found malware thought remove

[tierra]

I just replaced my hard drive. After formatting and downloading a few programs very buggy (after downloading XP updates) and continued to get worse, so reformatted and after downloading XP updates (did just after downloading McAfee Security Center) desktop properties are working intermittently and disk defragmenter doesn't work at all. I ran McAfee today and got a message about Artemis and that it's quarantined (do I need to do more?). I downloaded (hadn't had time yet and McAfee told me not to) Malwarebytes, SuperAntispyware, and Spyware Blaster and ran. Malwarebytes found and said it got rid of two infections:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

However, disk defragmenter still isn't working and that happened before and someone at this forum found malware on my computer and after it was deleted my disk defragmenter worked again. So I think there's still something on my computer that the other programs aren't finding or deleting.

I'm not very computer knowledgeable so please be patient with me in describing any instructions in full.

I'm also not sure how I picked up anything as hadn't done anything but drivers and McAfee then Windows XP update before this happened. I'm far from loading my computer still.

Thank you for any help.

DDS (Ver_09-05-14.01) - NTFSx86
Run by T at 7:46:01.95 on Fri 06/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.477 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\ehome\ehtray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\emMON.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\T\Desktop\dds.scr

============== Pseudo HJT Report ===============

[Ried]

Hello tierra,

The dds.txt you've posted is incomplete. Please run a new scan with dds.scr and post it again.

[tierra]

DDS (Ver_09-05-14.01) - NTFSx86
Run by T at 9:16:13.20 on Mon 06/08/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.373 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\emMON.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Hallmark\Hallmark Card Studio 2007\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\T\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/dc1

[Ried]

Are you sure you are copying it all? There should be more sections in this report.

[tierra]

Yes, I'm copying the whole document. I'll try again.


DDS (Ver_09-05-14.01) - NTFSx86
Run by T at 9:16:13.20 on Mon 06/08/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.373 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\emMON.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Hallmark\Hallmark Card Studio 2007\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\T\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/dc1
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [emMON] emMON.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{b1c4042e-ddee-487f-b56c-4e498e790b98}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244075748515
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244143028125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\r4mdqrvf.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-4 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-3 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-3 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-3 144704]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-3 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-3 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-3 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-3 40552]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-3 34216]

=============== Created Last 30 ================

2009-06-06 10:23 <DIR> --d----- c:\program files\VideoLAN
2009-06-06 09:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative Home
2009-06-06 09:38 <DIR> --d----- c:\program files\common files\Nova Development
2009-06-06 09:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hallmark
2009-06-06 09:38 <DIR> --d----- c:\program files\Hallmark
2009-06-06 07:54 <DIR> --d----- c:\program files\common files\xing shared
2009-06-06 07:54 <DIR> --d----- c:\program files\common files\Real
2009-06-06 02:51 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-06-06 02:51 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-06 02:50 <DIR> --d----- c:\program files\iPod
2009-06-06 02:50 <DIR> --d----- c:\program files\iTunes
2009-06-06 02:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-06 02:50 <DIR> --d----- c:\program files\Bonjour
2009-06-05 09:52 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-06-05 06:28 <DIR> --d----- c:\program files\SpywareBlaster
2009-06-05 05:24 <DIR> --d----- c:\docume~1\t\applic~1\Malwarebytes
2009-06-05 05:24 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 05:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-05 05:24 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-05 05:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 05:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-05 05:19 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-05 05:19 <DIR> --d----- c:\docume~1\t\applic~1\SUPERAntiSpyware.com
2009-06-04 12:59 <DIR> --d----- c:\docume~1\t\applic~1\Windows Search
2009-06-04 12:56 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-06-04 12:55 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-06-04 12:55 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-06-04 12:53 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-06-04 12:43 <DIR> --d----- c:\program files\common files\Windows Live
2009-06-04 12:43 <DIR> --d----- c:\program files\Microsoft
2009-06-04 12:41 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-04 11:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-04 11:31 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-04 07:05 106,352 a------- c:\docume~1\t\applic~1\GDIPFONTCACHEV1.DAT
2009-06-04 07:04 <DIR> --d----- c:\program files\MSECache
2009-06-04 06:56 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-04 06:56 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-04 06:56 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-04 06:56 117,760 -------- c:\windows\system32\prntvpt.dll
2009-06-04 06:56 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-06-04 06:56 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-04 06:56 <DIR> --d----- C:\f5b7b23d446fc9ce2b62d0c40de4
2009-06-04 06:56 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-06-04 06:56 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-06-04 06:52 <DIR> --d----- c:\program files\MSXML 4.0
2009-06-04 06:52 <DIR> --d----- c:\docume~1\t\applic~1\Windows Desktop Search
2009-06-04 06:51 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-06-04 06:51 <DIR> --d----- c:\program files\Windows Desktop Search
2009-06-04 06:50 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-06-04 06:48 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-04 06:47 <DIR> --d----- c:\program files\MSXML 6.0
2009-06-04 06:32 288,768 -------- c:\windows\system32\rhttpaa.dll
2009-06-04 06:32 116,736 -------- c:\windows\system32\aaclient.dll
2009-06-04 06:32 36,352 -------- c:\windows\system32\tsgqec.dll
2009-06-04 06:23 <DIR> --d----- c:\program files\common files\HP
2009-06-04 06:21 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-06-04 06:20 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-06-04 06:20 51,120 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-06-04 06:20 21,744 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-06-04 06:20 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-06-04 06:20 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-06-04 06:20 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-06-04 06:20 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-04 06:19 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-06-04 06:19 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-06-04 06:19 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-06-04 06:19 73,728 a------- c:\windows\system32\HPZipm12.exe
2009-06-04 06:19 61,440 a------- c:\windows\system32\HPZinw12.exe
2009-06-04 06:19 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-06-04 06:19 306,688 a------- c:\windows\IsUninst.exe
2009-06-04 06:18 <DIR> --d----- c:\program files\HP
2009-06-04 06:17 68,939 a------- c:\windows\hpoins05.dat
2009-06-04 06:17 19,696 -------- c:\windows\hpomdl05.dat
2009-06-04 06:04 <DIR> --d----- c:\program files\Microsoft Streets and Trips Essentials
2009-06-04 06:04 <DIR> --d----- c:\program files\Microsoft Location Finder
2009-06-04 06:00 <DIR> --d----- c:\program files\Encarta
2009-06-04 05:57 <DIR> --d----- c:\program files\Microsoft Digital Image 2006
2009-06-04 05:55 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-06-04 05:55 <DIR> --d----- c:\windows\ShellNew
2009-06-04 05:54 <DIR> --d----- c:\program files\Microsoft Works Suite 2006
2009-06-04 05:44 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-04 05:37 376 a------- c:\windows\ODBC.INI
2009-06-04 04:30 2,276 a------- c:\docume~1\t\applic~1\wklnhst.dat
2009-06-04 04:19 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-06-04 04:19 89,264 a------- c:\windows\system32\drivers\DRVMCDB.SYS
2009-06-04 04:19 40,544 a------- c:\windows\system32\drivers\DRVNDDM.SYS
2009-06-04 04:19 5,628 a------- c:\windows\system32\drivers\DLACDBHM.SYS
2009-06-04 04:19 94,263 a------- c:\windows\DLA.EXE
2009-06-04 04:19 61,500 a------- c:\windows\system32\DLAAPI_W.DLL
2009-06-04 04:19 22,684 a------- c:\windows\system32\drivers\DLARTL_N.SYS
2009-06-04 04:19 <DIR> --d----- c:\windows\system32\DLA
2009-06-04 04:18 <DIR> --d----- c:\program files\Roxio
2009-06-04 04:14 <DIR> --d----- c:\program files\InterActual
2009-06-04 04:14 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-06-04 04:13 250 a------- c:\windows\wininit.ini
2009-06-03 18:43 2,142,720 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-03 18:43 2,186,112 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-03 18:43 2,062,976 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-06-03 18:43 2,020,864 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-03 18:37 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-03 18:37 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-06-03 18:26 23,040 -------- c:\windows\kb913800.exe
2009-06-03 18:10 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-03 17:59 <DIR> --d----- c:\program files\NCH Software
2009-06-03 17:59 <DIR> --d----- c:\docume~1\t\applic~1\NCH Software
2009-06-03 17:54 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-06-03 17:36 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-03 17:35 <DIR> --ds---- c:\documents and settings\t\UserData
2009-06-03 17:27 11,101 a------- c:\windows\system32\Config.MPF
2009-06-03 17:20 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-06-03 17:20 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-06-03 17:20 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-06-03 17:20 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-06-03 17:19 <DIR> --d----- c:\program files\common files\McAfee
2009-06-03 17:19 <DIR> --d----- c:\program files\McAfee.com
2009-06-03 17:19 <DIR> --d----- c:\program files\McAfee
2009-06-03 17:14 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-06-03 16:45 1,458,263 a------- c:\windows\system32\drivers\CTRL.s3
2009-06-03 16:45 269,952 a------- c:\windows\system32\drivers\atinavrr.sys
2009-06-03 16:45 110,592 a------- c:\windows\system32\atinpprr.ax
2009-06-03 16:39 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys
2009-06-03 16:39 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-06-03 16:38 <DIR> --d----- c:\program files\CONEXANT
2009-06-03 16:38 212,224 a------- c:\windows\system32\drivers\HSFHWBS2.sys
2009-06-03 16:38 128,398 a------- c:\windows\system32\drivers\del200f.cty
2009-06-03 16:38 90,112 a------- c:\windows\system32\mdmxsdk.dll
2009-06-03 16:38 32,218 a------- c:\windows\system32\HSFCI008.dll
2009-06-03 16:38 11,043 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-06-03 16:38 1,042,432 a------- c:\windows\system32\drivers\HSF_DP.sys
2009-06-03 16:38 680,704 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-06-03 16:38 17 a----r-- c:\windows\system32\DVEMODEM.DAT
2009-06-03 16:38 4,272 a----r-- c:\windows\system32\drivers\bvrp_pci.sys
2009-06-03 16:34 <DIR> --d----- c:\program files\ATI Technologies
2009-06-03 16:32 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-06-03 16:32 339,968 a------- c:\windows\stsystra.exe
2009-06-03 16:32 143,441 a------- c:\windows\system32\stac97.cpl
2009-06-03 16:32 90,112 a------- c:\windows\system32\stacapi.dll
2009-06-03 16:32 103,936 a------- c:\windows\system32\staco.dll
2009-06-03 16:31 180,864 a------- c:\windows\system32\drivers\sthda.sys
2009-06-03 16:31 <DIR> --d----- c:\program files\SigmaTel
2009-06-03 16:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix
2009-06-03 16:30 <DIR> --d----- c:\program files\Citrix
2009-06-03 16:28 1,902 -------- c:\windows\system32\SetupBD.din
2009-06-03 16:27 162,816 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-06-03 16:27 162,816 a------- c:\windows\system32\drivers\e100b325.sys
2009-06-03 16:27 126,976 a------- c:\windows\system32\Prounstl.exe
2009-06-03 16:27 36,864 a------- c:\windows\system32\e100bmsg.dll
2009-06-03 16:27 19,456 a------- c:\windows\system32\IntelNic.dll
2009-06-03 16:27 5,178 a------- c:\windows\system32\e100b325.din
2009-06-03 16:27 <DIR> --d----- C:\drvrtmp
2009-06-03 16:26 <DIR> --d----- c:\windows\system32\vmm32
2009-06-03 16:26 <DIR> --d----- c:\program files\Dell
2009-06-03 15:54 <DIR> --d----- c:\windows\system32\FxsTmp
2009-06-03 15:50 <DIR> --d----- c:\windows\RegisteredPackages
2009-06-03 15:47 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-06-03 15:46 <DIR> --d----- c:\windows\system32\URTTemp
2009-06-03 15:45 <DIR> --d----- c:\program files\RGB
2009-06-03 15:44 <DIR> --d----- c:\program files\GemMaster
2009-06-03 15:44 <DIR> --d----- c:\program files\EnglishOtto
2009-06-03 15:41 <DIR> --d----- c:\documents and settings\T
2009-06-03 15:41 <DIR> --ds---- c:\windows\system32\Microsoft
2009-06-03 15:40 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-03 15:38 7,680 ac------ c:\windows\system32\dllcache\migregdb.exe
2009-06-03 15:37 <DIR> --d----- C:\DELL
2009-06-03 15:36 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-06-03 15:35 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-06-03 15:35 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-03 15:33 <DIR> --d----- c:\program files\Online Services
2009-06-03 15:32 <DIR> --d----- c:\program files\Windows Plus
2009-06-03 15:31 <DIR> --d----- c:\program files\Messenger
2009-06-03 15:31 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-06-03 15:31 <DIR> --d----- c:\program files\Windows NT
2009-06-03 08:25 <DIR> --d----- c:\program files\common files\ODBC
2009-06-03 08:25 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-03 08:25 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-06-07 16:09 87,747 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-06 07:54 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-03 15:33 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 9:17:01.00 ===============

[Ried]

There it is.

Quote:

I ran McAfee today and got a message about Artemis and that it's quarantined

I'm not seeing any malware. Where did McAfee find Artemis? Can you post the full path?

[tierra]

I'm sorry I can't even find the report on my reports now. Could the two items that Malwarebytes found and got rid of have been the Artemis?
I can't even find the reports from the last 3 days from McAfee about LEAKTEST, which it tried to get rid of and thought was malware and I finally was able to delete (it was in temp files and wouldn't delete for a couple days). I'm looking in reports and only finding when system guard was allowed one time change to computer and all are about Microsoft update downloads, except once for my printer.

Whenever I click on view log for any event - it says no log exists. Could something be keeping it from storing event logs?

The malwarebytes report is:

Malwarebytes' Anti-Malware 1.37
Database version: 2232
Windows 5.1.2600 Service Pack 2

6/5/2009 6:16:47 AM
mbam-log-2009-06-05 (06-16-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 131844
Time elapsed: 27 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank you very much.

[Ried]

No, nothing should be keeping you from viewing reports. Let's be sure and run this online scan. It can take some time, so please be patient and allow it to run it's full course:


**Vista users - right click on the IE icon and run as administrator


Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[tierra]

I just did another scan with both McAfee and Malwarebytes and Malwarebytes found a trojan.banker. Here's the log:

Malwarebytes' Anti-Malware 1.37
Database version: 2252
Windows 5.1.2600 Service Pack 2

6/9/2009 6:25:11 AM
mbam-log-2009-06-09 (06-25-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 141322
Time elapsed: 31 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\kb913800.exe (Trojan.Banker) -> Quarantined and deleted successfully.

I don't understand why I'm all of a sudden getting so many malware attacks.

Thank you

[tierra]

I'm not that computer knowledgeable, so these are probably a very basic questions. Once my anti-malware has found and quarantined something can I delete/remove that item from my computer? If so, will it affect my OS? Why aren't my anti-malware programs protecting me from these malware installing? Most of my friends say I'm pretty safe in my surfing habits; however, I seem to really be picking things up and don't know how to prevent.
Thank you.

[tierra]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 9, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 09, 2009 19:29:05
Records in database: 2332019
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 44182
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:38:54

No malware has been detected. The scan area is clean.

The selected area was scanned.

[Ried]

Hi tierra,

Quote:

Once my anti-malware has found and quarantined something can I delete/remove that item from my computer? If so, will it affect my OS?

Wait severals days or so, after something has been quarantined. If you are not experiencing any ill-effects, then go ahead and delete that item.

Quote:

Why aren't my anti-malware programs protecting me from these malware installing?

No Anti Malware or Anti Virus program can block everything as new malware and methods of invading a system are constantly being developed. Even legit sites you visit can have malicious code parked on them. The owner of the site may not be aware of it until people complain.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and IE.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer


Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.



**Kindly respond one more time and let me know if we may consider this thread resolved.

[tierra]

Thank you very much.

I actually have SpywareBlaster on my computer already. I downloaded it when I downloaded Malwarebytes. I must have forgotten to say I had it. I do update McAfee automatically and MalwareBytes & SpywareBlaster every time I log on and just before I log off the computer, if on for any length of time.

I've never heard of WOT before; however, it sounds a lot like the McAfee SiteAdvisor I have - will they conflict?

I didn't know I could scan for out of date & vulnerable common applications on my computer - thank you.

Thank you for all of your help.

[tierra]

Thank you very much.

I actually have SpywareBlaster on my computer already. I downloaded it just after I downloaded Malwarebytes when loading programs last week on my new hard drive. I must have forgotten to say I had it. I do update McAfee automatically and MalwareBytes & SpywareBlaster every time I log on and just before I log off the computer, if on for any length of time. I did have SUPERAntiSpyware on my old hard drive with the others; however, didn't download it again as seemed to be having conflicts with McAfee lately.

I've never heard of WOT before; however, it sounds a lot like the McAfee SiteAdvisor I have - will they conflict?

I didn't know I could scan for out of date & vulnerable common applications on my computer - thank you.

Thank you for all of your help.

[Ried]

I will be honest with you, I used to use McAfee Site Advisor but have found WebOfTrust to be much more accurate. And believe me, no one Googles more than we members of the Security Team.

It's a bit of a read, but a good topic here regarding McAfee Site Advisor's performance

[tierra]

Thank you. Will I need to disable McAfee Site Advisor to use?

Thank you so very much.

[Ried]

You're welcome. Uninstall it via Start>Control Panel>Add or Remove programs

Let me know if you ran into any difficulty in removing it.

[tierra]

I'm not finding site advisor under add/remove; however, I believe it can be disabled by right clicking on it and clicking on disable - will that be enough? The only thing under McAfee in my add/remove is the whole security center. I think it's part of the package and so don't know how to remove totally. And I can't find anywhere within security center to disable it or remove it either.
Many thanks for all of your hard work.

[Ried]

You're most welcome, tierra.

Seems you're right about it being part of McAfee Security Center. You are also correct that you can simply disable it via right click.

I'd also launch IE>Tools>Toolbars and ensure it is unchecked there as well.

In Firefox, it would be Firefox>View>Toolbars

[tierra]

Great thanks. I really appreciate all of your help.