Free Malware Removal Forum

[mooobell]

Hi,

Recently, a window would periodically pop up showing "sameshitasiteverwas" in the explorer bar. I notice that I cannot view certain websites such as youtube and google sometimes does not work. Here is the log from HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:50 PM, on 6/17/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024531EE0} - https://www.external.net/webclients/setup.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/27.38/uploader2.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://merillat.view22.com/release_3_9_ ... 2RTEv4.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\Windows\System32\brcplsdw32.dll
O23 - Service: McAfee Application Installer Cleanup (0231131245170892) (0231131245170892mcinstcleanup) - McAfee, Inc. - C:\Users\Bao\AppData\Local\Temp\023113~1.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9835 bytes

Any help would be greatly appreciated. Thanks!

[Blade81]

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

[mooobell]

DDS.txt


DDS (Ver_09-05-14.01) - NTFSx86
Run by Bao at 10:17:45.89 on Sat 06/20/2009
Internet Explorer: 7.0.6000.16851
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1021.155 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bao\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024531EE0} - hxxps://www.external.net/webclients/setup.exe
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/27.38/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://merillat.view22.com/release_3_9_ ... 2RTEv4.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
LSA: Notification Packages = scecli psqlpwd

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-26 73728]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-11-27 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2007-11-27 7424]
S2 0231131245170892mcinstcleanup;McAfee Application Installer Cleanup (0231131245170892);c:\users\bao\appdata\local\temp\023113~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\bao\appdata\local\temp\023113~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-26 29744]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-11-27 209408]

=============== Created Last 30 ================

2009-06-20 09:55 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-20 09:46 <DIR> --ds---- C:\ComboFix
2009-06-18 14:56 0 a------- c:\windows\system32\A249.tmp
2009-06-18 14:56 0 a------- c:\windows\system32\8C0A.tmp
2009-06-18 14:51 161,792 a------- c:\windows\SWREG.exe
2009-06-18 14:51 155,136 a------- c:\windows\PEV.exe
2009-06-18 14:51 98,816 a------- c:\windows\sed.exe
2009-06-16 17:40 97,800 a------- c:\windows\system32\infocardapi.dll
2009-06-16 17:40 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-16 17:40 622,080 a------- c:\windows\system32\icardagt.exe
2009-06-16 17:40 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-06-16 17:40 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-06-16 17:40 11,264 a------- c:\windows\system32\icardres.dll
2009-06-16 17:40 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-06-16 17:40 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-06-16 17:34 49,152 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-06-16 17:34 16,384 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-06-16 17:34 40,943,616 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-06-16 17:23 96,760 a------- c:\windows\system32\dfshim.dll
2009-06-16 17:23 282,112 a------- c:\windows\system32\mscoree.dll
2009-06-16 17:23 41,984 a------- c:\windows\system32\netfxperf.dll
2009-06-16 17:22 158,720 a------- c:\windows\system32\mscorier.dll
2009-06-16 17:22 83,968 a------- c:\windows\system32\mscories.dll
2009-06-16 17:09 269,824 a------- c:\windows\system32\schannel.dll
2009-06-16 17:09 376,832 a------- c:\windows\system32\winhttp.dll
2009-06-16 17:07 501,760 a------- c:\windows\system32\wbem\WmiPrvSD.dll
2009-06-16 17:05 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-06-16 17:05 30,208 a------- c:\windows\system32\xolehlp.dll
2009-06-16 17:05 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-06-16 13:32 <DIR> --dsh--- c:\windows\system32\SystemX86
2009-06-16 11:55 8,623 a------- c:\windows\system32\Config.MPF
2009-06-16 11:54 143,360 a------- c:\windows\system32\dunzip32.dll
2009-06-16 11:49 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-06-16 11:49 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-06-16 11:49 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-06-16 11:49 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-06-16 11:49 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-06-16 11:48 125,728 a------- c:\windows\system32\drivers\Mpfp.sys
2009-06-16 11:47 <DIR> --d----- c:\program files\McAfee.com
2009-06-16 11:46 <DIR> --d----- c:\program files\common files\McAfee
2009-06-16 11:46 <DIR> --d----- c:\program files\McAfee
2009-06-16 09:55 <DIR> --d----- c:\programdata\McAfee

==================== Find3M ====================

2009-06-16 11:39 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-16 11:39 86,016 a------- c:\windows\inf\infstor.dat
2009-06-16 11:39 51,200 a------- c:\windows\inf\infpub.dat
2009-04-24 11:22 827,392 a------- c:\windows\system32\wininet.dll
2009-04-24 11:14 56,320 a------- c:\windows\system32\iesetup.dll
2009-04-24 11:14 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 11:14 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-24 11:11 72,704 a------- c:\windows\system32\admparse.dll
2009-04-24 08:53 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-24 07:25 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-23 07:56 696,832 a------- c:\windows\system32\localspl.dll
2009-04-21 07:04 2,028,032 a------- c:\windows\system32\win32k.sys
2009-03-25 17:09 262,144 -------- c:\windows\Setup1.exe
2009-03-25 17:09 73,216 a------- c:\windows\ST6UNST.EXE
2008-12-14 04:24 174 a--sh--- c:\program files\desktop.ini
2008-06-12 17:47 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-09 04:14 27,145 a------- c:\users\bao\appdata\roaming\nvModes.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-11-26 19:28 76 ---shr-- c:\windows\CT4CET.bin
2008-11-07 19:01 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-07 19:01 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-07 19:01 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-11-27 03:06 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:19:26.82 ===============


ATTACH.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 11/26/2007 6:14:31 PM
System Uptime: 6/20/2009 9:58:50 AM (1 hours ago)

Motherboard: Dell Inc. | | 0XR509
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | Microprocessor | 1500/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 136 GiB total, 93.448 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.917 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 8.1.3
Advanced Audio FX Engine
Advanced Video FX Engine
AnswerWorks 4.0 Runtime - English
Apple Software Update
AutoUpdate
Browser Address Error Redirector
Chinese Traditional Fonts Support For Adobe Reader 8
Citrix Presentation Server Client - Web Only
Comcast High-Speed Internet Install Wizard
Dell DataSafe Online
Dell Getting Started Guide
Dell Network Assistant
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
DellSupport
Desktop Doctor
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Fingerprint Reader Suite 5.6
Google Desktop
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hyatt eDeals
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless Software
Java(TM) SE Runtime Environment 6
Laptop Integrated Webcam Driver (1.03.02.0719)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
McAfee SecurityCenter
mCore
MediaDirect
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mMHouse
mPfMgr
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Music, Photos & Videos Launcher
mWMI
NVIDIA Drivers
OutlookAddinSetup
Paint.NET v3.36
Product Documentation Launcher
QuickSet
QuickTime
Rainlendar2 (remove only)
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
SIM Recovery Pro v1.2.2
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update Service
User's Guides
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Yahoo! Messenger
Yahoo! Toolbar

==== End Of File ===========================

[Blade81]

Hi,

Seems that you've run ComboFix by yourself which is not recommended. ComboFix should be run under supervision only.

Please post contents of c:\ComboFix.txt file.

[mooobell]

ComboFix 09-06-19.01 - Bao 06/20/2009 9:48.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1021.217 [GMT -5:00]
Running from: c:\users\Bao\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-20 14:54 . 2009-06-20 14:54 -------- d-----w- c:\users\Bao\AppData\Local\temp
2009-06-16 22:40 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-16 22:40 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-16 22:40 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-16 22:40 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-16 22:40 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-16 22:40 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-16 22:40 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-16 22:23 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-16 22:23 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-16 22:23 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-16 22:22 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-16 22:22 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-16 22:09 . 2008-11-27 04:42 269824 ----a-w- c:\windows\system32\schannel.dll
2009-06-16 22:09 . 2008-12-08 04:34 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-06-16 22:07 . 2009-03-03 04:20 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2009-06-16 22:05 . 2008-06-05 04:50 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-06-16 22:05 . 2008-06-05 04:50 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-06-16 22:05 . 2009-04-23 13:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-16 18:32 . 2009-06-16 18:32 -------- d-sh--w- c:\windows\system32\SystemX86
2009-06-16 16:54 . 2006-03-03 13:07 143360 ----a-w- c:\windows\system32\dunzip32.dll
2009-06-16 16:49 . 2007-11-22 11:44 33832 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-06-16 16:49 . 2007-12-02 17:51 40488 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-06-16 16:49 . 2007-11-22 11:44 35240 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-06-16 16:49 . 2007-11-22 11:44 79304 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-06-16 16:49 . 2007-11-22 11:44 201320 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-06-16 16:48 . 2007-07-13 11:21 125728 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-06-16 16:47 . 2009-06-16 16:47 -------- d-----w- c:\program files\McAfee.com
2009-06-16 16:46 . 2009-06-16 16:49 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-16 16:46 . 2009-06-16 16:55 -------- d-----w- c:\program files\McAfee
2009-06-16 14:55 . 2009-06-16 16:55 -------- d-----w- c:\programdata\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 20:05 . 2009-02-17 04:46 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-18 19:56 . 2009-06-18 19:56 0 ----a-w- c:\windows\system32\A249.tmp
2009-06-18 19:56 . 2009-06-18 19:56 0 ----a-w- c:\windows\system32\8C0A.tmp
2009-06-17 23:00 . 2007-12-25 04:57 117304 ----a-w- c:\users\Bao\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-17 20:10 . 2007-11-27 00:39 -------- d-----w- c:\program files\Trend Micro
2009-06-16 23:35 . 2009-02-03 04:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-16 23:29 . 2007-12-29 19:55 -------- d-----w- c:\programdata\Microsoft Help
2009-06-16 23:20 . 2007-11-27 00:49 -------- d-----w- c:\program files\Microsoft Works
2009-06-16 14:48 . 2008-11-30 20:09 -------- d-----w- c:\users\Bao\AppData\Roaming\LimeWire
2009-05-31 08:59 . 2008-05-15 23:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-17 22:37 . 2009-05-17 22:37 -------- d-----w- c:\program files\Sony Ericsson
2009-05-04 23:52 . 2008-07-01 02:55 -------- d-----w- c:\program files\Paint.NET
2009-04-24 16:22 . 2009-06-16 21:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:14 . 2009-06-16 21:56 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-04-24 16:14 . 2009-06-16 21:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 16:11 . 2009-06-16 21:56 72704 ----a-w- c:\windows\system32\admparse.dll
2009-04-24 13:53 . 2009-06-16 21:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-24 12:25 . 2009-06-16 21:56 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-04-23 12:56 . 2009-06-16 22:06 696832 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 12:04 . 2009-06-16 22:06 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-03-25 22:09 . 2009-03-25 22:09 262144 ------w- c:\windows\Setup1.exe
2009-03-25 22:09 . 2009-03-25 22:09 73216 ----a-w- c:\windows\ST6UNST.EXE
2007-11-27 00:28 . 2007-11-27 00:28 76 --sh--r- c:\windows\CT4CET.bin
2007-11-27 08:06 . 2007-11-27 07:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-06-18_20.07.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-06-20 14:12 66550 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-12-25 04:54 . 2009-06-18 16:23 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-25 04:54 . 2009-06-20 14:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-25 04:54 . 2009-06-18 16:23 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-25 04:54 . 2009-06-20 14:43 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-25 04:54 . 2009-06-18 16:23 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-25 04:54 . 2009-06-20 14:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-25 04:58 . 2009-06-20 14:12 7242 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-271065832-3770202074-1214216031-1000_UserData.bin
+ 2009-06-18 20:07 . 2009-06-20 14:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-18 20:07 . 2009-06-18 20:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-18 20:07 . 2009-06-20 14:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-06-20 14:17 621552 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-16 23:44 621552 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-20 14:17 104868 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-16 23:44 104868 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 05:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{18862159-A9B7-4A55-A61A-384F7CF8BC1E}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{3D4A83B2-BD28-4CF4-85E8-404F02AA9C05}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{B62351F1-05B6-46B8-B051-5EA396E2F626}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{0FD84CE4-8B59-4189-9DAA-5CC94CD04634}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{E1D086AE-C814-4A44-906C-5B0D7C717002}"= UDP:c:\program files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{D197C889-1DE0-40F9-8871-C98564C534BC}"= TCP:c:\program files\Dell Network Assistant\ezi_hnm2.exe:Dell Network Assistant
"{D8702CFA-EA9C-4159-8964-67589D740869}"= Disabled:TCP:10421:SingleClick Discovery Protocol
"{06FDF050-DC3A-44A0-8656-7677A86B220A}"= UDP:139:NetBIOS File/Printer Sharing
"{B5EA6242-236F-4347-96A7-CBC6B915BBD8}"= Disabled:TCP:10426:SingleClick ICC
"{763A238B-7463-4C37-BB29-6FCF77D13FCC}"= UDP:445:Microsoft Directory Services
"{B90A9318-71A7-4DC4-8C5E-189C41BD231D}"= TCP:138:NetBIOS Datagram Service
"{5EFBB796-6662-47B6-BDB1-B770820139B6}"= TCP:137:NetBIOS Name Service
"{ABA14E22-8AE4-4F60-B95B-5E0CFF1BAA2F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9A0930F1-3EF8-495E-AA1F-C96A27DF2164}"= UDP:c:\program files\TurboTax\Premier 2007\32bit\ttax.exe:TurboTax
"{BA10FA60-D2A1-4207-BE96-09B353D8949F}"= TCP:c:\program files\TurboTax\Premier 2007\32bit\ttax.exe:TurboTax
"{43AF61D9-C34D-4676-AE42-502F762F8E4A}"= UDP:c:\program files\TurboTax\Premier 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{85FCA12B-4CD3-4496-A03F-EB2FE4026FD9}"= TCP:c:\program files\TurboTax\Premier 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{36EA3E8C-3E5A-45E5-9597-8F23FBFD8757}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{906D0186-77EC-49D7-99E9-687AC1483C66}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{48EA48C3-93D8-4529-9B52-1887167A9A90}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CC7A44D3-8479-43BC-81E5-DD7DD142AB84}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4CAEB416-84BB-41F9-971A-A5A0AA392D90}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [11/26/2007 7:12 PM 73728]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [11/27/2007 3:06 AM 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [11/27/2007 3:06 AM 7424]
S2 0231131245170892mcinstcleanup;McAfee Application Installer Cleanup (0231131245170892);c:\users\Bao\AppData\Local\Temp\023113~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\users\Bao\AppData\Local\Temp\023113~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/26/2007 7:48 PM 29744]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [11/27/2007 3:06 AM 209408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-06-16 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-16 18:32]

2009-06-16 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-16 18:32]

2009-06-20 c:\windows\Tasks\User_Feed_Synchronization-{3CE13ABF-A438-4C5A-AA7C-6FDFEA3A234F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: {238F6F83-B8B4-11CF-8771-00A024531EE0} - hxxps://www.external.net/webclients/setup.exe
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://merillat.view22.com/release_3_9_ ... 2RTEv4.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 09:54
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll

- - - - - - - > 'Explorer.exe'(1924)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2009-06-20 9:57
ComboFix-quarantined-files.txt 2009-06-20 14:57
ComboFix2.txt 2009-06-18 20:16

Pre-Run: 99,851,546,624 bytes free
Post-Run: 100,489,392,128 bytes free

225 --- E O F --- 2009-06-16 23:29

[Blade81]

Hi,

Please look for file ComboFix2.txt on your hard drive and post contents of it.

[mooobell]

Hi,

I cannot find the specified file. The only one I have is the one that was posted previously.

[Blade81]

Well, that's a pity since all removed items were in that log and without seeing it, it's pretty difficult to know what was removed (one of the reason why ComboFix shouldn't be run without supervision)


Remove P2P software
While looking over your log, I have noticed the following Peer-to-Peer filesharing programs are present on your computer:

Limewire

These programs are the #1 source of infected systems. Although the software itself can be clean, the files you download are often infected with malware. Because of this, we do not allow P2P software present on machines we're cleaning anymore..

This means you must remove the above Peer-to-Peer filesharing programs (if still present) and any others present on your machine. For an fully explanation of our policy, please read the following P2P Program Policy.



Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all

File::
c:\windows\system32\A249.tmp
c:\windows\system32\8C0A.tmp

Folder::
c:\users\Bao\AppData\Roaming\LimeWire
c:\program files\LimeWire

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{06FDF050-DC3A-44A0-8656-7677A86B220A}"=-
"{763A238B-7463-4C37-BB29-6FCF77D13FCC}"=-
"{B90A9318-71A7-4DC4-8C5E-189C41BD231D}"=-
"{5EFBB796-6662-47B6-BDB1-B770820139B6}"=-
"{36EA3E8C-3E5A-45E5-9597-8F23FBFD8757}"=-
"{906D0186-77EC-49D7-99E9-687AC1483C66}"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

[NonSuch]

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.