simps18

Hi,
I have done a virus scan and it has detected and "removed" NTOSKRNL hook. But when I rescan it is still there. I have also tried getting rid of it in safe mode... no good.
I would LOVE some help

THANKS!!


DDS:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Chris at 15:34:40.09 on 20/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.370 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242743298859
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.148,85.255.112.108
TCP: {1C37DBCB-0709-4AF3-B0B8-38B99CA89692} = 85.255.112.148,85.255.112.108
TCP: {222A1764-BB8F-419E-9CFD-4A624CC390DD} = 85.255.112.148,85.255.112.108
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-19 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-19 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-19 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-19 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-19 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-19 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-19 34216]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-19 40552]

=============== Created Last 30 ================

2009-06-14 00:07 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-14 00:07 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-14 00:07 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-06-14 00:07 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-11 14:40 <DIR> --d----- c:\program files\VideoTools
2009-06-11 14:39 815,104 a------- c:\windows\system32\xvidcore.dll
2009-06-11 14:39 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-06-11 14:39 77,824 a------- c:\windows\system32\xvid.ax
2009-06-11 14:39 <DIR> --d----- c:\program files\Xvid
2009-06-11 01:06 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-11 01:06 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 01:06 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 01:06 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-10 00:12 <DIR> --d----- c:\program files\iPod
2009-06-10 00:12 <DIR> --d----- c:\program files\iTunes
2009-06-09 18:00 <DIR> --d----- c:\docume~1\chris\applic~1\avidemux
2009-06-09 17:45 <DIR> --d----- c:\docume~1\chris\applic~1\AVS4YOU
2009-06-09 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-06-09 17:18 <DIR> --d----- c:\program files\common files\AVSMedia
2009-06-09 17:16 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-06-09 17:16 974,848 a------- c:\windows\system32\mfc70.dll
2009-06-09 17:16 487,424 a------- c:\windows\system32\msvcp70.dll
2009-06-09 17:16 344,064 a------- c:\windows\system32\msvcr70.dll
2009-06-09 17:16 24,576 a------- c:\windows\system32\msxml3a.dll
2009-06-09 17:16 <DIR> --d----- c:\program files\AVS4YOU
2009-06-09 00:32 <DIR> --d----- c:\program files\BitLord
2009-06-06 20:48 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-04 17:12 3,249 a------- c:\windows\system32\wbem\Outlook_01c9e569f944b088.mof
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-24 01:45 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-18 22:08 5 a------- c:\windows\system32\drivers\DELL_XPS_MXC061 .MRK
2009-05-18 22:08 5 a------- c:\windows\system32\drivers\1028_DELL_XPS_MXC061 .MRK
2009-05-18 21:19 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-12 23:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 15:34:59.42 ===============

Attached Files

ark.zip (3.9 KB, 2 views)

Angelfire777

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

simps18

Hi Thanks for helping me out!


ComboFix 09-06-22.04 - Chris 22/06/2009 21:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.767 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\cfix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\MSIVXiqlrxhompqrmybxxnboiyxxmbkuxoyqm.sys
c:\windows\system32\drivers\MSIVXpyqoenioevrjxdbjxwpbkgbwwksrtofk.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXftkaaawuhessftjeccnrmylvdosalanm.dll
c:\windows\system32\MSIVXibehqgbekrlwkewvuqbdqeiswqobpbiv.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-14 06:07 . 2008-04-14 11:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-14 06:07 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-14 06:07 . 2008-04-14 06:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-14 06:07 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-11 20:41 . 2009-06-11 20:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-11 20:40 . 2009-06-11 20:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-06-11 20:40 . 2009-06-11 20:40 -------- d-----w- c:\program files\VideoTools
2009-06-11 20:39 . 2009-06-11 20:39 -------- d-----w- c:\program files\Xvid
2009-06-11 20:39 . 2008-12-05 03:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-11 20:39 . 2008-12-05 03:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-11 07:06 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 07:06 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-11 07:06 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 07:06 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-10 06:12 . 2009-06-10 06:12 -------- d-----w- c:\program files\iPod
2009-06-10 06:12 . 2009-06-10 06:13 -------- d-----w- c:\program files\iTunes
2009-06-10 06:10 . 2009-06-10 06:10 -------- d-----w- c:\program files\QuickTime
2009-06-10 06:04 . 2009-06-10 06:04 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-10 00:05 . 2009-06-10 00:05 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\WinAVI
2009-06-10 00:00 . 2009-06-10 00:01 -------- d-----w- c:\documents and settings\Chris\Application Data\avidemux
2009-06-09 23:45 . 2009-06-09 23:45 -------- d-----w- c:\documents and settings\Chris\Application Data\AVS4YOU
2009-06-09 23:45 . 2009-06-09 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-09 23:18 . 2009-06-10 02:02 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-09 23:17 . 2009-06-09 23:17 -------- d-----w- c:\windows\system32\drivers\umdf
2009-06-09 23:16 . 2009-01-29 02:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-09 23:16 . 2009-01-29 02:49 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-09 23:16 . 2009-01-29 02:49 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-09 23:16 . 2009-01-29 02:49 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-06-09 23:16 . 2009-01-29 02:49 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-09 23:16 . 2009-06-10 02:03 -------- d-----w- c:\program files\AVS4YOU
2009-06-09 06:32 . 2009-06-20 21:33 -------- d-----w- c:\program files\BitLord
2009-06-09 04:39 . 2009-06-09 04:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-06-07 02:48 . 2009-06-07 16:44 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 18:48 . 2009-05-19 14:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-11 16:04 . 2009-05-19 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 06:12 . 2009-05-19 23:11 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 06:08 . 2009-05-19 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-09 04:37 . 2009-05-19 13:51 -------- d-----w- c:\program files\McAfee
2009-06-05 17:42 . 2009-05-19 23:11 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 17:42 . 2009-05-19 23:11 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-04 23:27 . 2009-05-19 23:14 -------- d-----w- c:\documents and settings\Chris\Application Data\Apple Computer
2009-05-24 07:45 . 2009-05-19 03:22 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-19 23:13 . 2009-05-19 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 23:13 . 2009-05-19 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-19 23:13 . 2009-05-19 23:13 -------- d-----w- c:\program files\Bonjour
2009-05-19 23:11 . 2009-05-19 23:11 -------- d-----w- c:\program files\Apple Software Update
2009-05-19 22:56 . 2009-05-19 03:39 29216 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 22:48 . 2009-05-19 22:48 128 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\fusioncache.dat
2009-05-19 22:48 . 2009-05-19 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-19 16:46 . 2009-05-19 04:13 -------- d-----w- c:\program files\Broadcom
2009-05-19 16:42 . 2009-05-19 16:42 -------- d-----w- c:\program files\DIFX
2009-05-19 16:27 . 2009-05-19 16:26 -------- d-----w- c:\program files\Modem Helper
2009-05-19 16:26 . 2009-05-19 05:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 15:57 . 2009-05-19 15:57 -------- d-----w- c:\program files\Synaptics
2009-05-19 15:48 . 2009-05-19 15:10 -------- d-----w- c:\program files\Microsoft Works
2009-05-19 14:26 . 2009-05-19 14:26 -------- d-----w- c:\program files\CONEXANT
2009-05-19 14:14 . 2009-05-19 14:14 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-19 13:56 . 2009-05-19 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-19 13:52 . 2009-05-19 13:52 -------- d-----w- c:\program files\Common Files\McAfee
2009-05-19 13:52 . 2009-05-19 13:52 -------- d-----w- c:\program files\McAfee.com
2009-05-19 05:18 . 2009-05-19 05:18 -------- d-----w- c:\program files\SigmaTel
2009-05-19 05:16 . 2009-05-19 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2009-05-19 05:15 . 2009-05-19 04:08 -------- d-----w- c:\program files\Dell
2009-05-19 05:15 . 2009-05-19 05:15 -------- d-----w- c:\documents and settings\Chris\Application Data\InstallShield
2009-05-19 04:32 . 2009-05-19 04:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-19 04:10 . 2009-05-19 04:10 -------- d-----w- c:\program files\Intel
2009-05-19 04:08 . 2009-05-19 04:06 -------- d-----w- c:\documents and settings\Chris\Application Data\U3
2009-05-19 04:08 . 2009-05-19 04:08 5 ----a-w- c:\windows\system32\drivers\DELL_XPS_MXC061 .MRK
2009-05-19 04:08 . 2009-05-19 04:08 5 ----a-w- c:\windows\system32\drivers\1028_DELL_XPS_MXC061 .MRK
2009-05-19 03:23 . 2009-05-19 03:23 -------- d-----w- c:\program files\microsoft frontpage
2009-05-19 03:19 . 2009-05-19 03:19 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-13 05:15 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2008-04-14 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-25 17:06 . 2009-05-19 13:52 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 17:06 . 2009-05-19 13:52 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 17:06 . 2009-05-19 13:52 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 17:06 . 2009-03-25 17:06 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 17:05 . 2009-05-19 13:48 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.

------- Sigcheck -------

[7] 2008-04-14 12:00 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 12:00 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\dllcache\svchost.exe

[7] 2008-04-14 12:00 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 12:00 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\dllcache\user32.dll

[7] 2008-04-14 12:00 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2008-04-14 12:00 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\dllcache\ws2_32.dll

[7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2008-04-14 12:00 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\$NtUninstallKB963027$\wininet.dll
[7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\ie8\wininet.dll
[7] 2009-03-08 10:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-14 12:00 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-14 12:00 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 12:00 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\winlogon.exe

[7] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys
[7] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\ip6fw.sys
[7] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 12:00 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2009-02-08 01:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 01:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-08 01:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-04-14 12:00 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-04-14 12:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[7] 2008-04-14 12:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\explorer.exe

[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 12:00 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[7] 2008-04-14 12:00 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 12:00 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\dllcache\lsass.exe

[7] 2008-04-14 12:00 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 12:00 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\dllcache\ctfmon.exe

[7] 2008-04-14 12:00 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 12:00 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\dllcache\spoolsv.exe

[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2008-04-14 12:00 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[7] 2008-04-14 12:00 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\userinit.exe

[7] 2008-04-14 12:00 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2008-04-14 12:00 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\dllcache\termsrv.dll

[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 12:00 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[7] 2008-04-14 12:00 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 12:00 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\dllcache\powrprof.dll

[7] 2008-04-14 12:00 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 12:00 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\imm32.dll

[7] 2008-04-14 12:00 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 12:00 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\dllcache\sfcfiles.dll

[7] 2008-04-14 12:00 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll
[7] 2008-04-14 12:00 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\dllcache\appmgmts.dll

[7] 2008-04-14 12:00 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [19/05/2009 7:55 AM 210216]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-05-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-19 16:53]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-19 16:53]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 21:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-06-23 21:12
ComboFix-quarantined-files.txt 2009-06-23 03:12

Pre-Run: 100,861,284,352 bytes free
Post-Run: 101,279,715,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

263 --- E O F --- 2009-06-11 16:04

Attached Files

cfix.txt (19.9 KB, 1 views)

Angelfire777

Hi,


*Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.


*delete this folder: c:\program files\VideoTools

---------------------------

Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
• Copy and paste that log as a reply to this topic and also let me know how things are now.

On your next reply, please include a

• Fresh DDS log (just dds.txt)
• eset scan log

simps18

Here is the DDS. Sorry what was the eset scan log?



DDS (Ver_09-05-14.01) - NTFSx86
Run by Chris at 22:42:41.95 on 22/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.658 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242743298859
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-19 210216]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-19 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-19 144704]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-6-22 66048]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-19 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-19 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-19 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-19 40552]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-19 606736]

=============== Created Last 30 ================

2009-06-22 21:12 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-06-22 20:55 161,792 a------- c:\windows\SWREG.exe
2009-06-22 20:55 155,136 a------- c:\windows\PEV.exe
2009-06-22 20:55 98,816 a------- c:\windows\sed.exe
2009-06-22 20:55 <DIR> --ds---- C:\cfix
2009-06-14 00:07 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-14 00:07 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-14 00:07 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-06-14 00:07 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-11 14:39 815,104 a------- c:\windows\system32\xvidcore.dll
2009-06-11 14:39 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-06-11 14:39 77,824 a------- c:\windows\system32\xvid.ax
2009-06-11 14:39 <DIR> --d----- c:\program files\Xvid
2009-06-11 01:06 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-11 01:06 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 01:06 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 01:06 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-10 00:12 <DIR> --d----- c:\program files\iPod
2009-06-10 00:12 <DIR> --d----- c:\program files\iTunes
2009-06-09 18:00 <DIR> --d----- c:\docume~1\chris\applic~1\avidemux
2009-06-09 17:45 <DIR> --d----- c:\docume~1\chris\applic~1\AVS4YOU
2009-06-09 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-06-09 17:18 <DIR> --d----- c:\program files\common files\AVSMedia
2009-06-09 17:16 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-06-09 17:16 974,848 a------- c:\windows\system32\mfc70.dll
2009-06-09 17:16 487,424 a------- c:\windows\system32\msvcp70.dll
2009-06-09 17:16 344,064 a------- c:\windows\system32\msvcr70.dll
2009-06-09 17:16 24,576 a------- c:\windows\system32\msxml3a.dll
2009-06-09 17:16 <DIR> --d----- c:\program files\AVS4YOU
2009-06-09 00:32 <DIR> --d----- c:\program files\BitLord
2009-06-06 20:48 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-04 17:12 3,249 a------- c:\windows\system32\wbem\Outlook_01c9e569f944b088.mof
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-24 01:45 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-18 22:08 5 a------- c:\windows\system32\drivers\DELL_XPS_MXC061 .MRK
2009-05-18 22:08 5 a------- c:\windows\system32\drivers\1028_DELL_XPS_MXC061 .MRK
2009-05-18 21:19 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-12 23:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 22:42:50.18 ===============

Angelfire777

Did you do the online scan?

simps18

oh sorry! heres the online scan! things are working a lot better! but it looks like it may have found something?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=e6be2056ca3a104ba6c64bfc5e50b04c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-06-23 07:35:02
# local_time=2009-06-23 01:35:02 (-0700, Mountain Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 37 100 88 70255369687500
# scanned=39969
# found=3
# cleaned=0
# scan_time=1580
C:\Documents and Settings\Chris\Desktop\Chris Downloads\Hootie & The Blowfish - Deeper Side.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXftkaaawuhessftjeccnrmylvdosalanm.dll.vir a variant of Win32/Kryptik.SQ trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\MSIVXibehqgbekrlwkewvuqbdqeiswqobpbiv.dll.vir a variant of Win32/Kryptik.SQ trojan 00000000000000000000000000000000

Angelfire777

Please delete this file:

C:\Documents and Settings\Chris\Desktop\Chris Downloads\Hootie & The Blowfish - Deeper Side.mp3

Empty your recycle bin afterwards.

How is it running?

simps18

It has been running much better now! Are there any other files to be deleted?

Angelfire777

Click start > run > copy and paste:

combofix /u

That will hide your system files, clear your system restore cache and uninstall combofix.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Read TonyKlein's How Did I Get Infected In The First Place?.

Please check out miekiemoes' "How to Prevent Malware"

Happy safe surfing!

Note: Please reply to this thread one last time so I could mark it as resolved.