Infected Laptop

1235

Comments

  • macman
    macman Posts: 53,129 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    Here's the revised ComboFix log:

    ComboFix 10-04-09.06 - JanetteCarney 04/10/2010 15:23:26.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1526.1024 [GMT 1:00]
    Running from: c:\documents and settings\janettecarney\Desktop\ComboFix.exe
    AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
    .
    2010-04-10 14:01 . 2010-04-10 14:01
    d
    w- c:\program files\VS Revo Group
    2010-04-10 13:03 . 2010-04-10 13:03
    d
    w- c:\windows\system32\wbem\Repository
    2010-04-10 13:02 . 2010-04-10 13:02
    d
    w- c:\documents and settings\All Users\Application Data\McAfee
    2010-04-10 13:02 . 2010-04-10 13:02
    d
    w- c:\program files\McAfee
    2010-04-10 13:02 . 2010-04-10 13:02
    d
    w- c:\program files\Common Files\McAfee
    2010-04-10 13:02 . 2010-04-10 13:02
    d
    w- c:\program files\Advanced System Optimizer 3
    2010-04-09 16:42 . 2010-04-10 13:01
    d
    w- C:\RECYCLER(2)
    2010-04-09 15:21 . 2010-04-09 15:21
    d
    w- c:\documents and settings\LocalService\IETldCache
    2010-04-09 14:36 . 2010-04-09 14:36
    d
    w- c:\documents and settings\janettecarney\DoctorWeb
    2010-04-09 08:22 . 2010-04-09 08:22
    d
    w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-04-09 07:00 . 2010-04-09 07:00
    d
    w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2010-04-08 17:58 . 2010-04-08 18:04
    d
    w- c:\windows\ie8updates
    2010-04-08 17:51 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-04-08 17:51 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-04-08 17:51 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-04-08 17:51 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-04-08 17:51 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-04-08 17:31 . 2010-04-08 17:31
    d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-04-08 17:25 . 2010-04-08 17:25
    d-sh--w- c:\documents and settings\janettecarney\PrivacIE
    2010-04-08 17:14 . 2010-04-08 17:14
    d-sh--w- c:\documents and settings\janettecarney\IETldCache
    2010-04-08 16:45 . 2010-04-08 16:48
    dc-h--w- c:\windows\ie8
    2010-04-08 16:21 . 2010-04-08 16:21
    d
    w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2010-04-08 16:19 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-04-08 16:18 . 2010-02-12 10:03 293376
    w- c:\windows\system32\browserchoice.exe
    2010-04-08 16:15 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-04-08 16:15 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-04-08 16:15 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-04-08 16:11 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2010-04-08 16:09 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2010-04-08 16:06 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2010-04-08 16:06 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2010-04-08 16:06 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2010-04-08 16:06 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2010-04-08 16:06 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2010-04-08 16:06 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2010-04-08 16:06 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2010-04-08 16:06 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2010-04-08 16:06 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2010-04-08 16:05 . 2008-05-03 11:55 2560
    w- c:\windows\system32\xpsp4res.dll
    2010-04-08 16:05 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-04-08 14:20 . 2010-04-09 07:30
    d
    w- C:\QUARANTINE
    2010-04-08 13:14 . 2010-04-08 13:14
    d
    w- c:\windows\system32\scripting
    2010-04-08 13:14 . 2010-04-08 13:14
    d
    w- c:\windows\l2schemas
    2010-04-08 13:14 . 2010-04-08 13:14
    d
    w- c:\windows\system32\en
    2010-04-08 13:14 . 2010-04-08 13:14
    d
    w- c:\windows\system32\bits
    2010-04-08 13:09 . 2010-04-08 13:15
    d
    w- c:\windows\ServicePackFiles
    2010-04-08 12:44 . 2008-04-14 00:12 276992
    w- c:\windows\system32\wmphoto.dll
    2010-04-08 12:42 . 2008-04-14 00:12 76800
    w- c:\windows\system32\qutil.dll
    2010-04-08 12:41 . 2008-04-14 00:12 33792
    w- c:\windows\system32\mmcperf.exe
    2010-04-08 12:40 . 2008-04-14 00:11 32285
    w- c:\windows\system32\hsfcisp2.dll
    2010-04-08 12:39 . 2008-04-14 00:11 136192
    w- c:\windows\system32\aaclient.dll
    2010-04-08 11:49 . 2010-04-08 11:49
    d
    w- c:\program files\TrendMicro
    2010-04-08 11:32 . 2010-04-08 11:32
    d
    w- c:\program files\Common Files\Logitech
    2010-04-08 11:30 . 2010-04-08 11:30
    d
    w- c:\documents and settings\janettecarney\Local Settings\Application Data\Downloaded Installations
    2010-04-08 09:12 . 2010-04-08 09:12
    d
    w- c:\documents and settings\janettecarney\Application Data\Malwarebytes
    2010-04-08 09:11 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-08 09:11 . 2010-04-08 09:11
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-08 09:11 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-08 09:11 . 2010-04-08 09:12
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-08 08:30 . 2010-04-08 08:30
    d
    w- c:\program files\CCleaner
    2010-04-04 16:04 . 2009-08-19 15:49 17136 ----a-w- c:\windows\system32\sasnative32.exe
    2010-04-04 16:02 . 2010-04-10 13:00
    d
    w- c:\documents and settings\janettecarney\Application Data\Systweak
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-10 14:37 . 2009-04-21 21:44
    d
    w- c:\documents and settings\janettecarney\Application Data\Skype
    2010-04-10 13:01 . 2009-04-25 16:26
    d
    w- c:\program files\MSECache
    2010-04-10 13:00 . 2009-08-12 20:19
    d
    w- c:\program files\Common Files\Wise Installation Wizard
    2010-04-08 17:25 . 2007-02-07 13:13 23768 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-08 13:20 . 2005-09-08 13:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-04-08 11:49 . 2010-04-08 11:49 388096 ----a-r- c:\documents and settings\janettecarney\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-04-04 16:51 . 2007-06-18 13:47
    d
    w- c:\documents and settings\janettecarney\Application Data\Image Zone Express
    2010-04-04 16:03 . 2010-04-04 16:02 10331424 ----a-w- c:\documents and settings\janettecarney\Application Data\Systweak\ASO3\Installer\aso3setup.exe
    2010-03-29 18:53 . 2009-04-21 21:49
    d
    w- c:\documents and settings\janettecarney\Application Data\skypePM
    2010-03-08 14:48 . 2005-09-09 05:42
    d
    w- c:\program files\Citrix
    2010-03-08 14:40 . 2009-04-21 21:43
    d
    r- c:\program files\Skype
    2010-03-08 14:40 . 2010-03-08 14:40
    d
    w- c:\program files\Common Files\Skype
    2010-03-08 14:40 . 2009-04-21 21:43
    d
    w- c:\documents and settings\All Users\Application Data\Skype
    2010-03-01 13:00 . 2007-08-01 08:05
    d
    w- c:\program files\HOTALBUMMyBOX
    2010-03-01 12:43 . 2010-03-01 12:43 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
    2010-03-01 12:43 . 2010-03-01 12:43 390528 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys
    2010-03-01 12:43 . 2010-03-01 12:43 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll
    2010-02-26 05:43 . 2010-02-26 05:43 81920
    w- c:\windows\system32\ieencode.dll
    2010-02-25 06:24 . 2005-07-03 02:11 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-11 15:15 . 2010-02-11 15:15
    d
    w- c:\documents and settings\NetworkService\Application Data\Trusteer
    2010-02-11 12:32 . 2010-02-11 12:32
    d
    w- c:\documents and settings\LocalService\Application Data\Trusteer
    2010-02-11 11:48 . 2010-02-11 11:48
    d
    w- c:\documents and settings\janettecarney\Application Data\Trusteer
    2010-02-11 11:46 . 2010-02-11 11:46
    d
    w- c:\program files\Trusteer
    2010-02-11 11:42 . 2010-02-11 11:42
    d
    w- c:\documents and settings\All Users\Application Data\Trusteer
    2007-04-16 14:59 . 2007-04-16 14:47 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe
    2004-08-04 03:00 . 2005-09-09 05:58 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-21 39408]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-06 111952]
    "MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2006-12-15 787096]
    "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\udaterui.exe" [2008-11-10 136512]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
    "TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    MediaChecker.lnk - c:\program files\HOTALBUMMyBOX\MediaChecker.exe [2006-12-15 913560]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{606427C1-E5F0-4001-832B-BD7DF391ECA7}"= "c:\windows\system32\wex4962\EMMeterHook760.dll" [2006-06-06 163840]
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
    backup=c:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2004-09-13 10:33 155648 ----a-w- c:\program files\Apoint\Apoint.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
    2001-09-19 09:20 245760 ----a-w- c:\windows\system32\atiptaxx.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    2007-03-16 17:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360
    w- c:\windows\system32\ctfmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-04-26 07:04 53248
    w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EMMeter]
    2006-06-06 13:24 552960 ---ha-w- c:\windows\system32\wex4962\EMMeter.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2004-09-13 14:49 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    2006-10-18 16:58 696320 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    2006-10-18 17:04 802816 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
    2008-11-10 16:00 136512 ----a-w- c:\program files\Network Associates\Common Framework\UdaterUI.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
    2005-08-06 17:45 974848 ----a-w- c:\program files\UltraVNC\winvnc.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\UltraVNC\\winvnc.exe"=
    "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
    "c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
    "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
    "c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [8/1/2007 9:07 AM 15172]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [3/1/2010 1:43 PM 390528]
    R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [3/15/2010 1:47 PM 58984]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [3/15/2010 1:47 PM 116328]
    R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [4/4/2010 5:04 PM 239336]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [3/15/2010 1:47 PM 779496]
    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [10/12/2007 9:33 AM 202016]
    R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [8/2/2007 2:42 PM 148768]
    S3 ati2mpab;ati2mpab;c:\windows\system32\drivers\ati2mpab.sys [9/16/2005 10:13 PM 299776]
    S3 ati2mtai;ati2mtai;c:\windows\system32\drivers\ati2mtai.sys [9/16/2005 9:14 PM 346752]
    S3 atimtai;atimtai;c:\windows\system32\drivers\atimtai.sys [7/7/2003 11:03 PM 281600]
    S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family;c:\windows\system32\drivers\cben5.sys [9/16/2005 9:40 PM 50498]
    S3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;c:\windows\system32\drivers\cwbmidi.sys [9/16/2005 7:13 PM 3072]
    S3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\system32\drivers\cwbwdm.sys [9/16/2005 7:12 PM 72832]
    S3 EL556;3Com 10/100 Mini PCI Ethernet Adapter NDIS 5.0 Driver;c:\windows\system32\drivers\EL556ND5.sys [7/7/2003 11:04 PM 58951]
    S3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;c:\windows\system32\drivers\EL556ND5.sys [7/7/2003 11:04 PM 58951]
    S3 maestro;ESS Maestro2E Audio Driver (WDM);c:\windows\system32\drivers\essm2e.sys [6/6/2002 1:22 PM 137088]
    S3 neo20xx;neo20xx;c:\windows\system32\drivers\neo20xx.sys [9/16/2005 9:39 PM 39264]
    S3 wdm_nm6;NeoMagic MagicMedia 256 + AC97 Driver (WDM);c:\windows\system32\drivers\nm6wdm.sys [9/16/2005 9:39 PM 87040]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.co.uk/
    mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-10 15:36
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'explorer.exe'(9944)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Other Running Processes
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Network Associates\Common Framework\FrameworkService.exe
    c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
    c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\HPZipm12.exe
    c:\program files\Network Associates\Common Framework\naPrdMgr.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Citrix\ICA Client\ssonsvr.exe
    c:\program files\Network Associates\Common Framework\McTray.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-10 15:43:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-10 14:43
    ComboFix2.txt 2010-04-09 14:12
    ComboFix3.txt 2010-04-09 07:59
    ComboFix4.txt 2010-04-08 15:07
    Pre-Run: 16,655,450,112 bytes free
    Post-Run: 16,782,172,160 bytes free
    - - End Of File - - 98C95A5DA0C9594465DF3B281290A816
    No free lunch, and no free laptop ;)
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Im still not happy about this ~
    c:\windows\system32\sasnative32.exe

    But after the trouble youve had, prob best to leave it for now
    :idea:
  • macman
    macman Posts: 53,129 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    edited 11 April 2010 at 8:27PM
    Thanks RIK, I'll take it out but then do a Sys Restore just in case so I can revert if necessary.
    Presumably the best way to do thisis with a ComboFix script file?
    The I'm going to try and disable McAfee vis msconfig/services again and see if I can persuade Avira or Avast to run alongside it without complaint-might even revert to AVG Free if I have to-better than nothing at all I guess..
    No free lunch, and no free laptop ;)
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    script file or use malwarebytes
    :idea:
  • macman
    macman Posts: 53,129 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    edited 11 April 2010 at 9:20PM
    c:\windows\system32\sasnative32.exe
    Have removed this with further ComboFix script file run, log as follows:
    It advised that rootkit activity was detected.

    ComboFix 10-04-10.02 - JanetteCarney 04/11/2010 20:59:08.5.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1526.1106 [GMT 1:00]
    Running from: c:\documents and settings\janettecarney\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\janettecarney\Desktop\CFScript.txt
    AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    The following files were disabled during the run:
    c:\windows\TEMP\logishrd\LVPrcInj01.dll

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . failed to delete
    .
    ((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
    .
    2010-04-10 14:01 . 2010-04-10 14:01
    d
    w- c:\program files\VS Revo Group
    2010-04-10 13:03 . 2010-04-10 13:03
    d
    w- c:\windows\system32\wbem\Repository
    2010-04-10 13:02 . 2010-04-10 13:02
    d
    w- c:\documents and settings\All Users\Application Data\McAfee
    2010-04-10 13:02 . 2010-04-10 13:02
    d
    w- c:\program files\McAfee
    2010-04-10 13:02 . 2010-04-10 13:02
    d
    w- c:\program files\Common Files\McAfee
    2010-04-10 13:02 . 2010-04-10 13:02
    d
    w- c:\program files\Advanced System Optimizer 3
    2010-04-09 16:42 . 2010-04-10 13:01
    d
    w- C:\RECYCLER(2)
    2010-04-09 15:21 . 2010-04-09 15:21
    d
    w- c:\documents and settings\LocalService\IETldCache
    2010-04-09 14:36 . 2010-04-09 14:36
    d
    w- c:\documents and settings\janettecarney\DoctorWeb
    2010-04-09 08:22 . 2010-04-09 08:22
    d
    w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-04-09 07:00 . 2010-04-09 07:00
    d
    w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2010-04-08 17:58 . 2010-04-08 18:04
    d
    w- c:\windows\ie8updates
    2010-04-08 17:51 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-04-08 17:51 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-04-08 17:51 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-04-08 17:51 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-04-08 17:51 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-04-08 17:31 . 2010-04-08 17:31
    d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-04-08 17:25 . 2010-04-08 17:25
    d-sh--w- c:\documents and settings\janettecarney\PrivacIE
    2010-04-08 17:14 . 2010-04-08 17:14
    d-sh--w- c:\documents and settings\janettecarney\IETldCache
    2010-04-08 16:45 . 2010-04-08 16:48
    dc-h--w- c:\windows\ie8
    2010-04-08 16:21 . 2010-04-08 16:21
    d
    w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2010-04-08 16:19 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2010-04-08 16:18 . 2010-02-12 10:03 293376
    w- c:\windows\system32\browserchoice.exe
    2010-04-08 16:15 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2010-04-08 16:15 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2010-04-08 16:15 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-04-08 16:11 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2010-04-08 16:09 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2010-04-08 16:06 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2010-04-08 16:06 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2010-04-08 16:06 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2010-04-08 16:06 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2010-04-08 16:06 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2010-04-08 16:06 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2010-04-08 16:06 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2010-04-08 16:06 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2010-04-08 16:06 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2010-04-08 16:05 . 2008-05-03 11:55 2560
    w- c:\windows\system32\xpsp4res.dll
    2010-04-08 16:05 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-04-08 14:20 . 2010-04-09 07:30
    d
    w- C:\QUARANTINE
    2010-04-08 13:14 . 2010-04-08 13:14
    d
    w- c:\windows\system32\scripting
    2010-04-08 13:14 . 2010-04-08 13:14
    d
    w- c:\windows\l2schemas
    2010-04-08 13:14 . 2010-04-08 13:14
    d
    w- c:\windows\system32\en
    2010-04-08 13:14 . 2010-04-08 13:14
    d
    w- c:\windows\system32\bits
    2010-04-08 13:09 . 2010-04-08 13:15
    d
    w- c:\windows\ServicePackFiles
    2010-04-08 12:44 . 2008-04-14 00:12 276992
    w- c:\windows\system32\wmphoto.dll
    2010-04-08 12:42 . 2008-04-14 00:12 76800
    w- c:\windows\system32\qutil.dll
    2010-04-08 12:41 . 2008-04-14 00:12 33792
    w- c:\windows\system32\mmcperf.exe
    2010-04-08 12:40 . 2008-04-14 00:11 32285
    w- c:\windows\system32\hsfcisp2.dll
    2010-04-08 12:39 . 2008-04-14 00:11 136192
    w- c:\windows\system32\aaclient.dll
    2010-04-08 11:49 . 2010-04-08 11:49 388096 ----a-r- c:\documents and settings\janettecarney\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-04-08 11:49 . 2010-04-08 11:49
    d
    w- c:\program files\TrendMicro
    2010-04-08 11:32 . 2010-04-08 11:32
    d
    w- c:\program files\Common Files\Logitech
    2010-04-08 11:30 . 2010-04-08 11:30
    d
    w- c:\documents and settings\janettecarney\Local Settings\Application Data\Downloaded Installations
    2010-04-08 09:12 . 2010-04-08 09:12
    d
    w- c:\documents and settings\janettecarney\Application Data\Malwarebytes
    2010-04-08 09:11 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-08 09:11 . 2010-04-08 09:11
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-08 09:11 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-08 09:11 . 2010-04-08 09:12
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-08 08:30 . 2010-04-08 08:30
    d
    w- c:\program files\CCleaner
    2010-04-04 16:04 . 2009-08-19 15:49 17136 ----a-w- c:\windows\system32\sasnative32.exe
    2010-04-04 16:02 . 2010-04-04 16:03 10331424 ----a-w- c:\documents and settings\janettecarney\Application Data\Systweak\ASO3\Installer\aso3setup.exe
    2010-04-04 16:02 . 2010-04-10 13:00
    d
    w- c:\documents and settings\janettecarney\Application Data\Systweak
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-11 20:10 . 2009-04-21 21:44
    d
    w- c:\documents and settings\janettecarney\Application Data\Skype
    2010-04-10 13:01 . 2009-04-25 16:26
    d
    w- c:\program files\MSECache
    2010-04-10 13:00 . 2009-08-12 20:19
    d
    w- c:\program files\Common Files\Wise Installation Wizard
    2010-04-08 17:25 . 2007-02-07 13:13 23768 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-08 13:20 . 2005-09-08 13:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-04-04 16:51 . 2007-06-18 13:47
    d
    w- c:\documents and settings\janettecarney\Application Data\Image Zone Express
    2010-03-29 18:53 . 2009-04-21 21:49
    d
    w- c:\documents and settings\janettecarney\Application Data\skypePM
    2010-03-08 14:48 . 2005-09-09 05:42
    d
    w- c:\program files\Citrix
    2010-03-08 14:40 . 2009-04-21 21:43
    d
    r- c:\program files\Skype
    2010-03-08 14:40 . 2010-03-08 14:40
    d
    w- c:\program files\Common Files\Skype
    2010-03-08 14:40 . 2009-04-21 21:43
    d
    w- c:\documents and settings\All Users\Application Data\Skype
    2010-03-01 13:00 . 2007-08-01 08:05
    d
    w- c:\program files\HOTALBUMMyBOX
    2010-03-01 12:43 . 2010-03-01 12:43 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
    2010-03-01 12:43 . 2010-03-01 12:43 390528 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys
    2010-03-01 12:43 . 2010-03-01 12:43 249856 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll
    2010-02-26 05:43 . 2010-02-26 05:43 81920
    w- c:\windows\system32\ieencode.dll
    2010-02-25 06:24 . 2005-07-03 02:11 916480
    w- c:\windows\system32\wininet.dll
    2010-02-11 15:15 . 2010-02-11 15:15
    d
    w- c:\documents and settings\NetworkService\Application Data\Trusteer
    2010-02-11 12:32 . 2010-02-11 12:32
    d
    w- c:\documents and settings\LocalService\Application Data\Trusteer
    2010-02-11 11:48 . 2010-02-11 11:48
    d
    w- c:\documents and settings\janettecarney\Application Data\Trusteer
    2010-02-11 11:46 . 2010-02-11 11:46
    d
    w- c:\program files\Trusteer
    2010-02-11 11:42 . 2010-02-11 11:42
    d
    w- c:\documents and settings\All Users\Application Data\Trusteer
    2007-04-16 14:59 . 2007-04-16 14:47 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe
    2004-08-04 03:00 . 2005-09-09 05:58 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-21 39408]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-06 111952]
    "MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2006-12-15 787096]
    "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\udaterui.exe" [2008-11-10 136512]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
    "TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    MediaChecker.lnk - c:\program files\HOTALBUMMyBOX\MediaChecker.exe [2006-12-15 913560]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{606427C1-E5F0-4001-832B-BD7DF391ECA7}"= "c:\windows\system32\wex4962\EMMeterHook760.dll" [2006-06-06 163840]
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
    backup=c:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2004-09-13 10:33 155648 ----a-w- c:\program files\Apoint\Apoint.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
    2001-09-19 09:20 245760 ----a-w- c:\windows\system32\atiptaxx.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    2007-03-16 17:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360
    w- c:\windows\system32\ctfmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-04-26 07:04 53248
    w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EMMeter]
    2006-06-06 13:24 552960 ---ha-w- c:\windows\system32\wex4962\EMMeter.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2004-09-13 14:49 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    2006-10-18 16:58 696320 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    2006-10-18 17:04 802816 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
    2008-11-10 16:00 136512 ----a-w- c:\program files\Network Associates\Common Framework\UdaterUI.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
    2005-08-06 17:45 974848 ----a-w- c:\program files\UltraVNC\winvnc.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\UltraVNC\\winvnc.exe"=
    "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
    "c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
    "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
    "c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [8/1/2007 9:07 AM 15172]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [3/1/2010 1:43 PM 390528]
    R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [3/15/2010 1:47 PM 58984]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [3/15/2010 1:47 PM 116328]
    R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [4/4/2010 5:04 PM 239336]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [3/15/2010 1:47 PM 779496]
    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [10/12/2007 9:33 AM 202016]
    R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [8/2/2007 2:42 PM 148768]
    S3 ati2mpab;ati2mpab;c:\windows\system32\drivers\ati2mpab.sys [9/16/2005 10:13 PM 299776]
    S3 ati2mtai;ati2mtai;c:\windows\system32\drivers\ati2mtai.sys [9/16/2005 9:14 PM 346752]
    S3 atimtai;atimtai;c:\windows\system32\drivers\atimtai.sys [7/7/2003 11:03 PM 281600]
    S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family;c:\windows\system32\drivers\cben5.sys [9/16/2005 9:40 PM 50498]
    S3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;c:\windows\system32\drivers\cwbmidi.sys [9/16/2005 7:13 PM 3072]
    S3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\system32\drivers\cwbwdm.sys [9/16/2005 7:12 PM 72832]
    S3 EL556;3Com 10/100 Mini PCI Ethernet Adapter NDIS 5.0 Driver;c:\windows\system32\drivers\EL556ND5.sys [7/7/2003 11:04 PM 58951]
    S3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;c:\windows\system32\drivers\EL556ND5.sys [7/7/2003 11:04 PM 58951]
    S3 maestro;ESS Maestro2E Audio Driver (WDM);c:\windows\system32\drivers\essm2e.sys [6/6/2002 1:22 PM 137088]
    S3 neo20xx;neo20xx;c:\windows\system32\drivers\neo20xx.sys [9/16/2005 9:39 PM 39264]
    S3 wdm_nm6;NeoMagic MagicMedia 256 + AC97 Driver (WDM);c:\windows\system32\drivers\nm6wdm.sys [9/16/2005 9:39 PM 87040]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.co.uk/
    mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-11 21:08
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'explorer.exe'(3516)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Other Running Processes
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Network Associates\Common Framework\FrameworkService.exe
    c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
    c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Network Associates\Common Framework\naPrdMgr.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Citrix\ICA Client\ssonsvr.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Network Associates\Common Framework\McTray.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-11 21:14:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-11 20:14
    ComboFix2.txt 2010-04-11 19:46
    ComboFix3.txt 2010-04-10 14:43
    ComboFix4.txt 2010-04-09 14:12
    ComboFix5.txt 2010-04-11 19:58
    Pre-Run: 16,727,064,576 bytes free
    Post-Run: 16,691,318,784 bytes free
    - - End Of File - - 7E75E0DE9E6BE8111C03B7661F32F4F8
    No free lunch, and no free laptop ;)
  • spud17
    spud17 Posts: 4,431 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    macman, what about an AV bootable rescue disk?

    http://www.free-av.com/en/products/12/avira_antivir_rescue_system.html
    Move along, nothing to see.
  • macman
    macman Posts: 53,129 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    spud17 wrote: »
    macman, what about an AV bootable rescue disk?

    http://www.free-av.com/en/products/12/avira_antivir_rescue_system.html

    It boots fine spud-just can't get rid of McAfee at present.
    No free lunch, and no free laptop ;)
  • spud17
    spud17 Posts: 4,431 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    macman wrote: »
    It boots fine spud-just can't get rid of McAfee at present.

    But you said,
    The I'm going to try and disable McAfee vis msconfig/services again and see if I can persuade Avira or Avast to run alongside it without complaint-might even revert to AVG Free if I have to-better than nothing at all I guess..

    Yes, but this boots from a Linux based disk, it runs an Avira scan without booting into Windows.

    So you don't have to worry about disabling McAfee for now.

    It's updated everyday.
    Move along, nothing to see.
  • macman
    macman Posts: 53,129 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    edited 13 April 2010 at 9:21AM
    I've now managed to install Avira alongside McAfee and so far they are co-existing. Now doing full scan with Avira to see what that throws up.
    No free lunch, and no free laptop ;)
  • spud17
    spud17 Posts: 4,431 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    macman wrote: »
    I'v now managed to install Avira alongside McAfee and so far they are co-existing. Now doing full scan with Avira to see what that throws up.

    I recently ran Avira on a McAfee 'protected' laptop, not mine, after eventually getting rid of McAfee. :cool:

    Results
    End of the scan: 07 March 2010 14:14
    Used time: 1:10:02 Hour(s)

    The scan has been done completely.

    3366 Scanned directories
    252592 Files were scanned
    370 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    358 Files were moved to quarantine
    0 Files were renamed
    2 Files cannot be scanned
    252220 Files not concerned
    6697 Archives were scanned
    4 Warnings
    362 Notes
    40656 Objects were scanned with rootkit scan
    0 Hidden objects were found
    Move along, nothing to see.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350K Banking & Borrowing
  • 252.7K Reduce Debt & Boost Income
  • 453.1K Spending & Discounts
  • 243K Work, Benefits & Business
  • 619.9K Mortgages, Homes & Bills
  • 176.5K Life & Family
  • 256K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture