Jump to content

ddepumpo

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Miekiemoes, you're my hero ... I was able to reinstall Malwarebytes. I just ran a quick scan, it it came out clean. Is there anything else I need to do? Thanks so much. Dan
  2. Combofix is not on desktop. I tried to open MBAM and it can't found. Should I uninstall it, and then reinstall it? Thanks Dan
  3. still getting the same message that it cannot be found. I included the quotes (") just as you had them. Is that correct?
  4. Is there a chance taht Combofix already uninstalled by itself? I see that the icon is gone from my desktop again.
  5. I got the fix.reg and doubleclicked. That went okay. But when I pasted "ComboFix /Uninstall" in the start>run box I got an error message that said "Windows cannot find 'Combofix'. Make sure tyou type correctly then try again ... to search for a file...." I actually pasted your command, so I didn't type it wrong.
  6. I'm back. Thanks for bearing with me. Here's the new log. Now what? Thanks Dan ComboFix 09-10-26.06 - Daniel 10/27/2009 15:06.3.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.850 [GMT -4:00] Running from: c:\documents and settings\Daniel.DEPUMPO\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Daniel.DEPUMPO\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\program files\q330994.exe" "c:\windows\SYSTEM32\nuboyune.dll" "c:\windows\SYSTEM32\pulasiya.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\q330994.exe c:\windows\SYSTEM32\nuboyune.dll c:\windows\SYSTEM32\pulasiya.dll . ((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 ))))))))))))))))))))))))))))))) . 2009-10-27 17:31 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe 2009-10-27 17:31 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-10-27 14:33 . 2009-10-27 14:33 -------- d-----w- c:\program files\Trend Micro 2009-10-27 12:02 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-27 12:02 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-27 12:02 . 2009-10-27 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-10 01:46 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-10-10 01:46 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-26 02:45 . 2007-08-19 11:41 -------- d-----w- c:\program files\McAfee 2009-09-16 14:22 . 2007-08-19 11:43 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 14:22 . 2007-08-19 11:43 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 14:22 . 2007-08-19 11:43 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 14:22 . 2007-08-19 11:43 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 14:22 . 2007-08-19 11:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-11 14:18 . 2002-09-03 16:46 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2002-09-03 16:44 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2006-06-23 15:33 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2002-09-03 16:29 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2002-09-03 17:05 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-22 11:57 . 2004-12-04 12:52 63696 ----a-w- c:\documents and settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-06 23:24 . 2004-12-02 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-12-02 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2004-12-02 04:00 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2009-06-29 01:05 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2002-09-03 16:28 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-12-02 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2009-07-15 15:22 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 23:23 . 2009-06-29 01:05 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-06 23:23 . 2008-10-16 18:07 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-05 09:01 . 2002-09-03 16:46 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 00:44 . 2002-09-03 16:50 2189184 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe 2009-07-31 18:12 . 2009-02-09 01:53 1324 ----a-w- c:\windows\system32\d3d9caps.dat . ((((((((((((((((((((((((((((( SnapShot@2009-10-27_17.38.21 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-27 19:15 . 2009-10-27 19:15 16384 c:\windows\Temp\Perflib_Perfdata_76c.dat + 2004-11-30 04:09 . 2009-10-27 18:08 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe - 2004-11-30 04:09 . 2009-10-27 12:43 90112 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe + 2004-11-30 04:09 . 2009-10-27 18:08 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe - 2004-11-30 04:09 . 2009-10-27 12:43 45056 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe + 2004-11-30 04:09 . 2009-10-27 18:08 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe - 2004-11-30 04:09 . 2009-10-27 12:43 22528 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe + 2004-11-30 04:09 . 2009-10-27 18:08 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe - 2004-11-30 04:09 . 2009-10-27 12:43 30720 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe + 2004-11-30 04:09 . 2009-10-27 18:08 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe - 2004-11-30 04:09 . 2009-10-27 12:43 16384 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe + 2004-11-30 04:09 . 2009-10-27 18:08 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe - 2004-11-30 04:09 . 2009-10-27 12:43 34304 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe + 2004-11-30 04:09 . 2009-10-27 18:08 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe - 2004-11-30 04:09 . 2009-10-27 12:43 3584 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe + 2004-11-30 04:09 . 2009-10-27 18:08 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe - 2004-11-30 04:09 . 2009-10-27 12:43 8192 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe - 2004-11-30 04:09 . 2009-10-27 12:43 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe + 2004-11-30 04:09 . 2009-10-27 18:08 2560 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe - 2004-11-30 04:09 . 2009-10-27 12:43 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe + 2004-11-30 04:09 . 2009-10-27 18:08 114688 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe - 2004-11-30 04:09 . 2009-10-27 12:43 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe + 2004-11-30 04:09 . 2009-10-27 18:08 167936 c:\windows\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-08 68856] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2006-01-24 7094272] "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600] "SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 36904] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-06 98304] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-14 122368] "MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896] "noherimaje"="jugifidu.dll" [bU] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2005-2-6 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-06-30 02:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeeantivirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeefirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"= R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088] S3 SQTECH913D;913D Camera;c:\windows\SYSTEM32\DRIVERS\Capt913d.sys [3/21/2009 10:30 PM 29522] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-08-19 16:22] 2009-10-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-08-19 16:22] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uStart Page = hxxp://weather.weatherbug.com/VA/Alexandria-weather.html?zcode=ZWB60&zip=22308 uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: Yahoo! Bridge - hxxp://origin.games.yahoo.net/games/clients/y/bt1_x.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-27 15:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(652) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll - - - - - - - > 'explorer.exe'(3564) c:\windows\system32\WININET.dll c:\program files\SiteAdvisor\6253\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\combofix\CF23370.exe c:\windows\system32\UStorSrv.exe c:\windows\system32\ZuneBusEnum.exe c:\windows\system32\rundll32.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\Java\jre6\bin\jucheck.exe c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe c:\progra~1\mcafee\VIRUSS~1\mcvsmap.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-27 15:24 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-27 19:23 ComboFix2.txt 2009-10-27 18:59 ComboFix3.txt 2009-10-27 17:47 Pre-Run: 17,495,797,760 bytes free Post-Run: 19,806,887,936 bytes free - - End Of File - - 71ED78542D218618CA88EDC966B3434D
  7. I just noticed that my icon for Combfix is gone. I saved it to the desktop, but it disappeared.
  8. Hello, Here's my Combofix log. I can't believe I've made it this far. What's the next step? Thanks Dan ComboFix 09-10-26.06 - Daniel 10/27/2009 13:20.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.703 [GMT -4:00] Running from: c:\documents and settings\Daniel.DEPUMPO\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Daniel.DEPUMPO\Local Settings\Temporary Internet Files\fbk.sts C:\ntldr.exe c:\program files\Common c:\program files\driver c:\recycler\S-1-5-21-1502368518-1173428993-1889631841-1007 c:\recycler\S-1-5-21-1502368518-1173428993-1889631841-1008 c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security c:\windows\system32\dakiloni.dll c:\windows\system32\dizubure.dll c:\windows\system32\jugifidu.dll c:\windows\system32\lohukehi.dll c:\windows\system32\pikiduwe.dll c:\windows\system32\wilawape.dll c:\windows\system32\wozuboge.dll c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\system32\dllcache\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6to4 -------\Legacy_DRIVER -------\Legacy_DRIVERDRV -------\Legacy_pcmstub ((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 ))))))))))))))))))))))))))))))) . 2009-10-27 17:31 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe 2009-10-27 17:31 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-10-27 14:33 . 2009-10-27 14:33 -------- d-----w- c:\program files\Trend Micro 2009-10-27 12:02 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-27 12:02 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-27 12:02 . 2009-10-27 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-10 01:46 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-10-10 01:46 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-26 02:45 . 2007-08-19 11:41 -------- d-----w- c:\program files\McAfee 2009-09-16 14:22 . 2007-08-19 11:43 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 14:22 . 2007-08-19 11:43 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 14:22 . 2007-08-19 11:43 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 14:22 . 2007-08-19 11:43 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 14:22 . 2007-08-19 11:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-09-11 14:18 . 2002-09-03 16:46 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2002-09-03 16:44 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2006-06-23 15:33 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2002-09-03 16:29 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2002-09-03 17:05 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-22 11:57 . 2004-12-04 12:52 63696 ----a-w- c:\documents and settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-06 23:24 . 2004-12-02 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2004-12-02 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2004-12-02 04:00 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2009-06-29 01:05 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2002-09-03 16:28 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2004-12-02 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2009-07-15 15:22 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 23:23 . 2009-06-29 01:05 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-06 23:23 . 2008-10-16 18:07 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-05 09:01 . 2002-09-03 16:46 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 00:44 . 2002-09-03 16:50 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2002-08-29 01:04 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-07-31 18:12 . 2009-02-09 01:53 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2004-11-28 19:37 . 2004-11-19 19:04 0 --sha-r- c:\program files\q330994.exe 2009-07-27 02:35 . 2009-07-27 02:35 51712 --sha-w- c:\windows\SYSTEM32\nuboyune.dll 2009-07-27 02:35 . 2009-07-27 02:35 51712 --sha-w- c:\windows\SYSTEM32\pulasiya.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f0a9077d-05d9-48f1-9c35-7e54d8a3ace5}] 2009-07-27 02:35 51712 --sha-w- c:\windows\SYSTEM32\nuboyune.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-08 68856] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2006-01-24 7094272] "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600] "SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 36904] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-06 98304] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-14 122368] "MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2005-2-6 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-06-30 02:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeeantivirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeefirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088] S3 SQTECH913D;913D Camera;c:\windows\SYSTEM32\DRIVERS\Capt913d.sys [3/21/2009 10:30 PM 29522] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-08-19 16:22] 2009-10-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-08-19 16:22] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uStart Page = hxxp://weather.weatherbug.com/VA/Alexandria-weather.html?zcode=ZWB60&zip=22308 uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: Yahoo! Bridge - hxxp://origin.games.yahoo.net/games/clients/y/bt1_x.cab . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKLM-Run-gotiyifoy - c:\windows\system32\pikiduwe.dll HKLM-Run-noherimaje - jugifidu.dll SharedTaskScheduler-{4ca4c294-2676-4eb6-8008-addbc5b6f3df} - c:\windows\system32\yehubifi.dll SharedTaskScheduler-{a8de845a-5cef-4984-be93-e6606229db47} - c:\windows\system32\pikiduwe.dll SSODL-bipifigil-{4ca4c294-2676-4eb6-8008-addbc5b6f3df} - c:\windows\system32\yehubifi.dll SSODL-bolidujeg-{a8de845a-5cef-4984-be93-e6606229db47} - c:\windows\system32\pikiduwe.dll AddRemove-Imation Disk Manager V a Service - c:\docume~1\DANIEL~1.DEP\LOCALS~1\Temp\Imation Disk Manager V a.exe AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe AddRemove-U-Storage Service - c:\docume~1\DANIEL~1.DEP\LOCALS~1\Temp\U-Storage.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-27 13:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(652) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll - - - - - - - > 'explorer.exe'(2792) c:\windows\system32\WININET.dll c:\program files\SiteAdvisor\6253\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\combofix\CF32525.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\windows\system32\UStorSrv.exe c:\windows\system32\ZuneBusEnum.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\Java\jre6\bin\jucheck.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-27 13:47 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-27 17:47 Pre-Run: 16,737,484,800 bytes free Post-Run: 17,491,853,312 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - F8FE8435A73F353A3D6A4B8025C4FA7C
  9. I know I sound dense, but how do I disable McAfee in order to run combofix? I thought there was an easy way to disable McAfee, but now I don't see how to do it. Thanks
  10. Not to be whiny, but I think this is out of my league. About 6 mos ago I paid Dell $130 bucks to fix a similar issue. Looks like I will be doing that again ... or throwing the computer out the window. Does this combifix involve a reinstall? Do you think a novice like myself can do this combofix? I do have an external hardrive and will back up my important stuff.
  11. Yes, when I try to open that file I get an error saying "c:programfiles ..." is not a valid win32 application
  12. Miekiemoes, Sorry to butt in again. I started a new thread "can't find MBAM.exe" by ddepumpo. Is there any chance you could reply to that since you seem to have a pretty good handle on this. (I'm not sure how this forum works.) Thanks. Dan
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.