[Zeke801]

The application or DLL C:\WINDOWS\system32\beyofaji.dll is not a valid windows image. Please check this against your installation diskette.

I keep getting this error message when I start basically ANY processes. It doesn't stop the process from functioning, or even from functioning properly, it just has this annoying error message, that's the only "problem". It's becoming very tiresome so I'd like to fix it.

I've attached gmer.txt. I saw in the new post intstructions something about attach.txt as well but I didn't see any instructions on how to generate said file - if it is necessary, please redirect me to the instructions on how to create it?

Here is my DDS copypaste:


DDS (Version 1.0) - NTFSx86
Run by Zeke at 23:41:27.07 on Thu 11/20/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1459 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zeke\Desktop\gmer.exe
C:\Documents and Settings\Zeke\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://sanctuary-aoc.guildportal.com/Guild.aspx?GuildID=258480&TabID=2172087
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {9148D00A-7D9F-6202-BA3D-4A4932371DF7} - c:\windows\system32\cqtddksoodcinwedu.dll
TB: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [CTHelper] CTHELPER.EXE
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\windows\system32\beyofaji.dll
LSA: Notification Packages = scecli c:\windows\system32\beyofaji.dll

============= SERVICES / DRIVERS ===============

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\McSACore.exe"
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;c:\windows\system32\drivers\BCM4E5.SYS
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS
S4 hpt3xx;hpt3xx;

=============== Created Last 30 ================

2008-11-20 23:27 250 a------- c:\windows\gmer.ini
2008-11-20 16:34 <DIR> --d----- c:\windows\pss
2008-11-20 16:18 19,528 a------- c:\windows\000001_.tmp
2008-11-20 15:07 47,598 a------- c:\windows\system32\hbnwsdnyqoubost.exe
2008-11-20 15:07 <DIR> --d----- c:\temp\FT62
2008-11-20 15:07 <DIR> --d----- c:\windows\system32\vd2
2008-11-20 15:07 <DIR> --d----- c:\windows\system32\ap
2008-11-20 15:07 <DIR> --d----- c:\temp\1cb
2008-11-20 15:07 <DIR> --d----- c:\windows\system32\tim
2008-11-20 15:07 115,016 a------- c:\windows\system32\MSINET.OCX
2008-11-20 15:07 29,184 a------- c:\windows\system32\MSINET.oca
2008-11-20 15:07 2,407 a------- c:\windows\system32\MSINET.DEP
2008-11-13 01:00 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2008-11-13 01:00 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2008-11-13 01:00 452,440 a------- c:\windows\system32\d3dx10_40.dll
2008-11-13 01:00 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-11-13 01:00 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-11-13 01:00 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-11-13 01:00 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-11-11 18:17 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Blizzard
2008-11-11 07:43 <DIR> --d----- C:\Logs
2008-11-11 03:51 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2008-11-10 04:39 <DIR> --d----- c:\docume~1\zeke\applic~1\Malwarebytes
2008-11-10 04:39 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-10 04:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-10 04:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 04:39 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2008-11-02 18:41 13,313 a------- c:\windows\system32\Config.MPF
2008-11-02 18:37 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2008-11-02 18:37 79,240 a------- c:\windows\system32\drivers\mfeavfk.sys
2008-11-02 18:37 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2008-11-02 18:37 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2008-11-02 18:35 <DIR> --d----- c:\program files\McAfee
2008-11-02 18:30 34,152 a------- c:\windows\system32\drivers\mferkdk.sys
2008-11-01 21:33 <DIR> --d----- c:\program files\Lavasoft
2008-11-01 21:25 499,712 a------- c:\windows\system32\msvcp71.dll
2008-11-01 21:25 348,160 a------- c:\windows\system32\msvcr71.dll
2008-11-01 14:54 <DIR> --d----- c:\program files\Advanced Combat Tracker
2008-11-01 09:00 11,564 a------- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-11-01 08:59 4,958,588 a------- c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
2008-10-31 18:20 <DIR> --d----- c:\windows\system32\Defaults
2008-10-31 18:20 4,174,814 -------- c:\windows\system32\CT4MGM.SF2
2008-10-31 18:18 4,958,588 a------- c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
2008-10-31 18:18 444,952 a------- c:\windows\system32\wrap_oal.dll
2008-10-31 18:18 109,080 a------- c:\windows\system32\OpenAL32.dll
2008-10-31 18:17 <DIR> --d----- c:\windows\system32\Data
2008-10-31 18:13 7,062 a------- c:\windows\system32\audiopid.vxd
2008-10-31 04:38 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Lavasoft
2008-10-31 04:35 <DIR> --ds---- c:\documents and settings\zeke\UserData
2008-10-31 03:55 <DIR> --ds---- c:\windows\system32\Microsoft
2008-10-31 03:54 32,592 a------- c:\windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 32,592 a------- c:\windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 32,088 a------- c:\windows\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 32,088 a------- c:\windows\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 384 a------- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2008-10-31 03:54 384 a------- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2008-10-31 03:48 <DIR> --d----- c:\windows\ServicePackFiles
2008-10-31 03:47 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2008-10-31 03:46 19,528 a------- c:\windows\002095_.tmp
2008-10-31 03:46 15,872 a------- c:\windows\system32\spupdsvc.exe
2008-10-31 03:44 <DIR> --d----- c:\windows\EHome
2008-10-31 03:31 552 a------- c:\windows\system32\d3d8caps.dat
2008-10-31 03:25 316,640 a------- c:\windows\WMSysPr9.prx
2008-10-31 03:25 <DIR> --d----- c:\windows\RegisteredPackages
2008-10-31 03:16 23,552 a------- c:\windows\system32\wdmaud.drv
2008-10-31 03:16 145,792 ac------ c:\windows\system32\dllcache\portcls.sys
2008-10-31 03:16 130,048 ac------ c:\windows\system32\dllcache\ksproxy.ax
2008-10-31 03:16 48,640 ac------ c:\windows\system32\dllcache\stream.sys
2008-10-31 03:16 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2008-10-31 03:16 145,792 a------- c:\windows\system32\drivers\portcls.sys
2008-10-31 03:16 130,048 a------- c:\windows\system32\ksproxy.ax
2008-10-31 03:16 48,640 a------- c:\windows\system32\drivers\stream.sys
2008-10-31 03:16 4,096 a------- c:\windows\system32\ksuser.dll
2008-10-31 03:16 140,928 ac------ c:\windows\system32\dllcache\ks.sys
2008-10-31 03:16 60,288 ac------ c:\windows\system32\dllcache\drmk.sys
2008-10-31 03:16 140,928 a------- c:\windows\system32\drivers\ks.sys
2008-10-31 03:16 60,288 a------- c:\windows\system32\drivers\drmk.sys
2008-10-31 03:14 201,157 a------- c:\windows\system32\nvapps.nvb
2008-10-31 03:14 <DIR> --d----- c:\windows\nview
2008-10-31 03:14 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-10-31 03:03 1,339,776 a------- c:\windows\system32\drivers\IntelC51.sys
2008-10-31 03:03 618,880 a------- c:\windows\system32\drivers\IntelC52.sys
2008-10-31 03:03 172,032 a------- c:\windows\system32\intelmoh.dll
2008-10-31 03:03 49,152 a------- c:\windows\system32\mhwt.dll
2008-10-31 03:03 47,360 a------- c:\windows\system32\drivers\IntelC53.sys
2008-10-31 03:03 36,880 a------- c:\windows\system32\drivers\mohfilt.sys
2008-10-31 03:00 3,328 ac------ c:\windows\system32\dllcache\pciide.sys
2008-10-31 03:00 95,360 a------- c:\windows\system32\drivers\atapi.sys
2008-10-31 03:00 25,088 a------- c:\windows\system32\drivers\pciidex.sys
2008-10-31 03:00 3,328 a------- c:\windows\system32\drivers\pciide.sys
2008-10-31 03:00 68,224 a------- c:\windows\system32\drivers\pci.sys
2008-10-31 03:00 142,976 a------- c:\windows\system32\drivers\usbport.sys
2008-10-31 03:00 74,240 a------- c:\windows\system32\usbui.dll
2008-10-31 03:00 57,600 a------- c:\windows\system32\drivers\usbhub.sys
2008-10-31 03:00 20,480 a------- c:\windows\system32\drivers\usbuhci.sys
2008-10-31 02:59 35,840 ac------ c:\windows\system32\dllcache\isapnp.sys
2008-10-31 02:59 35,840 a------- c:\windows\system32\drivers\isapnp.sys
2008-10-31 02:59 <DIR> --d----- c:\windows\system32\ReinstallBackups
2008-10-31 02:15 192,000 a------- c:\windows\system32\iuengine.dll
2008-10-31 02:15 <DIR> --d----- C:\WUTemp
2008-10-31 02:09 12,980 a------- c:\windows\system32\wpa.bak
2008-10-30 22:05 54,271 ac------ c:\windows\system32\dllcache\bcm42xx5.sys
2008-10-30 22:05 54,271 a------- c:\windows\system32\drivers\bcm42xx5.sys
2008-10-30 22:05 26,568 ac------ c:\windows\system32\dllcache\bcm4e5.sys
2008-10-30 22:05 26,568 a------- c:\windows\system32\drivers\BCM4E5.SYS
2008-10-30 21:34 <DIR> --d----- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-10-30 21:20 453,152 a------- c:\windows\system32\nvudisp.exe
2008-10-30 21:20 18,477 a------- c:\windows\system32\nvdisp.nvu
2008-10-30 21:18 <DIR> --dsh--- c:\windows\Installer
2008-10-30 21:18 <DIR> --d----- c:\documents and settings\Zeke
2008-10-30 21:08 8,192 a------- c:\windows\REGLOCS.OLD
2008-10-30 21:06 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2008-10-30 21:05 2,577 a------- c:\windows\system32\CONFIG.NT
2008-10-30 21:05 0 a------- c:\windows\control.ini
2008-10-30 21:05 25,065 a------- c:\windows\system32\wmpscheme.xml
2008-10-30 21:05 23,392 a------- c:\windows\system32\nscompat.tlb
2008-10-30 21:05 16,832 a------- c:\windows\system32\amcompat.tlb
2008-10-30 21:05 299,552 a------- c:\windows\WMSysPrx.prx
2008-10-30 21:05 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2008-10-30 21:05 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2008-10-30 21:05 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2008-10-30 21:05 <DIR> --ds---- c:\windows\Downloaded Program Files
2008-10-30 21:05 <DIR> --d--r-- c:\windows\Offline Web Pages
2008-10-30 13:52 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents

==================== Find3M ====================

2008-11-08 07:07 <DIR> --d----- c:\program files\Sony
2008-11-01 21:40 <DIR> --d----- c:\program files\Fraps
2008-11-01 21:40 <DIR> --d----- c:\program files\Combat Stats Monitor for Everquest II
2008-11-01 21:40 <DIR> --d----- c:\program files\AIM
2008-11-01 21:40 <DIR> --d----- c:\program files\LimeWire
2008-11-01 21:33 <DIR> --d----- c:\program files\Yahoo!
2008-11-01 21:31 <DIR> --d----- c:\program files\DivX
2008-10-31 18:20 <DIR> --d----- c:\program files\common files\AOL
2008-10-31 18:20 <DIR> --d----- c:\program files\Maxthon2
2008-10-31 18:20 <DIR> --d----- c:\program files\WordPerfect Office 12
2008-10-31 18:13 <DIR> --d----- c:\program files\Creative
2008-10-31 03:51 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-31 03:49 <DIR> --d----- c:\program files\Messenger
2008-10-31 03:48 <DIR> --d----- c:\program files\Windows NT
2008-10-31 03:10 <DIR> --d----- c:\program files\SystemRequirementsLab
2008-10-30 21:19 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-10-30 21:03 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-15 15:05 <DIR> --d----- c:\program files\Adobe Media Player
2008-09-24 14:33 <DIR> --d----- c:\program files\Dell
2008-09-15 17:14 524,288 a------- c:\windows\system32\DivXsm.exe
2008-09-15 17:14 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-09-15 17:14 129,784 -------- c:\windows\system32\pxafs.dll
2008-09-15 17:14 120,056 -------- c:\windows\system32\pxcpyi64.exe
2008-09-15 17:14 118,520 -------- c:\windows\system32\pxinsi64.exe
2008-09-15 17:12 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-09-15 17:12 200,704 a------- c:\windows\system32\ssldivx.dll
2008-09-15 17:12 196,608 a------- c:\windows\system32\dtu100.dll
2008-09-15 17:12 81,920 a------- c:\windows\system32\dpl100.dll
2008-09-15 17:12 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-09-15 17:12 344,064 a------- c:\windows\system32\dpus11.dll
2008-09-15 17:12 294,912 a------- c:\windows\system32\dpu11.dll
2008-09-15 17:12 294,912 a------- c:\windows\system32\dpu10.dll
2008-09-15 17:12 57,344 a------- c:\windows\system32\dpv11.dll
2008-09-15 17:12 53,248 a------- c:\windows\system32\dpuGUI10.dll
2008-09-15 17:11 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-09-15 17:11 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-09-15 17:11 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-09-15 17:11 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-09-15 17:11 683,520 a------- c:\windows\system32\DivX.dll
2008-09-15 17:11 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-15 17:11 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-08-20 15:12 0 a--sh--- c:\windows\system32\beyofaji.dll

============= FINISH: 23:42:22.04 ===============

 

[tetonbob]

Hello -

Attach.txt is produced when you approve the Optional Scan of DDS, as indicated in the instructions:

http://www.techsupportforum.com/sec...read-before-posting-malware-removal-help.html

double click dds.scr to run the tool.

* When done, DDS.txt will open.
* Click Yes at the next prompt for Optional Scan.
* Save both reports to your desktop.

Please run DDS once again, post the new DDS.txt and attach the Attach.txt

 

[Zeke801]

Ok, new copypaste DDS with "attach.txt" attached. I attached it in both .txt and zipped forms since I was told to attach .txt but the prompt told me to zip it first.


DDS (Version 1.0) - NTFSx86
Run by Zeke at 1:03:03.21 on Sat 11/22/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1638 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Zeke\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://sanctuary-aoc.guildportal.com/Guild.aspx?GuildID=258480&TabID=2172087
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {9148D00A-7D9F-6202-BA3D-4A4932371DF7} - c:\windows\system32\cqtddksoodcinwedu.dll
TB: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [CTHelper] CTHELPER.EXE
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\windows\system32\beyofaji.dll
LSA: Notification Packages = scecli c:\windows\system32\beyofaji.dll

============= SERVICES / DRIVERS ===============

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\McSACore.exe"
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;c:\windows\system32\drivers\BCM4E5.SYS
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS
S4 hpt3xx;hpt3xx;

=============== Created Last 30 ================

2008-11-20 23:27 250 a------- c:\windows\gmer.ini
2008-11-20 16:34 <DIR> --d----- c:\windows\pss
2008-11-20 16:18 19,528 a------- c:\windows\000001_.tmp
2008-11-20 15:07 47,598 a------- c:\windows\system32\hbnwsdnyqoubost.exe
2008-11-20 15:07 <DIR> --d----- c:\temp\FT62
2008-11-20 15:07 <DIR> --d----- c:\windows\system32\vd2
2008-11-20 15:07 <DIR> --d----- c:\windows\system32\ap
2008-11-20 15:07 <DIR> --d----- c:\temp\1cb
2008-11-20 15:07 <DIR> --d----- c:\windows\system32\tim
2008-11-20 15:07 115,016 a------- c:\windows\system32\MSINET.OCX
2008-11-20 15:07 29,184 a------- c:\windows\system32\MSINET.oca
2008-11-20 15:07 2,407 a------- c:\windows\system32\MSINET.DEP
2008-11-13 01:00 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2008-11-13 01:00 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2008-11-13 01:00 452,440 a------- c:\windows\system32\d3dx10_40.dll
2008-11-13 01:00 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-11-13 01:00 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-11-13 01:00 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-11-13 01:00 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-11-11 18:17 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Blizzard
2008-11-11 07:43 <DIR> --d----- C:\Logs
2008-11-11 03:51 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2008-11-10 04:39 <DIR> --d----- c:\docume~1\zeke\applic~1\Malwarebytes
2008-11-10 04:39 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-10 04:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-10 04:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 04:39 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2008-11-02 18:41 13,313 a------- c:\windows\system32\Config.MPF
2008-11-02 18:37 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2008-11-02 18:37 79,240 a------- c:\windows\system32\drivers\mfeavfk.sys
2008-11-02 18:37 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2008-11-02 18:37 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2008-11-02 18:35 <DIR> --d----- c:\program files\McAfee
2008-11-02 18:30 34,152 a------- c:\windows\system32\drivers\mferkdk.sys
2008-11-01 21:33 <DIR> --d----- c:\program files\Lavasoft
2008-11-01 21:25 499,712 a------- c:\windows\system32\msvcp71.dll
2008-11-01 21:25 348,160 a------- c:\windows\system32\msvcr71.dll
2008-11-01 14:54 <DIR> --d----- c:\program files\Advanced Combat Tracker
2008-11-01 09:00 11,564 a------- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-11-01 08:59 4,958,588 a------- c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
2008-10-31 18:20 <DIR> --d----- c:\windows\system32\Defaults
2008-10-31 18:20 4,174,814 -------- c:\windows\system32\CT4MGM.SF2
2008-10-31 18:18 4,958,588 a------- c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
2008-10-31 18:18 444,952 a------- c:\windows\system32\wrap_oal.dll
2008-10-31 18:18 109,080 a------- c:\windows\system32\OpenAL32.dll
2008-10-31 18:17 <DIR> --d----- c:\windows\system32\Data
2008-10-31 18:13 7,062 a------- c:\windows\system32\audiopid.vxd
2008-10-31 04:38 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Lavasoft
2008-10-31 04:35 <DIR> --ds---- c:\documents and settings\zeke\UserData
2008-10-31 03:55 <DIR> --ds---- c:\windows\system32\Microsoft
2008-10-31 03:54 32,592 a------- c:\windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 32,592 a------- c:\windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 32,088 a------- c:\windows\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 32,088 a------- c:\windows\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 384 a------- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2008-10-31 03:54 384 a------- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2008-10-31 03:48 <DIR> --d----- c:\windows\ServicePackFiles
2008-10-31 03:47 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2008-10-31 03:46 19,528 a------- c:\windows\002095_.tmp
2008-10-31 03:46 15,872 a------- c:\windows\system32\spupdsvc.exe
2008-10-31 03:44 <DIR> --d----- c:\windows\EHome
2008-10-31 03:31 552 a------- c:\windows\system32\d3d8caps.dat
2008-10-31 03:25 316,640 a------- c:\windows\WMSysPr9.prx
2008-10-31 03:25 <DIR> --d----- c:\windows\RegisteredPackages
2008-10-31 03:16 23,552 a------- c:\windows\system32\wdmaud.drv
2008-10-31 03:16 145,792 ac------ c:\windows\system32\dllcache\portcls.sys
2008-10-31 03:16 130,048 ac------ c:\windows\system32\dllcache\ksproxy.ax
2008-10-31 03:16 48,640 ac------ c:\windows\system32\dllcache\stream.sys
2008-10-31 03:16 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2008-10-31 03:16 145,792 a------- c:\windows\system32\drivers\portcls.sys
2008-10-31 03:16 130,048 a------- c:\windows\system32\ksproxy.ax
2008-10-31 03:16 48,640 a------- c:\windows\system32\drivers\stream.sys
2008-10-31 03:16 4,096 a------- c:\windows\system32\ksuser.dll
2008-10-31 03:16 140,928 ac------ c:\windows\system32\dllcache\ks.sys
2008-10-31 03:16 60,288 ac------ c:\windows\system32\dllcache\drmk.sys
2008-10-31 03:16 140,928 a------- c:\windows\system32\drivers\ks.sys
2008-10-31 03:16 60,288 a------- c:\windows\system32\drivers\drmk.sys
2008-10-31 03:14 201,157 a------- c:\windows\system32\nvapps.nvb
2008-10-31 03:14 <DIR> --d----- c:\windows\nview
2008-10-31 03:14 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-10-31 03:03 1,339,776 a------- c:\windows\system32\drivers\IntelC51.sys
2008-10-31 03:03 618,880 a------- c:\windows\system32\drivers\IntelC52.sys
2008-10-31 03:03 172,032 a------- c:\windows\system32\intelmoh.dll
2008-10-31 03:03 49,152 a------- c:\windows\system32\mhwt.dll
2008-10-31 03:03 47,360 a------- c:\windows\system32\drivers\IntelC53.sys
2008-10-31 03:03 36,880 a------- c:\windows\system32\drivers\mohfilt.sys
2008-10-31 03:00 3,328 ac------ c:\windows\system32\dllcache\pciide.sys
2008-10-31 03:00 95,360 a------- c:\windows\system32\drivers\atapi.sys
2008-10-31 03:00 25,088 a------- c:\windows\system32\drivers\pciidex.sys
2008-10-31 03:00 3,328 a------- c:\windows\system32\drivers\pciide.sys
2008-10-31 03:00 68,224 a------- c:\windows\system32\drivers\pci.sys
2008-10-31 03:00 142,976 a------- c:\windows\system32\drivers\usbport.sys
2008-10-31 03:00 74,240 a------- c:\windows\system32\usbui.dll
2008-10-31 03:00 57,600 a------- c:\windows\system32\drivers\usbhub.sys
2008-10-31 03:00 20,480 a------- c:\windows\system32\drivers\usbuhci.sys
2008-10-31 02:59 35,840 ac------ c:\windows\system32\dllcache\isapnp.sys
2008-10-31 02:59 35,840 a------- c:\windows\system32\drivers\isapnp.sys
2008-10-31 02:59 <DIR> --d----- c:\windows\system32\ReinstallBackups
2008-10-31 02:15 192,000 a------- c:\windows\system32\iuengine.dll
2008-10-31 02:15 <DIR> --d----- C:\WUTemp
2008-10-31 02:09 12,980 a------- c:\windows\system32\wpa.bak
2008-10-30 22:05 54,271 ac------ c:\windows\system32\dllcache\bcm42xx5.sys
2008-10-30 22:05 54,271 a------- c:\windows\system32\drivers\bcm42xx5.sys
2008-10-30 22:05 26,568 ac------ c:\windows\system32\dllcache\bcm4e5.sys
2008-10-30 22:05 26,568 a------- c:\windows\system32\drivers\BCM4E5.SYS
2008-10-30 21:34 <DIR> --d----- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-10-30 21:20 453,152 a------- c:\windows\system32\nvudisp.exe
2008-10-30 21:20 18,477 a------- c:\windows\system32\nvdisp.nvu
2008-10-30 21:18 <DIR> --dsh--- c:\windows\Installer
2008-10-30 21:18 <DIR> --d----- c:\documents and settings\Zeke
2008-10-30 21:08 8,192 a------- c:\windows\REGLOCS.OLD
2008-10-30 21:06 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2008-10-30 21:05 2,577 a------- c:\windows\system32\CONFIG.NT
2008-10-30 21:05 0 a------- c:\windows\control.ini
2008-10-30 21:05 25,065 a------- c:\windows\system32\wmpscheme.xml
2008-10-30 21:05 23,392 a------- c:\windows\system32\nscompat.tlb
2008-10-30 21:05 16,832 a------- c:\windows\system32\amcompat.tlb
2008-10-30 21:05 299,552 a------- c:\windows\WMSysPrx.prx
2008-10-30 21:05 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2008-10-30 21:05 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2008-10-30 21:05 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2008-10-30 21:05 <DIR> --ds---- c:\windows\Downloaded Program Files
2008-10-30 21:05 <DIR> --d--r-- c:\windows\Offline Web Pages
2008-10-30 13:52 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents

==================== Find3M ====================

2008-11-08 07:07 <DIR> --d----- c:\program files\Sony
2008-11-01 21:40 <DIR> --d----- c:\program files\Fraps
2008-11-01 21:40 <DIR> --d----- c:\program files\Combat Stats Monitor for Everquest II
2008-11-01 21:40 <DIR> --d----- c:\program files\AIM
2008-11-01 21:40 <DIR> --d----- c:\program files\LimeWire
2008-11-01 21:33 <DIR> --d----- c:\program files\Yahoo!
2008-11-01 21:31 <DIR> --d----- c:\program files\DivX
2008-10-31 18:20 <DIR> --d----- c:\program files\common files\AOL
2008-10-31 18:20 <DIR> --d----- c:\program files\Maxthon2
2008-10-31 18:20 <DIR> --d----- c:\program files\WordPerfect Office 12
2008-10-31 18:13 <DIR> --d----- c:\program files\Creative
2008-10-31 03:51 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-31 03:49 <DIR> --d----- c:\program files\Messenger
2008-10-31 03:48 <DIR> --d----- c:\program files\Windows NT
2008-10-31 03:10 <DIR> --d----- c:\program files\SystemRequirementsLab
2008-10-30 21:19 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-10-30 21:03 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-15 15:05 <DIR> --d----- c:\program files\Adobe Media Player
2008-09-24 14:33 <DIR> --d----- c:\program files\Dell
2008-09-15 17:14 524,288 a------- c:\windows\system32\DivXsm.exe
2008-09-15 17:14 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-09-15 17:14 129,784 -------- c:\windows\system32\pxafs.dll
2008-09-15 17:14 120,056 -------- c:\windows\system32\pxcpyi64.exe
2008-09-15 17:14 118,520 -------- c:\windows\system32\pxinsi64.exe
2008-09-15 17:12 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-09-15 17:12 200,704 a------- c:\windows\system32\ssldivx.dll
2008-09-15 17:12 196,608 a------- c:\windows\system32\dtu100.dll
2008-09-15 17:12 81,920 a------- c:\windows\system32\dpl100.dll
2008-09-15 17:12 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-09-15 17:12 344,064 a------- c:\windows\system32\dpus11.dll
2008-09-15 17:12 294,912 a------- c:\windows\system32\dpu11.dll
2008-09-15 17:12 294,912 a------- c:\windows\system32\dpu10.dll
2008-09-15 17:12 57,344 a------- c:\windows\system32\dpv11.dll
2008-09-15 17:12 53,248 a------- c:\windows\system32\dpuGUI10.dll
2008-09-15 17:11 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-09-15 17:11 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-09-15 17:11 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-09-15 17:11 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-09-15 17:11 683,520 a------- c:\windows\system32\DivX.dll
2008-09-15 17:11 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-15 17:11 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-08-20 15:12 0 a--sh--- c:\windows\system32\beyofaji.dll

============= FINISH: 1:04:32.04 ===============

 

[tetonbob]

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

1. Download ComboFix from one of these locations:
   
   Link 1
   Link 2
   Link 3
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
   
3. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add or Remove Programs) if they exist:
   
   RON Tool Netupbanner
   
   Do not reboot if requested.
   
   ---------------------------------------------------------------------------------------------
   
   
4. Double click on combofix.exe & follow the prompts.
   
5. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   
   The Recovery Console was successfully installed.
   
   
   
   
   Click on Yes, to continue scanning for malware.
   
6. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
7. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
8. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
   
   
   ---------------------------------------------------------------------------------------------

 

[Zeke801]

Thanks a ton! Problem looks fixed, no more annoying error messages every time I run something, not to mention I can see the problem file was deleted, looking at the list.

Here is the text pasted from the log file created:

ComboFix 08-11-22.02 - Zeke 2008-11-23 1:05:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1660 [GMT -7:00]
Running from: c:\documents and settings\Zeke\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chris Brown\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\system32\beyofaji.dll
c:\windows\system32\MSINET.oca

.
((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.

2008-11-20 23:27 . 2008-11-20 23:27 250 --a------ c:\windows\gmer.ini
2008-11-20 16:18 . 2004-07-17 11:40 19,528 --a------ c:\windows\000001_.tmp
2008-11-20 15:07 . 2008-11-20 15:07 <DIR> d-------- c:\windows\system32\vd2
2008-11-20 15:07 . 2008-11-20 15:07 <DIR> d-------- c:\windows\system32\tim
2008-11-20 15:07 . 2008-11-20 15:07 <DIR> d-------- c:\windows\system32\ap
2008-11-20 15:07 . 2008-11-20 15:07 <DIR> d-------- c:\temp\FT62
2008-11-20 15:07 . 2008-11-20 15:07 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-20 15:07 . 2008-11-20 15:07 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-13 01:00 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-13 01:00 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-13 01:00 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-13 01:00 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-13 01:00 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-13 01:00 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-13 01:00 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-11 18:17 . 2008-11-11 18:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard
2008-11-11 07:43 . 2008-11-11 07:43 <DIR> d-------- C:\Logs
2008-11-11 03:51 . 2008-11-11 04:10 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-11-10 04:39 . 2008-11-10 04:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 04:39 . 2008-11-10 04:39 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Malwarebytes
2008-11-10 04:39 . 2008-11-10 04:39 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-11-10 04:39 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-10 04:39 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-02 19:05 . 2008-11-19 16:53 <DIR> d-------- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\SACore
2008-11-02 18:41 . 2008-11-23 01:12 13,451 --a------ c:\windows\system32\Config.MPF
2008-11-02 18:40 . 2008-11-02 18:40 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-11-02 18:37 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-11-02 18:37 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-02 18:37 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-11-02 18:37 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-02 18:35 . 2008-11-13 23:57 <DIR> d-------- c:\program files\McAfee
2008-11-02 18:30 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-11-02 18:25 . 2008-11-02 18:41 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2008-11-01 21:35 . 2008-11-01 21:35 <DIR> d-------- c:\documents and settings\Zeke\Application Data\DivX
2008-11-01 21:33 . 2008-11-01 21:33 <DIR> d-------- c:\program files\Lavasoft
2008-11-01 21:31 . 2008-11-01 21:31 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Yahoo!
2008-11-01 21:25 . 2008-11-01 21:25 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-11-01 21:25 . 2008-11-01 21:25 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-01 14:54 . 2008-11-01 15:05 <DIR> d-------- c:\program files\Advanced Combat Tracker
2008-11-01 09:00 . 2008-11-23 01:10 11,564 --a------ c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-11-01 08:59 . 2008-11-23 01:12 4,958,588 --a------ c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
2008-10-31 22:50 . 2008-11-01 14:50 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Ventrilo
2008-10-31 18:20 . 2008-11-01 14:39 <DIR> d-------- c:\windows\system32\Defaults
2008-10-31 18:20 . 2000-12-05 09:11 4,174,814 --------- c:\windows\system32\CT4MGM.SF2
2008-10-31 18:18 . 2008-10-31 18:18 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Creative
2008-10-31 18:18 . 2008-11-23 01:12 4,958,588 --a------ c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
2008-10-31 18:18 . 2008-10-31 18:18 444,952 --a------ c:\windows\system32\wrap_oal.dll
2008-10-31 18:18 . 2008-10-31 18:18 109,080 --a------ c:\windows\system32\OpenAL32.dll
2008-10-31 18:17 . 2008-10-31 18:17 <DIR> d-------- c:\windows\system32\Data
2008-10-31 18:13 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2008-10-31 17:17 . 2008-10-31 17:17 0 --a------ c:\windows\nsreg.dat
2008-10-31 16:00 . 2008-10-31 16:01 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Media Player Classic
2008-10-31 04:38 . 2008-11-01 21:34 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2008-10-31 04:35 . 2008-10-31 04:35 <DIR> d---s---- c:\documents and settings\Zeke\UserData
2008-10-31 03:55 . 2008-10-31 03:55 <DIR> d---s---- c:\windows\system32\Microsoft
2008-10-31 03:54 . 2008-11-23 01:10 32,592 --a------ c:\windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 . 2008-11-23 01:10 32,592 --a------ c:\windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 . 2008-11-23 01:10 32,088 --a------ c:\windows\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 . 2008-11-23 01:10 32,088 --a------ c:\windows\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 . 2008-10-31 18:18 384 --a------ c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2008-10-31 03:54 . 2008-10-31 18:18 384 --a------ c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2008-10-31 03:48 . 2008-10-31 03:48 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-31 03:47 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll
2008-10-31 03:46 . 2004-07-17 11:40 19,528 --a------ c:\windows\002095_.tmp
2008-10-31 03:46 . 2004-08-03 22:42 15,872 --a------ c:\windows\system32\spupdsvc.exe
2008-10-31 03:44 . 2008-11-20 16:17 <DIR> d-------- c:\windows\EHome
2008-10-31 03:31 . 2008-10-31 03:32 552 --a------ c:\windows\system32\d3d8caps.dat
2008-10-31 03:25 . 2008-11-20 16:22 316,640 --a------ c:\windows\WMSysPr9.prx
2008-10-31 03:16 . 2004-08-03 23:15 145,792 --a------ c:\windows\system32\drivers\portcls.sys
2008-10-31 03:16 . 2004-08-03 23:15 145,792 --a--c--- c:\windows\system32\dllcache\portcls.sys
2008-10-31 03:16 . 2004-08-03 23:15 140,928 --a------ c:\windows\system32\drivers\ks.sys
2008-10-31 03:16 . 2004-08-03 23:15 140,928 --a--c--- c:\windows\system32\dllcache\ks.sys
2008-10-31 03:16 . 2004-08-04 00:56 130,048 --a------ c:\windows\system32\ksproxy.ax
2008-10-31 03:16 . 2004-08-04 00:56 130,048 --a--c--- c:\windows\system32\dllcache\ksproxy.ax
2008-10-31 03:16 . 2004-08-03 23:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys
2008-10-31 03:16 . 2004-08-03 23:08 60,288 --a--c--- c:\windows\system32\dllcache\drmk.sys
2008-10-31 03:16 . 2004-08-03 23:08 48,640 --a------ c:\windows\system32\drivers\stream.sys
2008-10-31 03:16 . 2004-08-03 23:08 48,640 --a--c--- c:\windows\system32\dllcache\stream.sys
2008-10-31 03:16 . 2004-08-04 00:56 23,552 --a------ c:\windows\system32\wdmaud.drv
2008-10-31 03:16 . 2004-08-04 00:56 4,096 --a------ c:\windows\system32\ksuser.dll
2008-10-31 03:16 . 2004-08-04 00:56 4,096 --a--c--- c:\windows\system32\dllcache\ksuser.dll
2008-10-31 03:14 . 2008-10-31 03:14 <DIR> d-------- c:\windows\nview
2008-10-31 03:14 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-10-31 03:14 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-10-31 03:03 . 2005-05-06 14:42 1,339,776 --a------ c:\windows\system32\drivers\IntelC51.sys
2008-10-31 03:03 . 2006-03-01 20:30 618,880 --a------ c:\windows\system32\drivers\IntelC52.sys
2008-10-31 03:03 . 2005-05-06 14:39 172,032 --a------ c:\windows\system32\intelmoh.dll
2008-10-31 03:03 . 2005-05-06 14:39 49,152 --a------ c:\windows\system32\mhwt.dll
2008-10-31 03:03 . 2005-05-06 14:40 47,360 --a------ c:\windows\system32\drivers\IntelC53.sys
2008-10-31 03:03 . 2005-05-06 14:40 36,880 --a------ c:\windows\system32\drivers\mohfilt.sys
2008-10-31 03:00 . 2004-08-03 23:08 142,976 --a------ c:\windows\system32\drivers\usbport.sys
2008-10-31 03:00 . 2004-08-03 22:59 95,360 --a------ c:\windows\system32\drivers\atapi.sys
2008-10-31 03:00 . 2004-08-04 00:56 74,240 --a------ c:\windows\system32\usbui.dll
2008-10-31 03:00 . 2004-08-03 23:07 68,224 --a------ c:\windows\system32\drivers\pci.sys
2008-10-31 03:00 . 2004-08-03 23:08 57,600 --a------ c:\windows\system32\drivers\usbhub.sys
2008-10-31 03:00 . 2004-08-03 22:59 25,088 --a------ c:\windows\system32\drivers\pciidex.sys
2008-10-31 03:00 . 2004-08-03 23:08 20,480 --a------ c:\windows\system32\drivers\usbuhci.sys
2008-10-31 03:00 . 2001-08-17 13:51 3,328 --a------ c:\windows\system32\drivers\pciide.sys
2008-10-31 03:00 . 2001-08-17 13:51 3,328 --a--c--- c:\windows\system32\dllcache\pciide.sys
2008-10-31 02:59 . 2001-08-17 13:58 35,840 --a------ c:\windows\system32\drivers\isapnp.sys
2008-10-31 02:59 . 2001-08-17 13:58 35,840 --a--c--- c:\windows\system32\dllcache\isapnp.sys
2008-10-31 02:15 . 2008-10-31 02:15 <DIR> d-------- C:\WUTemp
2008-10-31 02:15 . 2004-08-04 00:56 192,000 --a------ c:\windows\system32\iuengine.dll
2008-10-31 02:09 . 2008-10-31 02:09 12,980 --a------ c:\windows\system32\wpa.bak
2008-10-30 22:05 . 2001-08-17 12:11 54,271 --a------ c:\windows\system32\drivers\bcm42xx5.sys
2008-10-30 22:05 . 2001-08-17 12:11 54,271 --a--c--- c:\windows\system32\dllcache\bcm42xx5.sys
2008-10-30 22:05 . 2001-08-17 12:11 26,568 --a------ c:\windows\system32\drivers\BCM4E5.SYS
2008-10-30 22:05 . 2001-08-17 12:11 26,568 --a--c--- c:\windows\system32\dllcache\bcm4e5.sys
2008-10-23 18:56 . 2008-10-23 18:57 <DIR> d-------- c:\program files\Opera
2008-10-23 17:19 . 2008-10-23 17:19 <DIR> d-------- c:\documents and settings\Chris Brown\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 14:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 14:07 --------- d-----w c:\program files\Sony
2008-11-02 23:27 --------- d-----w c:\program files\Google
2008-11-02 04:40 --------- d-----w c:\program files\LimeWire
2008-11-02 04:40 --------- d-----w c:\program files\Fraps
2008-11-02 04:40 --------- d-----w c:\program files\Combat Stats Monitor for Everquest II
2008-11-02 04:40 --------- d-----w c:\program files\AIM
2008-11-02 04:33 --------- d-----w c:\program files\Yahoo!
2008-11-02 04:31 --------- d-----w c:\program files\DivX
2008-11-01 01:20 --------- d-----w c:\program files\WordPerfect Office 12
2008-11-01 01:20 --------- d-----w c:\program files\QuickTime
2008-11-01 01:20 --------- d-----w c:\program files\Maxthon2
2008-11-01 01:20 --------- d-----w c:\program files\Common Files\AOL
2008-11-01 01:13 --------- d-----w c:\program files\Creative
2008-10-31 11:12 --------- d-----w c:\program files\Trillian
2008-10-31 10:10 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-31 10:00 --------- d-----w c:\program files\Intel
2008-10-22 00:23 --------- d-----w c:\documents and settings\Chris Brown\Application Data\Comodo
2008-10-18 00:46 --------- d-----w c:\documents and settings\Chris Brown\Application Data\Azureus
2008-10-15 22:05 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-15 22:05 --------- d-----w c:\program files\Adobe Media Player
2008-10-03 23:26 --------- d-----w c:\documents and settings\Chris Brown\Application Data\InstallShield
2008-09-24 21:33 --------- d-----w c:\program files\Dell
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:14 129,784 ------w c:\windows\system32\pxafs.dll
2008-09-16 00:14 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-09-16 00:14 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-01 21:24 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EverQuest2.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"f:\\Program Files\\Sony\\Everquest II\\EverQuest2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-11-02 203280]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2008-10-30 54271]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;c:\windows\system32\DRIVERS\BCM4E5.SYS [2008-10-30 26568]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S4 hpt3xx;hpt3xx; []
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-11-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9148D00A-7D9F-6202-BA3D-4A4932371DF7} - c:\windows\system32\cqtddksoodcinwedu.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Zeke\Application Data\Mozilla\Firefox\Profiles\4k76q45k.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.guildportal.com/Guild.aspx?GuildID=258480&TabID=2172087
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 01:11:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-11-23 1:14:39 - machine was rebooted [Zeke]
ComboFix-quarantined-files.txt 2008-11-23 08:14:35

Pre-Run: 8,688,005,120 bytes free
Post-Run: 11,339,382,784 bytes free

275

 

[tetonbob]

Things are looking much better, but there's still more work to be done.

Please go to: VirusTotal

• On the page you'll find a "Browse" button.
  
• Next to the browse button you'll see a box to enter text.
• Please copy/paste the following:
  
  c:\windows\000001_.tmp
  
  
• Then click the "Send File " button just below.
• This will scan the file. Please be patient.
• Once scanned, copy and paste the results in your next reply.

 

[Zeke801]

Alright, I went to virus total and scanned the file. Here's what I got:

File has already been analysed:
MD5: dc801056c6eb1fe72dfdaa96fbabaf13
First received: -
Date: 07.28.2008 07:11:58 (CET) [>118D]
Results: 0/34
Permalink: analisis/a62630eed6b69c60553ca14e1b97aef6

 

[tetonbob]

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
2. Open notepad and copy/paste the text in the quotebox below into it:
   
   

   Folder::
   c:\windows\system32\vd2
   c:\windows\system32\tim
   c:\windows\system32\ap
   c:\temp\FT62

   Save this as CFScript.txt
   
   
   
   
   
   Referring to the picture above, drag CFScript.txt into ComboFix.exe
   
   
   
3. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
4. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
5. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
   

 

[Zeke801]

That was pretty easy. And it freed up some filespace - that's great. Here's the log from this time.

ComboFix 08-11-22.02 - Zeke 2008-11-24 5:21:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1699 [GMT -7:00]
Running from: c:\documents and settings\Zeke\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zeke\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-20 23:27 . 2008-11-20 23:27 250 --a------ c:\windows\gmer.ini
2008-11-20 16:18 . 2004-07-17 11:40 19,528 --a------ c:\windows\000001_.tmp
2008-11-20 15:07 . 2008-11-20 15:07 <DIR> d-------- c:\windows\system32\vd2
2008-11-20 15:07 . 2008-11-20 15:07 <DIR> d-------- c:\windows\system32\tim
2008-11-20 15:07 . 2008-11-20 15:07 <DIR> d-------- c:\windows\system32\ap
2008-11-20 15:07 . 2008-11-20 15:07 <DIR> d-------- c:\temp\FT62
2008-11-20 15:07 . 2008-11-20 15:07 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-20 15:07 . 2008-11-20 15:07 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-13 01:00 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-13 01:00 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-13 01:00 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-13 01:00 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-13 01:00 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-13 01:00 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-13 01:00 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-11 18:17 . 2008-11-11 18:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard
2008-11-11 07:43 . 2008-11-11 07:43 <DIR> d-------- C:\Logs
2008-11-11 03:51 . 2008-11-11 04:10 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-11-10 04:39 . 2008-11-10 04:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 04:39 . 2008-11-10 04:39 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Malwarebytes
2008-11-10 04:39 . 2008-11-10 04:39 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-11-10 04:39 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-10 04:39 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-02 19:05 . 2008-11-23 14:53 <DIR> d-------- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\SACore
2008-11-02 18:41 . 2008-11-23 14:18 13,451 --a------ c:\windows\system32\Config.MPF
2008-11-02 18:40 . 2008-11-02 18:40 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-11-02 18:37 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-11-02 18:37 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-02 18:37 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-11-02 18:37 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-02 18:35 . 2008-11-13 23:57 <DIR> d-------- c:\program files\McAfee
2008-11-02 18:30 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-11-02 18:25 . 2008-11-02 18:41 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2008-11-01 21:35 . 2008-11-01 21:35 <DIR> d-------- c:\documents and settings\Zeke\Application Data\DivX
2008-11-01 21:33 . 2008-11-01 21:33 <DIR> d-------- c:\program files\Lavasoft
2008-11-01 21:31 . 2008-11-01 21:31 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Yahoo!
2008-11-01 21:25 . 2008-11-01 21:25 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-11-01 21:25 . 2008-11-01 21:25 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-01 14:54 . 2008-11-01 15:05 <DIR> d-------- c:\program files\Advanced Combat Tracker
2008-11-01 09:00 . 2008-11-23 06:58 11,564 --a------ c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-11-01 08:59 . 2008-11-24 05:19 4,958,588 --a------ c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
2008-10-31 22:50 . 2008-11-01 14:50 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Ventrilo
2008-10-31 18:20 . 2008-11-01 14:39 <DIR> d-------- c:\windows\system32\Defaults
2008-10-31 18:20 . 2000-12-05 09:11 4,174,814 --------- c:\windows\system32\CT4MGM.SF2
2008-10-31 18:18 . 2008-10-31 18:18 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Creative
2008-10-31 18:18 . 2008-11-24 05:19 4,958,588 --a------ c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
2008-10-31 18:18 . 2008-10-31 18:18 444,952 --a------ c:\windows\system32\wrap_oal.dll
2008-10-31 18:18 . 2008-10-31 18:18 109,080 --a------ c:\windows\system32\OpenAL32.dll
2008-10-31 18:17 . 2008-10-31 18:17 <DIR> d-------- c:\windows\system32\Data
2008-10-31 18:13 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2008-10-31 17:17 . 2008-10-31 17:17 0 --a------ c:\windows\nsreg.dat
2008-10-31 16:00 . 2008-10-31 16:01 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Media Player Classic
2008-10-31 04:38 . 2008-11-01 21:34 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2008-10-31 04:35 . 2008-10-31 04:35 <DIR> d---s---- c:\documents and settings\Zeke\UserData
2008-10-31 03:55 . 2008-10-31 03:55 <DIR> d---s---- c:\windows\system32\Microsoft
2008-10-31 03:54 . 2008-11-23 06:58 32,592 --a------ c:\windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 . 2008-11-23 06:58 32,592 --a------ c:\windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 . 2008-11-23 06:58 32,088 --a------ c:\windows\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 . 2008-11-23 06:58 32,088 --a------ c:\windows\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 . 2008-10-31 18:18 384 --a------ c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2008-10-31 03:54 . 2008-10-31 18:18 384 --a------ c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2008-10-31 03:48 . 2008-10-31 03:48 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-31 03:47 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll
2008-10-31 03:46 . 2004-07-17 11:40 19,528 --a------ c:\windows\002095_.tmp
2008-10-31 03:46 . 2004-08-03 22:42 15,872 --a------ c:\windows\system32\spupdsvc.exe
2008-10-31 03:44 . 2008-11-20 16:17 <DIR> d-------- c:\windows\EHome
2008-10-31 03:31 . 2008-10-31 03:32 552 --a------ c:\windows\system32\d3d8caps.dat
2008-10-31 03:25 . 2008-11-20 16:22 316,640 --a------ c:\windows\WMSysPr9.prx
2008-10-31 03:16 . 2004-08-03 23:15 145,792 --a------ c:\windows\system32\drivers\portcls.sys
2008-10-31 03:16 . 2004-08-03 23:15 145,792 --a--c--- c:\windows\system32\dllcache\portcls.sys
2008-10-31 03:16 . 2004-08-03 23:15 140,928 --a------ c:\windows\system32\drivers\ks.sys
2008-10-31 03:16 . 2004-08-03 23:15 140,928 --a--c--- c:\windows\system32\dllcache\ks.sys
2008-10-31 03:16 . 2004-08-04 00:56 130,048 --a------ c:\windows\system32\ksproxy.ax
2008-10-31 03:16 . 2004-08-04 00:56 130,048 --a--c--- c:\windows\system32\dllcache\ksproxy.ax
2008-10-31 03:16 . 2004-08-03 23:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys
2008-10-31 03:16 . 2004-08-03 23:08 60,288 --a--c--- c:\windows\system32\dllcache\drmk.sys
2008-10-31 03:16 . 2004-08-03 23:08 48,640 --a------ c:\windows\system32\drivers\stream.sys
2008-10-31 03:16 . 2004-08-03 23:08 48,640 --a--c--- c:\windows\system32\dllcache\stream.sys
2008-10-31 03:16 . 2004-08-04 00:56 23,552 --a------ c:\windows\system32\wdmaud.drv
2008-10-31 03:16 . 2004-08-04 00:56 4,096 --a------ c:\windows\system32\ksuser.dll
2008-10-31 03:16 . 2004-08-04 00:56 4,096 --a--c--- c:\windows\system32\dllcache\ksuser.dll
2008-10-31 03:14 . 2008-10-31 03:14 <DIR> d-------- c:\windows\nview
2008-10-31 03:14 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-10-31 03:14 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-10-31 03:03 . 2005-05-06 14:42 1,339,776 --a------ c:\windows\system32\drivers\IntelC51.sys
2008-10-31 03:03 . 2006-03-01 20:30 618,880 --a------ c:\windows\system32\drivers\IntelC52.sys
2008-10-31 03:03 . 2005-05-06 14:39 172,032 --a------ c:\windows\system32\intelmoh.dll
2008-10-31 03:03 . 2005-05-06 14:39 49,152 --a------ c:\windows\system32\mhwt.dll
2008-10-31 03:03 . 2005-05-06 14:40 47,360 --a------ c:\windows\system32\drivers\IntelC53.sys
2008-10-31 03:03 . 2005-05-06 14:40 36,880 --a------ c:\windows\system32\drivers\mohfilt.sys
2008-10-31 03:00 . 2004-08-03 23:08 142,976 --a------ c:\windows\system32\drivers\usbport.sys
2008-10-31 03:00 . 2004-08-03 22:59 95,360 --a------ c:\windows\system32\drivers\atapi.sys
2008-10-31 03:00 . 2004-08-04 00:56 74,240 --a------ c:\windows\system32\usbui.dll
2008-10-31 03:00 . 2004-08-03 23:07 68,224 --a------ c:\windows\system32\drivers\pci.sys
2008-10-31 03:00 . 2004-08-03 23:08 57,600 --a------ c:\windows\system32\drivers\usbhub.sys
2008-10-31 03:00 . 2004-08-03 22:59 25,088 --a------ c:\windows\system32\drivers\pciidex.sys
2008-10-31 03:00 . 2004-08-03 23:08 20,480 --a------ c:\windows\system32\drivers\usbuhci.sys
2008-10-31 03:00 . 2001-08-17 13:51 3,328 --a------ c:\windows\system32\drivers\pciide.sys
2008-10-31 03:00 . 2001-08-17 13:51 3,328 --a--c--- c:\windows\system32\dllcache\pciide.sys
2008-10-31 02:59 . 2001-08-17 13:58 35,840 --a------ c:\windows\system32\drivers\isapnp.sys
2008-10-31 02:59 . 2001-08-17 13:58 35,840 --a--c--- c:\windows\system32\dllcache\isapnp.sys
2008-10-31 02:15 . 2008-10-31 02:15 <DIR> d-------- C:\WUTemp
2008-10-31 02:15 . 2004-08-04 00:56 192,000 --a------ c:\windows\system32\iuengine.dll
2008-10-31 02:09 . 2008-10-31 02:09 12,980 --a------ c:\windows\system32\wpa.bak
2008-10-30 22:05 . 2001-08-17 12:11 54,271 --a------ c:\windows\system32\drivers\bcm42xx5.sys
2008-10-30 22:05 . 2001-08-17 12:11 54,271 --a--c--- c:\windows\system32\dllcache\bcm42xx5.sys
2008-10-30 22:05 . 2001-08-17 12:11 26,568 --a------ c:\windows\system32\drivers\BCM4E5.SYS
2008-10-30 22:05 . 2001-08-17 12:11 26,568 --a--c--- c:\windows\system32\dllcache\bcm4e5.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 13:29 --------- d-----w c:\program files\Trillian
2008-11-08 14:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 14:07 --------- d-----w c:\program files\Sony
2008-11-02 23:27 --------- d-----w c:\program files\Google
2008-11-02 04:40 --------- d-----w c:\program files\LimeWire
2008-11-02 04:40 --------- d-----w c:\program files\Fraps
2008-11-02 04:40 --------- d-----w c:\program files\Combat Stats Monitor for Everquest II
2008-11-02 04:40 --------- d-----w c:\program files\AIM
2008-11-02 04:33 --------- d-----w c:\program files\Yahoo!
2008-11-02 04:31 --------- d-----w c:\program files\DivX
2008-11-01 01:20 --------- d-----w c:\program files\WordPerfect Office 12
2008-11-01 01:20 --------- d-----w c:\program files\QuickTime
2008-11-01 01:20 --------- d-----w c:\program files\Maxthon2
2008-11-01 01:20 --------- d-----w c:\program files\Common Files\AOL
2008-11-01 01:13 --------- d-----w c:\program files\Creative
2008-10-31 10:10 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-31 10:00 --------- d-----w c:\program files\Intel
2008-10-24 01:57 --------- d-----w c:\program files\Opera
2008-10-24 00:19 --------- d-----w c:\documents and settings\Chris Brown\Application Data\Malwarebytes
2008-10-22 00:23 --------- d-----w c:\documents and settings\Chris Brown\Application Data\Comodo
2008-10-18 00:46 --------- d-----w c:\documents and settings\Chris Brown\Application Data\Azureus
2008-10-15 22:05 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-15 22:05 --------- d-----w c:\program files\Adobe Media Player
2008-10-03 23:26 --------- d-----w c:\documents and settings\Chris Brown\Application Data\InstallShield
2008-09-24 21:33 --------- d-----w c:\program files\Dell
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:14 129,784 ------w c:\windows\system32\pxafs.dll
2008-09-16 00:14 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-09-16 00:14 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((( [email protected]_ 1.14.06.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-23 04:19:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-24 07:58:18 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-23 04:19:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-24 07:58:18 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-23 04:19:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-24 07:58:18 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-01 21:24 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EverQuest2.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"f:\\Program Files\\Sony\\Everquest II\\EverQuest2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-11-02 203280]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2008-10-30 54271]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;c:\windows\system32\DRIVERS\BCM4E5.SYS [2008-10-30 26568]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S4 hpt3xx;hpt3xx; []
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-11-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 05:25:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
Completion time: 2008-11-24 5:27:10
ComboFix-quarantined-files.txt 2008-11-24 12:27:07
ComboFix2.txt 2008-11-23 08:14:40

Pre-Run: 12,834,152,448 bytes free
Post-Run: 13,264,211,968 bytes free

254

 

[tetonbob]

Hi -

The script does not appear to have done what it was designed to do.

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\[email protected]

Post the contents of the logfile which will open.

 

[Zeke801]

This is what came up in the log.

c:\windows\system32\vd2
c:\windows\system32\tim
c:\windows\system32\ap
c:\temp\FT62

 

[tetonbob]

The first line of the script is missing, which is why it did not give the results I expected.

Please perform the steps in Post # 8 once again, ensuring the script you create looks like this:

Folder::
c:\windows\system32\vd2
c:\windows\system32\tim
c:\windows\system32\ap
c:\temp\FT62

 

[Zeke801]

Hope I did it right this time.

ComboFix 08-11-22.02 - Zeke 2008-11-27 1:35:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1608 [GMT -7:00]
Running from: c:\documents and settings\Zeke\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zeke\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\FT62
c:\temp\FT62\teTU.log
c:\windows\system32\ap
c:\windows\system32\ap\GRV16IM.exe
c:\windows\system32\tim
c:\windows\system32\vd2

.
((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.

2008-11-26 02:25 . 2008-11-26 02:28 <DIR> d-a------ c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-11-20 23:27 . 2008-11-20 23:27 250 --a------ c:\windows\gmer.ini
2008-11-20 16:18 . 2004-07-17 11:40 19,528 --a------ c:\windows\000001_.tmp
2008-11-20 15:07 . 2008-11-20 15:07 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-20 15:07 . 2008-11-20 15:07 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-13 01:00 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-13 01:00 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-13 01:00 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-13 01:00 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-13 01:00 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-13 01:00 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-13 01:00 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-11 18:17 . 2008-11-11 18:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Blizzard
2008-11-11 07:43 . 2008-11-11 07:43 <DIR> d-------- C:\Logs
2008-11-11 03:51 . 2008-11-11 04:10 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2008-11-10 04:39 . 2008-11-10 04:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 04:39 . 2008-11-10 04:39 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Malwarebytes
2008-11-10 04:39 . 2008-11-10 04:39 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-11-10 04:39 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-10 04:39 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-02 19:05 . 2008-11-24 17:14 <DIR> d-------- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\SACore
2008-11-02 18:41 . 2008-11-27 01:43 13,591 --a------ c:\windows\system32\Config.MPF
2008-11-02 18:40 . 2008-11-02 18:40 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-11-02 18:37 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-11-02 18:37 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-02 18:37 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-11-02 18:37 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-02 18:35 . 2008-11-13 23:57 <DIR> d-------- c:\program files\McAfee
2008-11-02 18:30 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-11-02 18:25 . 2008-11-02 18:41 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2008-11-01 21:35 . 2008-11-01 21:35 <DIR> d-------- c:\documents and settings\Zeke\Application Data\DivX
2008-11-01 21:33 . 2008-11-01 21:33 <DIR> d-------- c:\program files\Lavasoft
2008-11-01 21:31 . 2008-11-01 21:31 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Yahoo!
2008-11-01 21:25 . 2008-11-01 21:25 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-11-01 21:25 . 2008-11-01 21:25 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-01 14:54 . 2008-11-01 15:05 <DIR> d-------- c:\program files\Advanced Combat Tracker
2008-11-01 09:00 . 2008-11-27 01:41 11,564 --a------ c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-11-01 08:59 . 2008-11-27 01:43 4,958,588 --a------ c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
2008-10-31 22:50 . 2008-11-01 14:50 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Ventrilo
2008-10-31 18:20 . 2008-11-01 14:39 <DIR> d-------- c:\windows\system32\Defaults
2008-10-31 18:20 . 2000-12-05 09:11 4,174,814 --------- c:\windows\system32\CT4MGM.SF2
2008-10-31 18:18 . 2008-10-31 18:18 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Creative
2008-10-31 18:18 . 2008-11-27 01:43 4,958,588 --a------ c:\windows\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
2008-10-31 18:18 . 2008-10-31 18:18 444,952 --a------ c:\windows\system32\wrap_oal.dll
2008-10-31 18:18 . 2008-10-31 18:18 109,080 --a------ c:\windows\system32\OpenAL32.dll
2008-10-31 18:17 . 2008-10-31 18:17 <DIR> d-------- c:\windows\system32\Data
2008-10-31 18:13 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2008-10-31 17:17 . 2008-10-31 17:17 0 --a------ c:\windows\nsreg.dat
2008-10-31 16:00 . 2008-10-31 16:01 <DIR> d-------- c:\documents and settings\Zeke\Application Data\Media Player Classic
2008-10-31 04:38 . 2008-11-01 21:34 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2008-10-31 04:35 . 2008-10-31 04:35 <DIR> d---s---- c:\documents and settings\Zeke\UserData
2008-10-31 03:55 . 2008-10-31 03:55 <DIR> d---s---- c:\windows\system32\Microsoft
2008-10-31 03:54 . 2008-11-27 01:41 32,592 --a------ c:\windows\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 . 2008-11-27 01:41 32,592 --a------ c:\windows\system32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 . 2008-11-27 01:41 32,088 --a------ c:\windows\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 . 2008-11-27 01:41 32,088 --a------ c:\windows\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
2008-10-31 03:54 . 2008-10-31 18:18 384 --a------ c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2008-10-31 03:54 . 2008-10-31 18:18 384 --a------ c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2008-10-31 03:48 . 2008-10-31 03:48 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-31 03:47 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll
2008-10-31 03:46 . 2004-07-17 11:40 19,528 --a------ c:\windows\002095_.tmp
2008-10-31 03:46 . 2004-08-03 22:42 15,872 --a------ c:\windows\system32\spupdsvc.exe
2008-10-31 03:44 . 2008-11-20 16:17 <DIR> d-------- c:\windows\EHome
2008-10-31 03:31 . 2008-10-31 03:32 552 --a------ c:\windows\system32\d3d8caps.dat
2008-10-31 03:25 . 2008-11-20 16:22 316,640 --a------ c:\windows\WMSysPr9.prx
2008-10-31 03:16 . 2004-08-03 23:15 145,792 --a------ c:\windows\system32\drivers\portcls.sys
2008-10-31 03:16 . 2004-08-03 23:15 145,792 --a--c--- c:\windows\system32\dllcache\portcls.sys
2008-10-31 03:16 . 2004-08-03 23:15 140,928 --a------ c:\windows\system32\drivers\ks.sys
2008-10-31 03:16 . 2004-08-03 23:15 140,928 --a--c--- c:\windows\system32\dllcache\ks.sys
2008-10-31 03:16 . 2004-08-04 00:56 130,048 --a------ c:\windows\system32\ksproxy.ax
2008-10-31 03:16 . 2004-08-04 00:56 130,048 --a--c--- c:\windows\system32\dllcache\ksproxy.ax
2008-10-31 03:16 . 2004-08-03 23:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys
2008-10-31 03:16 . 2004-08-03 23:08 60,288 --a--c--- c:\windows\system32\dllcache\drmk.sys
2008-10-31 03:16 . 2004-08-03 23:08 48,640 --a------ c:\windows\system32\drivers\stream.sys
2008-10-31 03:16 . 2004-08-03 23:08 48,640 --a--c--- c:\windows\system32\dllcache\stream.sys
2008-10-31 03:16 . 2004-08-04 00:56 23,552 --a------ c:\windows\system32\wdmaud.drv
2008-10-31 03:16 . 2004-08-04 00:56 4,096 --a------ c:\windows\system32\ksuser.dll
2008-10-31 03:16 . 2004-08-04 00:56 4,096 --a--c--- c:\windows\system32\dllcache\ksuser.dll
2008-10-31 03:14 . 2008-10-31 03:14 <DIR> d-------- c:\windows\nview
2008-10-31 03:14 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-10-31 03:14 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-10-31 03:03 . 2005-05-06 14:42 1,339,776 --a------ c:\windows\system32\drivers\IntelC51.sys
2008-10-31 03:03 . 2006-03-01 20:30 618,880 --a------ c:\windows\system32\drivers\IntelC52.sys
2008-10-31 03:03 . 2005-05-06 14:39 172,032 --a------ c:\windows\system32\intelmoh.dll
2008-10-31 03:03 . 2005-05-06 14:39 49,152 --a------ c:\windows\system32\mhwt.dll
2008-10-31 03:03 . 2005-05-06 14:40 47,360 --a------ c:\windows\system32\drivers\IntelC53.sys
2008-10-31 03:03 . 2005-05-06 14:40 36,880 --a------ c:\windows\system32\drivers\mohfilt.sys
2008-10-31 03:00 . 2004-08-03 23:08 142,976 --a------ c:\windows\system32\drivers\usbport.sys
2008-10-31 03:00 . 2004-08-03 22:59 95,360 --a------ c:\windows\system32\drivers\atapi.sys
2008-10-31 03:00 . 2004-08-04 00:56 74,240 --a------ c:\windows\system32\usbui.dll
2008-10-31 03:00 . 2004-08-03 23:07 68,224 --a------ c:\windows\system32\drivers\pci.sys
2008-10-31 03:00 . 2004-08-03 23:08 57,600 --a------ c:\windows\system32\drivers\usbhub.sys
2008-10-31 03:00 . 2004-08-03 22:59 25,088 --a------ c:\windows\system32\drivers\pciidex.sys
2008-10-31 03:00 . 2004-08-03 23:08 20,480 --a------ c:\windows\system32\drivers\usbuhci.sys
2008-10-31 03:00 . 2001-08-17 13:51 3,328 --a------ c:\windows\system32\drivers\pciide.sys
2008-10-31 03:00 . 2001-08-17 13:51 3,328 --a--c--- c:\windows\system32\dllcache\pciide.sys
2008-10-31 02:59 . 2001-08-17 13:58 35,840 --a------ c:\windows\system32\drivers\isapnp.sys
2008-10-31 02:59 . 2001-08-17 13:58 35,840 --a--c--- c:\windows\system32\dllcache\isapnp.sys
2008-10-31 02:15 . 2008-10-31 02:15 <DIR> d-------- C:\WUTemp
2008-10-31 02:15 . 2004-08-04 00:56 192,000 --a------ c:\windows\system32\iuengine.dll
2008-10-31 02:09 . 2008-10-31 02:09 12,980 --a------ c:\windows\system32\wpa.bak
2008-10-30 22:05 . 2001-08-17 12:11 54,271 --a------ c:\windows\system32\drivers\bcm42xx5.sys
2008-10-30 22:05 . 2001-08-17 12:11 54,271 --a--c--- c:\windows\system32\dllcache\bcm42xx5.sys
2008-10-30 22:05 . 2001-08-17 12:11 26,568 --a------ c:\windows\system32\drivers\BCM4E5.SYS
2008-10-30 22:05 . 2001-08-17 12:11 26,568 --a--c--- c:\windows\system32\dllcache\bcm4e5.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 08:40 --------- d-----w c:\program files\Trillian
2008-11-26 09:37 --------- d-----w c:\program files\Fraps
2008-11-08 14:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 14:07 --------- d-----w c:\program files\Sony
2008-11-02 23:27 --------- d-----w c:\program files\Google
2008-11-02 04:40 --------- d-----w c:\program files\LimeWire
2008-11-02 04:40 --------- d-----w c:\program files\Combat Stats Monitor for Everquest II
2008-11-02 04:40 --------- d-----w c:\program files\AIM
2008-11-02 04:33 --------- d-----w c:\program files\Yahoo!
2008-11-02 04:31 --------- d-----w c:\program files\DivX
2008-11-01 01:20 --------- d-----w c:\program files\WordPerfect Office 12
2008-11-01 01:20 --------- d-----w c:\program files\QuickTime
2008-11-01 01:20 --------- d-----w c:\program files\Maxthon2
2008-11-01 01:20 --------- d-----w c:\program files\Common Files\AOL
2008-11-01 01:13 --------- d-----w c:\program files\Creative
2008-10-31 10:10 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-31 10:00 --------- d-----w c:\program files\Intel
2008-10-24 01:57 --------- d-----w c:\program files\Opera
2008-10-24 00:19 --------- d-----w c:\documents and settings\Chris Brown\Application Data\Malwarebytes
2008-10-22 00:23 --------- d-----w c:\documents and settings\Chris Brown\Application Data\Comodo
2008-10-18 00:46 --------- d-----w c:\documents and settings\Chris Brown\Application Data\Azureus
2008-10-15 22:05 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-15 22:05 --------- d-----w c:\program files\Adobe Media Player
2008-10-03 23:26 --------- d-----w c:\documents and settings\Chris Brown\Application Data\InstallShield
2008-10-02 23:46 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:14 129,784 ------w c:\windows\system32\pxafs.dll
2008-09-16 00:14 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-09-16 00:14 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((( [email protected]_ 1.14.06.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-23 04:19:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-27 04:27:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-23 04:19:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-27 04:27:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-23 04:19:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-27 04:27:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-01 21:24 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EverQuest2.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"f:\\Program Files\\Sony\\Everquest II\\EverQuest2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-11-02 203280]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2008-10-30 54271]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;c:\windows\system32\DRIVERS\BCM4E5.SYS [2008-10-30 26568]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S4 hpt3xx;hpt3xx; []
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-11-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 01:42:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-11-27 1:45:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-27 08:45:17
ComboFix2.txt 2008-11-24 12:27:12
ComboFix3.txt 2008-11-23 08:14:40

Pre-Run: 12,777,541,632 bytes free
Post-Run: 13,169,094,656 bytes free

277

 

[tetonbob]

Good job, that did the work it was supposed to.

Please perform this online scan to help look for remnants. This scan requires SunJava

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
• Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 10. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • 
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------


Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on Settings. Uncheck Mail databases.
• Next, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------------------------------------------------------------------------------------

How is the machine behaving?

 

[tetonbob]

Still with me, Zeke801?

I generally unsubscribe from threads after 7 days of inactivity. If I don't receive a reply from you within 3 days of this post, this topic will be closed.

 

[tetonbob]

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/sec...read-before-posting-malware-removal-help.html