". Under the Security tab I found nothing (it is empty). I then ran and scanned my computer with DrWeb CureIt (in normal mode) but it didn't open directly "express scan" as you said. Instead, it opened as "start" and "update" buttons". When I selected "update" first, it opens internet and promps to download a file (I didn't do that). When I selected "start" it started scanning directly as express scan (this was checked on the left side of the window by default) and no errors were found and there was no log generated or displayed. In addition, the window interface of DrWeb here does not look like you told me in the previous post: in the main window there is nothing called "select drives" or "start/stop scanning" (I just uncheked "heuristic analysis as you suggested). So what can we do now? Do I restore the default settings in Internet options? Thanks again.
×
×
  • Create New...