We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Trouble with McAfee
Comments
-
Maybe a silly question but Do i need to close down Mcafee first before downloading this as i think it is blocking the download its starts then seems to stop and disappears0
-
adviceforall wrote: »Maybe a silly question but Do i need to close down Mcafee first before downloading this as i think it is blocking the download its starts then seems to stop and disappears
Yes, try disabling McAfee.
I would assume RIKs link is safe and McAfee is playing silly !!!!!!s.0 -
The links perfectly safe, shut Mcafees scanner down:idea:0
-
Blimey that took an hour to do
ComboFix 10-02-12.01 - Alison_2 13/02/2010 17:37:39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.160 [GMT 0:00]
Running from: c:\documents and settings\Alison_2\My Documents\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\desktop
\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-01-29 11:27 . 2010-01-29 11:27
d
w- c:\documents and settings\Alison_2\Local Settings\Application Data\Downloaded Installations
2010-01-19 14:20 . 2010-01-19 14:20
d
w- c:\documents and settings\Alison_2\Application Data\OpenOffice.org
2010-01-19 14:12 . 2010-01-19 14:12
d
w- c:\program files\JRE
2010-01-19 14:11 . 2010-01-19 14:12
d
w- c:\program files\OpenOffice.org 3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 18:38 . 2009-10-13 14:03
d
w- c:\documents and settings\Alison_2\Application Data\Skype
2010-02-13 18:35 . 2009-10-13 14:05
d
w- c:\documents and settings\Alison_2\Application Data\skypePM
2010-02-13 18:31 . 2009-02-25 15:33 256 ----a-w- c:\windows\system32\pool.bin
2010-02-12 21:12 . 2008-12-26 12:44
d
w- c:\program files\Lexmark Toolbar
2010-02-12 16:17 . 2007-01-29 18:44 11854 ----a-w- c:\documents and settings\Alison_2\Application Data\wklnhst.dat
2010-02-06 18:08 . 2009-04-20 12:34 256 ----a-w- c:\documents and settings\Alison_2\pool.bin
2010-02-05 07:52 . 2010-02-05 07:52 83754 ----a-w- c:\documents and settings\All Users\SPL5A.tmp
2010-02-03 08:13 . 2006-11-07 15:00
d--h--w- c:\program files\InstallShield Installation Information
2010-02-03 08:13 . 2009-11-04 10:17
d
w- c:\program files\Ascentive
2010-02-02 19:32 . 2009-10-04 04:19
d
w- c:\program files\Microsoft Silverlight
2010-01-26 12:31 . 2009-12-11 10:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-26 09:17 . 2006-11-13 07:55 61672 ----a-w- c:\documents and settings\Alison_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 20:03 . 2006-11-07 15:01 61672 ----a-w- c:\documents and settings\Alison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-19 14:08 . 2006-10-28 12:05
d
w- c:\program files\Java
2010-01-17 17:29 . 2009-12-04 17:17
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 16:07 . 2009-12-04 17:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-12-04 17:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 15:44 . 2006-11-13 07:55
d
w- c:\documents and settings\Alison_2\Application Data\Corel
2010-01-04 15:42 . 2006-11-13 07:55 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-04 15:42 . 2006-11-13 07:55 168 --sh--r- c:\windows\system32\7E66073A28.sys
2009-12-31 16:50 . 2004-08-10 11:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:44 . 2009-12-21 18:30
d
w- c:\program files\Living World Racing
2009-12-21 19:14 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 07:38 . 2006-10-28 12:18
d
w- c:\program files\McAfee
2009-12-16 18:43 . 2004-08-10 12:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 11:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2006-10-28 11:49 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 17:30 . 2009-12-04 17:30 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-27 17:11 . 2004-08-10 11:51 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-03 23:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 11:51 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 11:51 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-10 11:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-03 23:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2004-08-10 11:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 12:02 . 2006-11-07 15:01 2862 ----a-w- c:\documents and settings\Alison\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Performance Center"="c:\program files\Ascentive\Performance Center\ApcMain.exe" [2009-04-21 3231744]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-09 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-10-28 26112]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-14 30192]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-17 632048]
"HostManager"="c:\program files\Common Files\AOL\1178817961\ee\AOLSoftware.exe" [2006-11-17 50736]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-06-13 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-06-13 320168]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Alison_2\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-5-30 1508624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-12-05 12:59 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\Diagnostics\\LXDXdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [04/10/2009 04:18 54752]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [12/01/2006 21:27 13696]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [29/09/2008 18:02 93320]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [12/01/2006 21:29 13568]
S2 gupdate1ca4c0dba28c3c0;Google Update Service (gupdate1ca4c0dba28c3c0);c:\program files\Google\Update\GoogleUpdate.exe [13/10/2009 14:01 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [28/10/2006 12:19 30192]
.
Contents of the 'Scheduled Tasks' folder
2010-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 14:01]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 14:01]
2008-01-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-03-01 11:22]
2007-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-03-01 11:22]
2010-02-13 c:\windows\Tasks\User_Feed_Synchronization-{0396CA5A-DB15-4EC1-9729-3B3A77F3D5D1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.ebay.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 18:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-2226809926-1596684466-3194300632-1010\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(712)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
- - - - - - - > 'explorer.exe'(2244)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\System32\GEARSec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdxcoms.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-02-13 18:45:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-13 18:45
Pre-Run: 28,032,360,448 bytes free
Post-Run: 31,242,514,432 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3956E9191D03506AFEE1941CE332A8700 -
Open notepad and copy/paste the text in RED below
File::
c:\documents and settings\All Users\SPL5A.tmp
c:\windows\system32\pool.bin
c:\documents and settings\Alison_2\pool.bin
c:\windows\system32\7E66073A28.sys
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
ComboFix 10-02-12.01 - Alison_2 13/02/2010 19:22:08.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.146 [GMT 0:00]
Running from: c:\documents and settings\Alison_2\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Alison_2\My Documents\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FILE ::
"c:\documents and settings\Alison_2\pool.bin"
"c:\documents and settings\All Users\SPL5A.tmp"
"c:\windows\system32\7E66073A28.sys"
"c:\windows\system32\pool.bin"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Alison_2\pool.bin
c:\documents and settings\All Users\SPL5A.tmp
c:\windows\system32\7E66073A28.sys
c:\windows\system32\pool.bin
.
((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-06 18:26 . 2010-02-06 18:26 1024 ----a-w- c:\documents and settings\All Users\Application Data\BVRP Software\mobile PhoneTools\faxres.cmd
2010-01-29 11:27 . 2010-01-29 11:27
d
w- c:\documents and settings\Alison_2\Local Settings\Application Data\Downloaded Installations
2010-01-19 14:23 . 2010-01-19 14:23 1 ----a-w- c:\documents and settings\Alison_2\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-19 14:20 . 2010-01-19 14:20
d
w- c:\documents and settings\Alison_2\Application Data\OpenOffice.org
2010-01-19 14:12 . 2010-01-19 14:12
d
w- c:\program files\JRE
2010-01-19 14:11 . 2010-01-19 14:12
d
w- c:\program files\OpenOffice.org 3
2010-01-17 17:28 . 2010-01-17 17:28 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 19:33 . 2009-10-13 14:03
d
w- c:\documents and settings\Alison_2\Application Data\Skype
2010-02-13 18:35 . 2009-10-13 14:05
d
w- c:\documents and settings\Alison_2\Application Data\skypePM
2010-02-12 21:12 . 2008-12-26 12:44
d
w- c:\program files\Lexmark Toolbar
2010-02-12 16:17 . 2007-01-29 18:44 11854 ----a-w- c:\documents and settings\Alison_2\Application Data\wklnhst.dat
2010-02-03 08:13 . 2006-11-07 15:00
d--h--w- c:\program files\InstallShield Installation Information
2010-02-03 08:13 . 2009-11-04 10:17
d
w- c:\program files\Ascentive
2010-02-02 19:32 . 2009-10-04 04:19
d
w- c:\program files\Microsoft Silverlight
2010-01-26 12:31 . 2009-12-11 10:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-26 09:17 . 2006-11-13 07:55 61672 ----a-w- c:\documents and settings\Alison_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 20:03 . 2006-11-07 15:01 61672 ----a-w- c:\documents and settings\Alison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-19 14:08 . 2006-10-28 12:05
d
w- c:\program files\Java
2010-01-17 17:29 . 2009-12-04 17:17
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 16:07 . 2009-12-04 17:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-12-04 17:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 15:44 . 2006-11-13 07:55
d
w- c:\documents and settings\Alison_2\Application Data\Corel
2010-01-04 15:42 . 2006-11-13 07:55 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-31 16:50 . 2004-08-10 11:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:44 . 2009-12-21 18:30
d
w- c:\program files\Living World Racing
2009-12-21 19:14 . 2004-08-10 11:51 916480
w- c:\windows\system32\wininet.dll
2009-12-18 07:38 . 2006-10-28 12:18
d
w- c:\program files\McAfee
2009-12-16 18:43 . 2004-08-10 12:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 16:55 . 2009-12-14 16:55 388096 ----a-r- c:\documents and settings\Alison_2\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-14 07:08 . 2004-08-10 11:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2006-10-28 11:49 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 17:30 . 2009-12-04 17:30 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-27 17:11 . 2004-08-10 11:51 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-03 23:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 11:51 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 11:51 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-10 11:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-03 23:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2004-08-10 11:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 17:00 . 2009-11-19 17:00 152576 ----a-w- c:\documents and settings\Alison_2\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-19 17:00 . 2009-11-11 10:18 79488 ----a-w- c:\documents and settings\Alison_2\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-18 12:02 . 2006-11-07 15:01 2862 ----a-w- c:\documents and settings\Alison\Application Data\wklnhst.dat
2009-11-18 11:19 . 2009-11-11 22:21 79488 ----a-w- c:\documents and settings\Alison\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Performance Center"="c:\program files\Ascentive\Performance Center\ApcMain.exe" [2009-04-21 3231744]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-09 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-10-28 26112]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-14 30192]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]
"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-17 632048]
"HostManager"="c:\program files\Common Files\AOL\1178817961\ee\AOLSoftware.exe" [2006-11-17 50736]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-06-13 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-06-13 320168]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Alison_2\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-5-30 1508624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-12-05 12:59 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\Diagnostics\\LXDXdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [04/10/2009 04:18 54752]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [12/01/2006 21:27 13696]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [29/09/2008 18:02 93320]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [12/01/2006 21:29 13568]
S2 gupdate1ca4c0dba28c3c0;Google Update Service (gupdate1ca4c0dba28c3c0);c:\program files\Google\Update\GoogleUpdate.exe [13/10/2009 14:01 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [28/10/2006 12:19 30192]
.
Contents of the 'Scheduled Tasks' folder
2010-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 14:01]
2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 14:01]
2008-01-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-03-01 11:22]
2007-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-03-01 11:22]
2010-02-13 c:\windows\Tasks\User_Feed_Synchronization-{0396CA5A-DB15-4EC1-9729-3B3A77F3D5D1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.ebay.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 19:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-2226809926-1596684466-3194300632-1010\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(712)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
.
Completion time: 2010-02-13 19:38:14
ComboFix-quarantined-files.txt 2010-02-13 19:38
ComboFix2.txt 2010-02-13 18:45
Pre-Run: 31,291,625,472 bytes free
Post-Run: 31,272,398,848 bytes free
- - End Of File - - DBE8ABE58265FD1480429397E566468B0 -
Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
Click CANCEL to the 'Would you like to read purchase terms now?' message
Click START click OK
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon
***DO NOT UPGRADE TO FULL VERSION***:idea:0 -
thanks for all your help so far, i will do this next bit in the morning, what was it ( that you highlighted in red) that was deleted?0
-
the first file is a .tmp file which points to something (possibly) nasty. removed to be on the safe side
The 'pool' ones pointed to something dodgy
The last one didnt point to anything and so I know isnt needed and could easily be being used by a trojan or suchlike:idea:0 -
well i have had the computer scanning since this morning and its still going, it completed the short scan but its still doing the scan of the whole system..
i will be back later, will it have a log like the other ones or not? during the short scan a box popped up about moving spmething, with the options of move all, yes, no
i'm replying on a lap top as the anti virus protection is turned off on the one where its scanning0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards