Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Is the Generic.dx!scr trojan responsible for my problems, or is it something else?

This is a discussion on Is the Generic.dx!scr trojan responsible for my problems, or is it something else? within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. My Computer: Dell XPS 400 with DataSafe hard drive, which is supposed to be a combination of Norton Ghost and


 
 
Thread Tools Search this Thread
Old 05-14-2010, 09:17 AM   #1
Registered Member
 
Join Date: Mar 2009
Posts: 8
OS: Microsoft Windows XP Media Center Edition Version 2002 Service Pack 3


Confused

My Computer:

Dell XPS 400 with DataSafe hard drive, which is supposed to be a combination of
Norton Ghost and a hidden second hard drive (RAID 1), but I do not have Norton
Ghost on my PC, by choice
Intel Pentium D 830 (3GHz)
1GB DDR2 SDRAM at 533MHz
256MB ATI Hyper Memory
DataSafe 160GB (Secured Storage and Data Recovery Solution)

Intel(R)
Pentium(R) D CPU 3.00Ghz
2.99 GHz, 1.00 GB of RAM

My System:

Microsoft Windows XP
Media Center Edition
Version 2002
Service Pack 3

My Anti-virus: McAfee SecurityCenter

My Anti-spyware: Webroot Spy Sweeper

Hi.

I do not have Java on my PC because in the past, I caught a very bad virus
or trojan via a fake Java update. Also, I have Adobe Acrobat Reader 6.0,
with JavaScript disabled by choice, because I heard somewhere that that
version is less prone to trojan infection and that turning off JavaScript
in Adobe Acrobat is said to be safer.

For about six months, I've had this thing where my PC freezes for between
3 and 20 seconds while I hear a distant high beady sound, like that of the
PC quickly processing something.

For about a month, I've encountered the situation where I sometimes have
to click on something two (and sometimes three or four times) to get it
go. Also, when I click on a folder icon once, in order to rename it, it
opens the folder instead, which is supposed to only happen if I double-click.
And another odd thing is that highlighting text is often tricky, with the
highlighted area expanding to include letters and words I didn't select.
And the marquee tool in Photoshop doesn't always mark the area that I
started the cursor at, now.

On April 30, I accidentally clicked on a folder containing secondary
programs rather than a folder containing txt and jpg files, and a McAfee
Security Center warning came up, saying that a trojan had automatically
been removed. This was disturbing for two reasons: first, because
McAfee's last scheduled full system scan had been two days prior, and
second, because the trojan was identified as residing in flvplayer_setup.exe,
which is an installation program that has been on my PC for over a year
without any problem. The trojan's detection file name was Generic.dx!scr
and the process was listed as C:\WINDOWS\Explorer.EXE

At https://vil.nai.com/vil/content/v_265923.htm [a McAfee page] it says:

Generic.dx!scr

Type: Trojan
SubType: Win32
Discovery Date: 04/27/2010

Risk Assessment
Corporate User: Low
Home User: Low

Today, in McAfee Security Center, Reports & Logs > View Log > Internet & Network
I looked at the Inbound events and found something called SecurSight Event
Logging Server (SSL) from the following three Source IPs:

221.192.199.46
221.192.199.48
222.45.112.59

. . . generally every 5 to 30 minutes.

Tracing 221.192.199.46 found:
Person: Kong Lingfei, in Shi Jiazhuang City, HeBei Province, China
Tracing 221.192.199.48 found:
Person: ChinaUnicom Hostmaster, in Shi Jiazhuang City, HeBei Province, China
Tracing 222.45.112.59 found:
Persons: Jiang Xin and Ye Fengbin, in Hangzhou, Zhejiang, China [who also sent RingZero]

From the same IPs are coming TCP port scans, also generally every 5 to 30
minutes.

Another thing I found, dated today, is an event called
Pro Mail Trojan / Post Office Protoco - Version 3, from IP 218.78.209.235 and
McAfee says (among other things), "Home systems will rarely be running a mail
server. Usually, this port is often used by several Trojan programs."

Okay, getting back to the SecurSight Event Logging Server (SSL) events,
I googled Event Logging and went to https://en.wikipedia.org/wiki/Event_Viewer
and then to How to view and manage event logs in Event Viewer in Windows XP
at https://support.microsoft.com/kb/308427 which says, in part:

A Windows XP-based computer records events in the following three logs:

* Application log
* Security log
* System log

The system log contains events logged by Windows XP system components.
For example, if a driver fails to load during startup, an event is
recorded in the system log. Windows XP predetermines the events that are
logged by system components.

As suggested, I went to
Start > Control Panel > Administrative Tools > Computer Management > Event Viewer.
The Application and System subfolders had lots of stuff in them, while the
Internet Explorer, Media Center, and Security folders were all empty. Inside the
System subfolder, I found a lot of instances of:

Type: Warning
Source: Tcpip
Event: 4226
User: N/A

For example, the Warning appears on:

5/1/2010 at 3:04:00 PM [I was not at home then]
5/1/2010 at 4:19:41 PM [I was not at home then]
5/1/2010 at 6:53:16 PM [I was not at home then]
5/1/2010 at 7:50:04 PM [I was probably at home then]
5/2/2010 at 9:02:14 PM [I was at home then]
5/3/2010 at 9:11:16 AM [I was at home then]
5/4/2010 at 12:22:54 AM [I was at home then]
5/5/2010 at 2:29:50 AM [I was at home then]
5/6/2010 at 7:42:34 AM [I was at home then, asleep]
5/7/2010 at 7:20:37 AM [I was at home then, asleep]
5/8/2010 at 9:07:28 PM [I was at home then]
5/8/2010 at 10:23:00 PM [I was at home then]
5/9/2010 at 11:40:48 PM [I was at home then]
5/10/2010 at 1:32:20 AM [I was at home then]
[5/11/2010 had no Tcpip 4226 warnings at all]
5/12/2010 at 1:07:07 AM [I was at home then]
5/12/2010 at 1:52:27 AM [I was at home then]
5/12/2010 at 2:40:41 AM [I was at home then]
5/13/2010 at 3:20:16 AM [I was at home then]

When I double-click on any of the Tcpip 4226 warnings, a box comes up
with the Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.

I clicked on https://go.microsoft.com/fwlink/events.asp and it says there:

Details
Product: Windows Operating System
ID: 4226
Source: Tcpip
Version: 5.2
Symbolic Name: EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED
Message: TCP/IP has reached the security limit imposed on the number of concurrent (incomplete) TCP connect attempts.

Explanation

The TCP/IP stack in Windows XP with Service Pack 2 (SP2) installed limits the number of concurrent, incomplete outbound TCP connection attempts. When the limit is reached, subsequent connection attempts are put in a queue and resolved at a fixed rate so that there are only a limited number of connections in the incomplete state. During normal operation, when programs are connecting to available hosts at valid IP addresses, no limit is imposed on the number of connections in the incomplete state. When the number of incomplete connections exceeds the limit, for example, as a result of programs connecting to IP addresses that are not valid, connection-rate limitations are invoked, and this event is logged.

Establishing connection–rate limitations helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in failed connections, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.

Connection-rate limitations may cause certain security tools, such as port scanners, to run more slowly.

User Action

This event is a warning that a malicious program or a virus might be running on the system. To troubleshoot the issue, find the program that is responsible for the failing connection attempts and, if the program might be malicious, close the program as follows.

To close the program

At the command prompt, type
Netstat –no
Find the process with a large number of open connections that are not yet established.
These connections are indicated by the TCP state SYN_SENT in the State column of the Active Connections information.
Note the process identification number (PID) of the process in the PID column.
Press CTRL+ALT+DELETE and then click Task Manager.
On the Processes tab, select the processes with the matching PID, and then click End Process.
If you need to select the option to view the PID for processes, on the View menu, click Select Columns, select the PID (Process Identifier) check box, and then click OK.

I went to my PC's command prompt and typed Netstat -no and found no
problems.

I ran a McAfee anti-virus scan, and a Malwarebytes' Anti-Malware scan,
and a SUPERAntiSpyware Free Edition scan, and all that came up where
tracking cookies in the SUPERAntiSpyware Free Edition scan.

I ran DDS without a problem, but encountered a boatload of problems
trying to run GMER.

The first time I ran GMER, I cancelled its scan after a few minutes
because I realized that I might have unchecked the wrong boxes since the
gmer_screen2-1.gif would not open in Firefox for some reason. This
eventually caused the PC to lock up. Upon cold booting, I encountered a
blue screen with relatively large font white lettering that said:

A problem has been detected and windows has been shut down to prevent damage to your computer.

The problem seems to be caused by the following file: uxtdypob.sys

PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

[there was more on the screen, but I didn't write it down]

I restarted GMER and it ran for about an hour, and then the PC just
stopped: there was a black screen and the mouse and keyboard wouldn't do
anything, and yet the PC was still on. I cold-booted the PC.

After the re-boot, I went to the
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
page again to try to access the gmer_screen2-1.gif that is at
hxxp://i28.photobucket.com/albums/c227/tetonbob/gmer_screen2-1.gif and
for some odd reason, much of the PC froze up, and onscreen I saw that a
download has begun. More of the PC froze, so I had to cold-boot again.

Upon re-boot, a message near my systray said that all downloads had been
completed. I have no idea what the download was, so I did a Malwarebytes
Anti-malware scan, but the scan found nothing.

The next two times I tried running GMER, GMER ran for about an hour or so,
and then the PC re-booted itself spontaneously. I was in another room
each time the re-boot occurred, so I did not actually witness the point
at which it happened either time.

I then re-booted to safe mode and ran GMER. GMER ran for about two hours,
and then the PC spontaneously re-booted.

So, I am here submitting the initial GMER scan, since I can't seem to get
a complete one.

I used System Restore to return to a point prior to when the unknown
download had occurred. I then ran a fresh DDS, which I am submitting here.

I don't have a Boot CD, but I have access to a Windows Install disc and I
have all of my PC's drivers and programs on factory disc because when I
first started up my PC out of the box on the very first day I got it,
Norton Ghost 10 (which I have since learned was very buggy) caused the PC
to freeze up so badly that Dell offered to either send me a new PC or
sent me all the installation discs to reformat the PC. I opted for all
the installation discs, because I otherwise wouldn't be able to re-format
again if anything else ever went wrong.

I am really not all that tech savvy. I never took computer science in
school, and I taught myself most of what I know. Any help that you would be
able to provide would be much appreciated. Thank you.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Steve at 9:44:19.39 on Fri 05/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.313 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Steve\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - c:\program files\nitro pdf\pdf download\NitroPDF.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SigmatelSysTrayApp] "stsystra.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DLCCCATS] "rundll32" c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,[email protected]
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - c:\program files\nitro pdf\pdf download\NitroPDF.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\rkl7k34w.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/outlook/recreation/outdoors/hourbyhour/02130?from=36hr_topnav_outdoors
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-2 29808]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-12-16 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 68168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-23 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-23 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-23 144704]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-4-23 1201640]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-23 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-23 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-23 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-23 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-23 34248]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 12872]

=============== Created Last 30 ================

2010-05-14 13:17:22 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-14 13:17:00 8212 ----a-w- c:\windows\mfebcdata

==================== Find3M ====================

2010-05-06 18:28:48 41432 ----a-w- c:\docume~1\steve\applic~1\wklnhst.dat
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 17:17:52 40856 ----a-w- c:\docume~1\steve\applic~1\GDIPFONTCACHEV1.DAT
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
1999-11-12 22:30:54 4880 ----a-w- c:\program files\mplayer2.exe
2009-10-14 03:45:14 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-03-17 08:10:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031720090318\index.dat

============= FINISH: 9:45:02.54 ===============
Attached Files
File Type: zip Attach.zip (5.8 KB, 19 views)
Stephe is offline  
Sponsored Links
Advertisement
 
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:51 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2019 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts