Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Mbam log Step 1

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJack This Log - Computer was taken over.

Unread postby adr » May 12th, 2009, 2:43 pm

Hello and thank you for your expertise....

Brief Discription..
My computer was taken over from a Fake Windows Defender Program (which locked down most of my units' capabilities) while it strongly suggested that I purchase the Fake Program Software to rid myself of the security threat. From what I could differenciate, my real Windows security center was also simultaneously trying to tell me that I had just been infected with a serious something rotten. I (not knowing what to do) began a complete factory restore on my Dell Inspiron 8600 LapTop. InFact, I restored it a second time just for the heck of it...

Here I am now, it's been a month since the restore and while I was on City-Data.com, suddenly my Windows security center popped up and told me that I was once again infected with something awful.
Which brings me to you.

Here is my Log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:08 AM, on 5/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\BacsTray.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SASWINLO.dll
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

--
End of file - 8347 bytes
adr
Active Member
 
Posts: 6
Joined: May 12th, 2009, 12:49 pm
Advertisement
Register to Remove

Re: HiJack This Log - Computer was taken over.

Unread postby MWR 3 day Mod » May 16th, 2009, 2:04 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: HiJack This Log - Computer was taken over.

Unread postby Rodav » May 17th, 2009, 2:24 pm

Hello! :hello2: and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: HiJack This Log - Computer was taken over.

Unread postby Rodav » May 17th, 2009, 2:26 pm

Step 1:
  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Diagnostic per your request

Unread postby adr » May 18th, 2009, 2:19 am

Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {40D6F8C9-A54A-4106-9C5E-AFC278C0C616}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Word 2002 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Allowed
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\oembios.bin[hr = 0x80070714]
File Mismatch: C:\WINDOWS\system32\oembios.dat[hr = 0x80070714]
File Mismatch: C:\WINDOWS\system32\oembios.sig[hr = 0x80070714]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{40D6F8C9-A54A-4106-9C5E-AFC278C0C616}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-2257429060-446058120-1587468154</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Inspiron 8600 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A09</Version><SMBIOSVersion major="2" minor="3"/><Date>20040708000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>9F5C3807018400D2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Computer Corporation</name><model>Dell INSPIRON 8600</model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{911B0409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Word 2002</Name><Ver>10</Ver><Val>62A4EAC3B9ACA0A</Val><Hash>oYFJkmRdgrdNVD6wKZKJMnTn5To=</Hash><Pid>54189-OEM-1650002-00005</Pid><PidType>16</PidType></Product></Products><Applications><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 18FCD:Dell Inc|18FCD:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A
adr
Active Member
 
Posts: 6
Joined: May 12th, 2009, 12:49 pm

Re: HiJack This Log - Computer was taken over.

Unread postby Rodav » May 18th, 2009, 11:10 am

Here I am now, it's been a month since the restore...
Your computer is only showing SP1 which is hugely outdated, the very first thing to do when you reinstall Windows is to get all the latest patches and updates. It needs to be clean before you do update though, so don't update it just yet.


Step 1:
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check (tick) all items except items in the C:\System Volume Information folder, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.


Step 2:
Download at your desktop DDS from one of the links below:

Link 1
Link 2
  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here along with the malwarebytes log.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Mbam log Step 1

Unread postby adr » May 19th, 2009, 9:35 pm

Malwarebytes' Anti-Malware 1.36
Database version: 2156
Windows 5.1.2600 Service Pack 2

5/19/2009 6:32:10 PM
mbam-log-2009-05-19 (18-32-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 139677
Time elapsed: 40 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Microsoft Money\System\dw15.exe (Worm.Luder) -> Not selected for removal.
adr
Active Member
 
Posts: 6
Joined: May 12th, 2009, 12:49 pm

Step 2

Unread postby adr » May 19th, 2009, 9:44 pm

Log


DDS (Ver_09-05-14.01) - NTFSx86
Run by My Box at 18:41:28.72 on Tue 05/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.185 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\a la mode\Sched\eSched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\My Box\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.dell4me.com/myway
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [bacstray] BacsTray.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [The Assistant] c:\program files\a la mode\sched\eSched.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-27 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-14 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-14 72944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-28 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-27 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-27 144704]
R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\microsoft sql server\mssql$alamode\binn\sqlservr.exe [2005-5-4 9150464]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-27 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-27 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-27 40488]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-27 33176]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-27 33832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-14 7408]
S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\microsoft sql server\mssql$alamode\binn\sqlagent.EXE [2005-5-3 323584]

=============== Created Last 30 ================

2009-05-19 17:16 <DIR> --d----- c:\docume~1\mybox~1\applic~1\Malwarebytes
2009-05-19 17:16 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-19 17:16 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 17:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-19 17:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 23:12 38,733 a------- c:\windows\alaredun.ini
2009-05-17 06:52 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-17 06:51 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-14 23:00 176,128 a------- c:\windows\system32\nvudisp.exe
2009-05-14 23:00 13,866 a------- c:\windows\system32\nvdisp.nvu
2009-05-14 21:51 <DIR> --d----- C:\db00234d1ff25a8401cfe33e
2009-05-14 20:54 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-05-14 20:54 294,912 -------- c:\windows\system32\dllcache\msctf.dll
2009-05-13 22:22 67 a------- c:\windows\Mercury.ini
2009-05-13 07:44 575 a------- c:\windows\TSA.LNK
2009-05-13 07:43 0 a------- c:\windows\0
2009-05-13 07:39 5,632 a------- c:\windows\system32\pxc25pm.dll
2009-05-13 07:39 258,352 a------- c:\windows\system32\unicows.dll
2009-05-13 07:39 <DIR> --d----- c:\program files\Tracker Software
2009-05-13 07:37 <DIR> --d----- c:\windows\system32\Cameras
2009-05-13 07:37 <DIR> --d----- c:\program files\a la mode
2009-05-13 07:24 1,327 a------- c:\windows\alamode.ini
2009-05-13 07:15 <DIR> --d----- C:\a la mode
2009-05-13 07:14 5,763 a------- c:\windows\AuroraSetupLogs.z_
2009-05-13 07:13 33,340 a------- c:\windows\system32\dbmsqlgc.dll
2009-05-13 07:13 24,576 a------- c:\windows\system32\dbmsgnet.dll
2009-05-13 07:11 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-05-13 06:28 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-12 21:09 <DIR> --d----- c:\program files\AVG
2009-05-12 21:04 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-05-12 20:58 202,752 -------- c:\windows\system32\dllcache\rmcast.sys
2009-05-12 20:58 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-05-12 20:58 333,184 -------- c:\windows\system32\dllcache\srv.sys
2009-05-12 20:58 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-05-12 20:57 683,520 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-05-12 20:52 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-05-12 20:52 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2009-05-12 20:51 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-05-12 20:49 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-12 20:49 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-12 20:33 221,184 a------- c:\windows\system32\wmpns.dll
2009-05-12 20:29 81,920 -------- c:\windows\system32\ieencode.dll
2009-05-12 20:25 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-12 20:19 19,528 a------- c:\windows\002269_.tmp
2009-05-12 20:14 <DIR> --d----- c:\windows\EHome
2009-05-12 11:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-12 11:11 <DIR> --d----- c:\docume~1\mybox~1\applic~1\SUPERAntiSpyware.com
2009-05-12 09:35 <DIR> --d----- c:\program files\Trend Micro
2009-04-30 11:57 45,056 a------- c:\windows\NCUNINST.EXE
2009-04-30 11:57 <DIR> --d----- c:\program files\common files\SWF Studio
2009-04-28 21:37 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-28 21:37 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-28 21:37 <DIR> --d-h--- c:\windows\$hf_mig$
2009-04-28 21:36 <DIR> --d----- c:\windows\system32\bits
2009-04-27 14:22 <DIR> --d----- c:\windows\system32\Adobe
2009-04-27 12:18 351,232 a------- c:\windows\system32\winhttp.dll
2009-04-27 12:18 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-04-27 12:18 438,784 -------- c:\windows\system32\xpob2res.dll
2009-04-27 12:18 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-04-27 12:18 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-04-27 12:13 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-04-27 12:12 186,136 a------- c:\windows\system32\wuaueng1.dll
2009-04-27 12:12 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-04-27 12:12 167,704 a------- c:\windows\system32\wuauclt1.exe
2009-04-27 12:11 4,904 a------- c:\docume~1\mybox~1\applic~1\wklnhst.dat
2009-04-27 12:03 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-27 12:02 410 a------- c:\windows\brwmark.ini
2009-04-27 12:02 209 a------- c:\windows\Brpfx04a.ini
2009-04-27 12:02 92 a------- c:\windows\brpcfx.ini
2009-04-27 12:02 65 a------- c:\windows\system32\BD7420.dat
2009-04-27 12:02 52 a------- c:\windows\BRPP2KA.INI
2009-04-27 12:01 <DIR> --d----- c:\program files\Brother
2009-04-27 11:59 27,019 a------- c:\windows\maxlink.ini
2009-04-27 11:59 <DIR> --d----- c:\program files\common files\ScanSoft Shared
2009-04-27 11:59 <DIR> --d----- c:\program files\ScanSoft
2009-04-27 11:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Brother
2009-04-27 11:50 <DIR> --ds---- c:\documents and settings\my box\UserData
2009-04-27 09:30 14,173 a------- c:\windows\system32\Config.MPF
2009-04-27 09:26 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-04-27 09:26 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-27 09:26 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-04-27 09:26 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-27 09:26 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-27 09:25 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-27 09:25 <DIR> --d----- c:\program files\McAfee.com
2009-04-27 09:25 <DIR> --d----- c:\program files\common files\McAfee
2009-04-27 09:25 <DIR> --d----- c:\program files\McAfee
2009-04-27 09:14 2 a------- c:\windows\msoffice.ini
2009-04-27 08:55 <DIR> --d-h--- c:\documents and settings\my box\WLANProfiles
2009-04-27 08:55 <DIR> --d----- c:\documents and settings\My Box
2009-04-27 08:55 <DIR> --d----- c:\docume~1\mybox~1\applic~1\Symantec

==================== Find3M ====================

2009-05-15 06:32 11,336 a------- c:\windows\system32\nvModes.dat
2009-05-13 07:38 1,409 a------- c:\windows\fonts\ALAMODE.fot
2009-05-13 07:38 1,409 a------- c:\windows\fonts\AFORM120.fot
2009-05-13 07:38 1,409 a------- c:\windows\fonts\AFORM112.fot
2009-05-13 07:38 1,409 a------- c:\windows\fonts\AFORM105.fot
2009-05-13 07:38 1,409 a------- c:\windows\fonts\AFORM100.fot
2009-05-13 07:38 1,409 a------- c:\windows\fonts\AFORM09B.fot
2009-05-13 07:38 1,409 a------- c:\windows\fonts\AFORM090.fot
2009-05-13 07:38 1,409 a------- c:\windows\fonts\AFORM080.fot
2009-05-13 07:38 1,409 a------- c:\windows\fonts\ADATA095.fot
2009-05-12 20:37 79,763 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-24 17:35 996,600 a------- c:\windows\system32\auroraupgrade.dll
2009-03-24 10:04 369,912 a------- c:\windows\system32\mercsettings.dll
2009-03-21 07:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-11 13:44 496,888 a------- c:\windows\system32\alatrans.dll
2009-03-06 07:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-06 07:44 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 16:52 1,495,552 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-03-02 10:36 1,582,328 a------- c:\windows\system32\wtusers.dll
2009-03-02 09:38 447,736 a------- c:\windows\system32\alamail.dll
2009-02-24 11:22 1,344,760 a------- c:\windows\system32\wtfiles.dll
2009-02-19 02:58 18,432 -------- c:\windows\system32\dllcache\iedw.exe

============= FINISH: 18:41:55.18 ===============

Log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/27/2009 8:55:01 AM
System Uptime: 5/19/2009 4:17:39 PM (2 hours ago)

Motherboard: Dell Computer Corporation | | 0Y4572
Processor: Intel(R) Pentium(R) M processor 1.50GHz | Microprocessor | 598/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 59.485 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\7CE44A1384FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\7CE44A1384FC000
Service: NIC1394

==== System Restore Points ===================

RP1: 4/27/2009 8:55:06 AM - System Checkpoint
RP2: 4/27/2009 9:15:16 AM - Removed EarthLink Setup Files
RP3: 4/27/2009 9:15:31 AM - Removed Get High Speed Internet!
RP4: 4/27/2009 11:59:01 AM - Installed PaperPort
RP5: 4/27/2009 11:59:42 AM - Installed DocuCom PDF Core Library
RP6: 4/27/2009 12:00:01 PM - Installed PaperPort Printer Driver
RP7: 4/27/2009 12:00:06 PM - Printer Driver PaperPort Color Printer Driver Installed
RP8: 4/27/2009 12:00:11 PM - Printer Driver PaperPort Mono Printer Driver Installed
RP9: 4/27/2009 12:01:14 PM - Installed Brother MFL-Pro Suite
RP10: 4/27/2009 12:02:05 PM - Printer Driver Brother PC-FAX Installed
RP11: 4/27/2009 2:12:06 PM - Installed Windows Installer KB893803v2.
RP12: 4/27/2009 2:12:28 PM - Installed Adobe Reader 9.1.
RP13: 4/28/2009 9:36:03 PM - Software Distribution Service 3.0
RP14: 4/28/2009 9:36:15 PM - Installed Windows XP KB842773.
RP15: 4/28/2009 9:37:01 PM - Installed Windows XP KB892130.
RP16: 4/28/2009 9:37:08 PM - Installed Windows XP KB898461.
RP17: 4/30/2009 5:08:20 PM - System Checkpoint
RP18: 5/1/2009 5:42:55 PM - System Checkpoint
RP19: 5/2/2009 7:11:05 PM - System Checkpoint
RP20: 5/5/2009 5:10:31 PM - System Checkpoint
RP21: 5/8/2009 4:55:03 PM - System Checkpoint
RP22: 5/12/2009 11:11:52 AM - Installed SUPERAntiSpyware Free Edition
RP23: 5/12/2009 8:19:12 PM - Installed Windows XP Service Pack 2.
RP24: 5/12/2009 9:09:46 PM - Installed AVG Free 8.5
RP25: 5/13/2009 6:25:17 AM - Software Distribution Service 3.0
RP26: 5/13/2009 7:11:14 AM - Installed Microsoft SQL Server Desktop Engine (ALAMODE)
RP27: 5/13/2009 7:39:55 AM - Printer Driver PDF-XChange 3.0 Installed
RP28: 5/13/2009 7:40:05 AM - Printer Driver PDF-XChange 3.0 Installed
RP29: 5/13/2009 2:50:52 PM - Removed AVG Free 8.5
RP30: 5/13/2009 2:52:18 PM - Installed AVG Free 8.5
RP31: 5/13/2009 2:53:39 PM - Removed SUPERAntiSpyware Free Edition
RP32: 5/13/2009 3:01:37 PM - Software Distribution Service 3.0
RP33: 5/13/2009 8:54:59 PM - Software Distribution Service 3.0
RP34: 5/14/2009 8:50:16 PM - Software Distribution Service 3.0
RP35: 5/14/2009 8:53:30 PM - Installed Windows XP KB958644.
RP36: 5/14/2009 8:55:22 PM - Installed Windows XP KB932823-v3.
RP37: 5/14/2009 11:00:18 PM - Software Distribution Service 3.0
RP38: 5/16/2009 12:26:37 AM - System Checkpoint
RP39: 5/16/2009 10:54:47 PM - Software Distribution Service 3.0
RP40: 5/17/2009 6:52:15 AM - Installed SUPERAntiSpyware Free Edition
RP41: 5/19/2009 9:09:58 AM - System Checkpoint
RP42: 5/19/2009 1:59:33 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.1
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
Banctec Service Agreement
BCM V.92 56K Modem
Broadcom Advanced Control Suite
Brother MFL-Pro Suite
Dell Digital Jukebox Driver
Dell Home Systems Services Agreement
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
Help and Support Customization
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) PROSet for Wireless
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Picture It! Photo Premium 9
Microsoft SQL Server Desktop Engine (ALAMODE)
Microsoft Streets and Trips 2004
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSXML 4.0 SP2 (KB954430)
MUSICMATCH® Jukebox
NVIDIA Drivers
PaperPort
PDF-XChange 3
PowerDVD 5.1
QuickSet
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Shockwave
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SUPERAntiSpyware Free Edition
Update for Windows XP (KB898461)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB885884
Windows XP Service Pack 2

==== Event Viewer Messages From Past Week ========

5/19/2009 4:51:27 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{0F0D3AEC-1274-4766-88E9-9438F0AB9F82} because another computer on the network has the same name. The server could not start.
5/19/2009 12:08:57 PM, error: Dhcp [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 000E3553C3BF has been denied by the DHCP server 172.19.0.114 (The DHCP Server sent a DHCPNACK message).
5/17/2009 3:49:34 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
5/17/2009 12:00:51 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000E3553C3BF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================
adr
Active Member
 
Posts: 6
Joined: May 12th, 2009, 12:49 pm

Re: Mbam log Step 1

Unread postby Rodav » May 20th, 2009, 4:15 pm

There is really not too much showing. C:\Program Files\Microsoft Money\System\dw15.exe does seem to be a false positive. Did you run superantispyware after you got the fake alerts? If you did could you post the log from it;
  • Click the Preferences button.
    • Click the Statistics/Logs tab.
      • Logs are listed by date and time, select the log from after you became infected.
      • Click View log.
    • This will open a log page.
    • Copy/Paste the contents in your next post please.


You have a very outdated version of java installed which can easily be exploited, you need to uninstall Java 2 Runtime Environment, SE v1.4.2_03 via add/remove programs. You can get the latest version which is JRE 6 Update 13 here: http://java.sun.com/javase/downloads/index.jsp


Step 1:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir 
    C:\db00234d1ff25a8401cfe33e
    :file
    C:\Program Files\Microsoft Money\System\dw15.exe
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Step 2:
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HijackThis log, the systemlook results and a description of how your PC is behaving.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Mbam log Step 1

Unread postby Rodav » May 24th, 2009, 4:27 pm

Do you still need any help?
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Mbam log Step 1

Unread postby Elrond » May 26th, 2009, 10:41 am

Due to lack of activity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware