peterpan Posted July 17, 2010 ID:285927 Share Posted July 17, 2010 I was unable to complete the GMER Rootkit Scanner. First, the computer froze, then subsequent attempts produced an error message stating that the program randomly named: rn3ng7k2.exe had encountered a problem and had to close. By the way, thank you for providing such a service to those of us who are not very computer savvy. It's greatly appreciated. DDS (Ver_10-03-17.01) - NTFSx86 Run by p at 12:40:28.10 on Wed 07/14/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.413 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dllhost.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exeC:\WINDOWS\stsystra.exeC:\Program Files\Creative\VoiceCenter\AndreaVC.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\DOCUME~1\p\LOCALS~1\Temp\clclean.0001C:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\AIM\aim.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exeC:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Microsoft Reference\Bookshelf 98\qshelf98.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\Program Files\OpenOffice.org 2.4\program\soffice.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\Program Files\OpenOffice.org 2.4\program\soffice.BINC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\p\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.comcast.net/uSearch Page = hxxp://search.live.comuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dlluRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenteruRun: [setDefaultMIDI] MIDIDef.exeuRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /RuRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /backgrounduRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quietuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" bootuRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimizeduRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-USuRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 GTB6 (.NET CLR 3.5.30729)" -"http://www.shockwave.com/gamelanding/figureskating.jsp?extcmp=5_figureskating_ON_df_OL_online_home"mRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exemRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exemRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCentermRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"mRun: [sigmatelSysTrayApp] stsystra.exemRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /traymRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /rmRun: [MBMon] Rundll32 CTMBHA.DLL,MBMonmRun: [updReg] c:\windows\UpdReg.EXEmRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXEmRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hidemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"dRun: [amnbdefj] c:\documents and settings\networkservice\local settings\application data\gloleufle\mlnwrodtssd.exeStartupFolder: c:\docume~1\p\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag print\AGremind.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\miniey~1.lnk - c:\program files\infinite mind lc\eyeq\ARLaunch.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\qshelf.lnk - c:\program files\microsoft reference\bookshelf 98\qshelf98.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllTrusted Zone: intuit.com\ttlcTrusted Zone: turbotax.comDPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://www.shockwave.com/content/cookingdash/sis/CookingDashWeb.1.0.0.9.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dllDPF: {7D492D61-303A-45C3-8A55-63449339943D} - hxxp://www.shockwave.com/content/nightshiftcode/sis/NightShiftCodeWeb.1.0.0.5.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cabDPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://chill.comcast.net/GameShell/online/en/insaniquarium_new/popcaploader_v10.cabDPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cabFilter: text/html - {0c7f6a4c-85a4-422a-8083-f1d3eaaf58f6} - Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\p\applic~1\mozilla\firefox\profiles\yzdkbsi6.default\FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=19-06-2010&tb_mrud=19-06-2010FF - prefs.js: browser.search.selectedEngine - Surf CanyonFF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=19-06-2010&tb_mrud=19-06-2010&query=FF - component: c:\documents and settings\p\application data\mozilla\firefox\profiles\yzdkbsi6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dllFF - component: c:\documents and settings\p\application data\mozilla\firefox\profiles\yzdkbsi6.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\ebayAccessComponent.dllFF - component: c:\documents and settings\p\application data\mozilla\firefox\profiles\yzdkbsi6.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\ebayShortcutMaker.dllFF - component: c:\documents and settings\p\application data\mozilla\firefox\profiles\yzdkbsi6.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dllFF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dllFF - plugin: c:\documents and settings\p\application data\move networks\plugins\npqmp071503000010.dllFF - plugin: c:\documents and settings\p\application data\move networks\plugins\npqmp071701000002.dllFF - plugin: c:\program files\gobit games\browserplugin\npgobitgamesplugin.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dllFF - plugin: c:\program files\mozilla firefox\plugins\npgobitgamesplugin.dllFF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dllFF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falseFF - user.js: browser.sessionstore.resume_from_crash - falseFF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");============= SERVICES / DRIVERS ===============R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-8 385880]R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-22 54752]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-7-12 203280]R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-7-12 359952]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-7-12 144704]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-22 24652]R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-7-12 606736]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-12 79816]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-12 35272]R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-7-12 40552]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-7-12 34248]=============== Created Last 30 ================2010-07-14 16:35:17 0 ----a-w- c:\documents and settings\p\defogger_reenable2010-07-13 17:12:27 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-07-13 17:12:27 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-07-13 03:21:37 7263 ----a-w- c:\windows\system32\Config.MPF2010-07-13 03:17:43 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2010-07-13 03:17:43 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys2010-07-13 03:17:43 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys2010-07-13 03:17:37 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys2010-07-13 03:17:03 0 d-----w- c:\program files\common files\McAfee2010-07-13 03:17:02 0 d-----w- c:\program files\McAfee.com2010-07-13 03:16:54 0 d-----w- c:\program files\McAfee2010-07-13 03:14:06 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys2010-07-13 01:54:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-07-13 01:54:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-07-13 01:32:27 0 d-----w- c:\windows\system32\wbem\Repository2010-07-12 16:17:54 0 dc----w- c:\windows\ie8(2)2010-07-12 02:53:57 0 d-----w- c:\documents and settings\p\IECompatCache2010-07-11 16:01:42 0 d-----w- c:\docume~1\p\applic~1\Malwarebytes2010-07-11 16:01:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-11 16:01:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-07-11 13:44:15 0 d-----w- c:\documents and settings\p\IETldCache2010-07-11 13:29:38 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll2010-07-11 13:29:38 78336 ----a-w- c:\windows\system32\ieencode.dll2010-07-11 02:59:02 0 d-----w- C:\127d526d9545186a8bb30c2010-07-10 20:50:59 552 ----a-w- c:\windows\system32\d3d8caps.dat2010-07-02 17:17:20 8341 ----a-w- c:\documents and settings\p\Cover sheet for Jason Struble at David Stern Law Firm.wks2010-06-28 00:10:07 786432 ----a-w- C:\ffastunT.ffl2010-06-19 16:12:44 0 d-----w- c:\program files\common files\Software Update Utility2010-06-19 16:12:13 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM2010-06-19 16:10:59 0 d-----w- c:\program files\AIM==================== Find3M ====================2010-06-01 00:32:58 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll2009-05-24 22:50:37 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052420090525\index.dat============= FINISH: 12:44:37.67 ===============Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4312Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.137/14/2010 10:01:47 AMmbam-log-2010-07-14 (10-01-47).txtScan type: Quick scanObjects scanned: 142118Time elapsed: 18 minute(s), 40 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 2Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amnbdefj (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\exe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.Attach.zip Link to post Share on other sites More sharing options...
kahdah Posted July 18, 2010 ID:286158 Share Posted July 18, 2010 Hello peterpanWelcome to Malwarebytes.=====================Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
peterpan Posted July 18, 2010 Author ID:286266 Share Posted July 18, 2010 Thank you so much Kahdah! While running ComboFix I did receive an error message stating: PEV.exe has encountered a problem and needs to close. This was encountered at Stage 3, however ComboFix did continue to Stage 50 (which I'm sure you can see from the log). I also need to tell you that since this virus (?) appeared Internet Explorer has not worked. We are unable to open it. We also receive redirects (very frustrating!) and a lot of high memory usage. As I am not computer savvy, I leave it to you to know what this may or may not mean. I look forward to hearing from you. Thanks again.PeterPanComboFix 10-07-16.02 - p 07/18/2010 13:57:11.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.997 [GMT -4:00]Running from: c:\documents and settings\p\Desktop\ComboFix.exeAV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\p\Application Data\.#c:\documents and settings\p\Recent\hpothb07.datc:\documents and settings\p\Recent\hpothb07.tifc:\documents and settings\p\Recent\Scan0001.tifc:\program files\Sharedc:\windows\Downloaded Program Files\popcaploader.dllc:\windows\Downloaded Program Files\popcaploader.infc:\windows\system32\Datac:\windows\system32\encapi32.dllInfected copy of c:\windows\system32\drivers\pciide.sys was found and disinfected Restored copy from - Kitty had a snack .((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 ))))))))))))))))))))))))))))))).2010-07-14 13:41 . 2010-07-14 13:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\gloleufle2010-07-13 17:12 . 2010-07-13 17:12 503808 ----a-w- c:\documents and settings\p\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-553f8a47-n\msvcp71.dll2010-07-13 17:12 . 2010-07-13 17:12 499712 ----a-w- c:\documents and settings\p\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-553f8a47-n\jmc.dll2010-07-13 17:12 . 2010-07-13 17:12 348160 ----a-w- c:\documents and settings\p\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-553f8a47-n\msvcr71.dll2010-07-13 17:12 . 2010-07-13 17:12 61440 ----a-w- c:\documents and settings\p\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6a37d629-n\decora-sse.dll2010-07-13 17:12 . 2010-07-13 17:12 12800 ----a-w- c:\documents and settings\p\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6a37d629-n\decora-d3d.dll2010-07-13 17:12 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-07-13 17:06 . 2010-07-13 17:08 -------- d-----w- c:\program files\Common Files\Adobe2010-07-13 03:17 . 2010-02-17 20:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2010-07-13 03:17 . 2010-02-17 20:52 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys2010-07-13 03:17 . 2010-02-17 20:52 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys2010-07-13 03:17 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys2010-07-13 03:17 . 2010-07-13 03:17 -------- d-----w- c:\program files\Common Files\McAfee2010-07-13 03:17 . 2010-07-13 03:17 -------- d-----w- c:\program files\McAfee.com2010-07-13 03:16 . 2010-07-16 19:59 -------- d-----w- c:\program files\McAfee2010-07-13 03:14 . 2010-02-17 20:52 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys2010-07-13 01:54 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-07-13 01:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-07-13 01:32 . 2010-07-13 01:32 -------- d-----w- c:\windows\system32\wbem\Repository2010-07-12 16:17 . 2010-07-13 01:30 -------- dc----w- c:\windows\ie8(2)2010-07-12 02:53 . 2010-07-12 02:53 -------- d-----w- c:\documents and settings\p\IECompatCache2010-07-11 17:46 . 2010-07-11 17:46 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache2010-07-11 16:01 . 2010-07-11 16:01 -------- d-----w- c:\documents and settings\p\Application Data\Malwarebytes2010-07-11 16:01 . 2010-07-13 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-11 16:01 . 2010-07-11 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-07-11 14:31 . 2010-07-11 14:31 -------- d-----w- c:\documents and settings\LocalService\IETldCache2010-07-11 13:46 . 2010-07-11 13:46 -------- d-----w- c:\documents and settings\NetworkService\IETldCache2010-07-11 13:44 . 2010-07-11 13:44 -------- d-----w- c:\documents and settings\p\IETldCache2010-07-11 13:29 . 2010-05-04 17:20 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll2010-07-11 13:29 . 2010-05-04 17:20 78336 ----a-w- c:\windows\system32\ieencode.dll2010-07-11 02:59 . 2010-07-13 01:32 -------- d-----w- C:\127d526d9545186a8bb30c2010-07-10 20:50 . 2010-07-10 20:50 552 ----a-w- c:\windows\system32\d3d8caps.dat2010-07-10 20:50 . 2010-07-14 13:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2010-07-03 21:30 . 2010-07-01 17:52 1496064 ----a-w- c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\yzdkbsi6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll2010-07-03 21:30 . 2010-07-01 17:51 43008 ----a-w- c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\yzdkbsi6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll2010-07-03 21:30 . 2010-07-01 17:51 338944 ----a-w- c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\yzdkbsi6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll2010-07-03 21:30 . 2010-07-01 17:51 346112 ----a-w- c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\yzdkbsi6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll2010-06-19 19:17 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\p\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2010-06-19 16:12 . 2010-06-19 16:12 -------- d-----w- c:\program files\Common Files\Software Update Utility2010-06-19 16:12 . 2010-06-19 16:12 -------- d-----w- c:\documents and settings\p\Local Settings\Application Data\AIM2010-06-19 16:12 . 2010-06-19 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM2010-06-19 16:10 . 2010-06-19 16:12 -------- d-----w- c:\program files\AIM2010-06-18 22:03 . 2010-06-18 22:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-07-18 12:09 . 2009-04-19 13:30 -------- d-----w- c:\documents and settings\p\Application Data\skypePM2010-07-17 23:31 . 2009-04-19 13:24 -------- d-----w- c:\documents and settings\p\Application Data\Skype2010-07-17 23:29 . 2008-10-08 20:43 -------- d-----w- c:\documents and settings\p\Application Data\OpenOffice.org22010-07-16 20:06 . 2008-08-15 04:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat2010-07-13 17:13 . 2008-08-15 04:08 -------- d-----w- c:\program files\Common Files\Java2010-07-13 17:12 . 2008-08-15 04:08 -------- d-----w- c:\program files\Java2010-07-13 03:21 . 2009-02-08 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2010-07-12 23:29 . 2010-07-14 13:40 232262 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat2010-07-09 02:34 . 2009-05-17 02:19 -------- d-----w- c:\documents and settings\p\Application Data\Move Networks2010-06-28 20:45 . 2009-01-22 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-06-25 20:25 . 2008-08-20 14:15 106064 ----a-w- c:\documents and settings\p\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-06-18 22:02 . 2009-10-29 12:12 -------- d-----w- c:\program files\McAfee Security Scan2010-06-10 23:09 . 2009-03-23 02:59 -------- d-----w- c:\program files\Microsoft Silverlight2010-06-02 15:37 . 2010-06-09 12:22 80896 ----a-w- c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\yzdkbsi6.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll2010-06-02 15:37 . 2010-06-09 12:22 50176 ----a-w- c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\yzdkbsi6.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll2010-06-01 00:32 . 2009-02-08 20:56 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys2010-05-24 03:06 . 2010-05-24 03:06 503808 ----a-w- c:\documents and settings\p\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-745ccfd0-n\msvcp71.dll2010-05-24 03:06 . 2010-05-24 03:06 499712 ----a-w- c:\documents and settings\p\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-745ccfd0-n\jmc.dll2010-05-24 03:06 . 2010-05-24 03:06 348160 ----a-w- c:\documents and settings\p\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-745ccfd0-n\msvcr71.dll2010-05-12 16:55 . 2009-11-05 23:51 143976 ----a-w- c:\documents and settings\p\Application Data\Move Networks\uninstall.exe2010-05-12 16:55 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\p\Application Data\Move Networks\plugins\npqmp071701000002.dll2010-05-12 16:55 . 2010-05-12 16:54 1794456 ----a-w- c:\documents and settings\p\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe2010-05-04 17:20 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll2010-05-04 17:20 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll2010-05-02 05:22 . 2004-08-10 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys2010-04-20 14:22 . 2010-04-20 14:22 161104 ----a-w- c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\yzdkbsi6.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll2010-04-20 05:30 . 2004-08-10 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-12-21 818288]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]"Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-20 53248]"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-20 131072]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-02-23 1159168]"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]c:\documents and settings\p\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-15 24576]Forget Me Not.lnk - c:\program files\Broderbund\AG Print\AGremind.exe [2008-9-15 319488]hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2004-6-16 147456]hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-6-16 28672]McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]MiniEYE-MiniREAD Launch.lnk - c:\program files\Infinite Mind LC\eyeQ\ARLaunch.exe [2009-5-14 323584]Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]Qshelf.lnk - c:\program files\Microsoft Reference\Bookshelf 98\qshelf98.exe [2008-8-20 123904][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@=""[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\AIM\\aim.exe"="c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/12/2010 11:20 PM 203280]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/22/2008 6:12 PM 24652]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232].Contents of the 'Scheduled Tasks' folder2010-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]2008-11-17 c:\windows\Tasks\FRU Task 2004-06-17 01:06ewlett-Packard2004-06-17 01:06p psc 1200 seriesD66655067F78228D3716D2BFC2C61DA319188DBF218927090.job- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2004-06-16 22:06]2010-07-13 c:\windows\Tasks\McDefragTask.job- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-07-13 16:22]2010-07-13 c:\windows\Tasks\McQcTask.job- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-07-13 16:22]..------- Supplementary Scan -------.uStart Page = hxxp://www.comcast.net/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000Trusted Zone: intuit.com\ttlcTrusted Zone: turbotax.comDPF: {7D492D61-303A-45C3-8A55-63449339943D} - hxxp://www.shockwave.com/content/nightshiftcode/sis/NightShiftCodeWeb.1.0.0.5.cabDPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cabFF - ProfilePath - c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\yzdkbsi6.default\FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=19-06-2010&tb_mrud=19-06-2010FF - prefs.js: browser.search.selectedEngine - Surf CanyonFF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=19-06-2010&tb_mrud=19-06-2010&query=FF - component: c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\yzdkbsi6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dllFF - component: c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\yzdkbsi6.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dllFF - component: c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\yzdkbsi6.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dllFF - component: c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\yzdkbsi6.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dllFF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dllFF - plugin: c:\documents and settings\p\Application Data\Move Networks\plugins\npqmp071503000010.dllFF - plugin: c:\documents and settings\p\Application Data\Move Networks\plugins\npqmp071701000002.dllFF - plugin: c:\program files\GoBit Games\BrowserPlugin\npgobitgamesplugin.dllFF - plugin: c:\program files\Microsoft\Office Live\npOLW.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npgobitgamesplugin.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dllFF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dllFF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falseFF - user.js: browser.sessionstore.resume_from_crash - falseFF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);.- - - - ORPHANS REMOVED - - - -AddRemove-Math Compass - c:\program files\Math Compass\uninst.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-07-18 14:06Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2010-07-18 14:10:45ComboFix-quarantined-files.txt 2010-07-18 18:10Pre-Run: 112,733,835,264 bytes freePost-Run: 113,437,016,064 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect- - End Of File - - 2E9B8B09BB7711ACCD6FD8D8102C7C56 Link to post Share on other sites More sharing options...
kahdah Posted July 18, 2010 ID:286293 Share Posted July 18, 2010 Ok it seems to have finished correctly.Please navigate to this folder and delete it.c:\documents and settings\NetworkService\Local Settings\Application Data\gloleufleIf you cannot find it simply go to Start > Run then paste in this file path c:\documents and settings\NetworkService\Local Settings\Application Data\ and hit the ok button and it will open where the folder is.See if you can now use Internet Explorer and if not just do the mbam step if you can now use IE then do both of the following steps.===========================================Update Run MalwarebytesPlease update\run Malwarebytes' Anti-Malware.Double Click the Malwarebytes Anti-Malware icon to run the application.Click on the update tab then click on Check for updates.If an update is found, it will download and install the latest version.Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.=====Please do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post. Link to post Share on other sites More sharing options...
peterpan Posted July 18, 2010 Author ID:286356 Share Posted July 18, 2010 As per your instructions, here is the MBAM scan. I was unable to open IE.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4324Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.137/18/2010 5:26:23 PMmbam-log-2010-07-18 (17-26-23).txtScan type: Quick scanObjects scanned: 138470Time elapsed: 6 minute(s), 29 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
kahdah Posted July 19, 2010 ID:286577 Share Posted July 19, 2010 Hi let's try to roll IE7 back to IE6.You can do this through Add\remove programs.Highlight Internet explorer 7 and choose remove.See if you can then get the online scanner to work. Link to post Share on other sites More sharing options...
peterpan Posted July 19, 2010 Author ID:286652 Share Posted July 19, 2010 I think we're running IE8. How do I do the online scanner? I'm assuming it's found in IE6? Link to post Share on other sites More sharing options...
peterpan Posted July 19, 2010 Author ID:286656 Share Posted July 19, 2010 Ahh, Internet Explorer is not showing up in my Add/Remove file. I've checked the Start>Program Files, but it will only remove the icon. Any suggestions? BTW I'll check again, maybe I'm just missing it. Link to post Share on other sites More sharing options...
peterpan Posted July 19, 2010 Author ID:286665 Share Posted July 19, 2010 Sorry about this, found IE7 but there are no Add/Remove buttons when highlighted. In the 'remove Windows components' box I could uncheck IE but doing that only removes access to it from desktop and start menu. Link to post Share on other sites More sharing options...
kahdah Posted July 19, 2010 ID:286774 Share Posted July 19, 2010 Ok from your DDS log the version shows as 7 Internet Explorer: 7.0 please try to do it this way.Try this way:Click Start, and then click Run.In the Open box, type %windir%\ie7\spuninst\spuninst.exe, and then click OK.Follow the wizard instructions to uninstall Internet Explorer 7.After that just click on the link to do the online scanner and see if it works then. Link to post Share on other sites More sharing options...
peterpan Posted July 19, 2010 Author ID:286822 Share Posted July 19, 2010 Ran Kaspersky Online Scanner but had a black out that cut it short. I'm running it again. Hopefully no more blackouts. I'll let you know if IE works when it finishes. Thnx. Link to post Share on other sites More sharing options...
peterpan Posted July 19, 2010 Author ID:286826 Share Posted July 19, 2010 There was nothing in the log, but Internet Explorer works!! Yippee! I can't thank you enough! You rock!! Seriously, I don't have funds now, but can you tell me how to go about making a future donation to you? Should I just look for these posts (Mine) when I can donate, and click the Donate button? I know I will be purchasing the Malware program as soon as I am able. BTW, do you recommend updating IE to version 8 or should I leave well enough alone? Again, my sincere thanks Kahdah. PeterPan Link to post Share on other sites More sharing options...
kahdah Posted July 20, 2010 ID:286974 Share Posted July 20, 2010 Great I am glad it works.You can donate by clicking the donate button.I do not work for mbam I volunteer.Those donations go to me and thanks for the thought I would go ahead and update to IE8 it should work fine now.If not you can always roll it back Please run DDS once more and post the DDS.txt that pops up. Link to post Share on other sites More sharing options...
peterpan Posted July 20, 2010 Author ID:287004 Share Posted July 20, 2010 Here is the DDS.txt log as requested. Is it OK to enable the CD-Rom emulation software drivers? If so, please tell me how. Again, my thanks.DDS (Ver_10-03-17.01) - NTFSx86 Run by p at 21:34:01.26 on Mon 07/19/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.374 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exeC:\WINDOWS\stsystra.exeC:\Program Files\Creative\VoiceCenter\AndreaVC.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\Rundll32.exeC:\DOCUME~1\p\LOCALS~1\Temp\clclean.0001C:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\McAfee.com\Agent\mcagent.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\AIM\aim.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\Program Files\Microsoft Reference\Bookshelf 98\qshelf98.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\OpenOffice.org 2.4\program\soffice.exeC:\Program Files\OpenOffice.org 2.4\program\soffice.BINC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\p\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.comcast.net/mStart Page = hxxp://www.yahoo.com/uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dlluRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenteruRun: [setDefaultMIDI] MIDIDef.exeuRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /RuRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /backgrounduRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quietuRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" bootuRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimizeduRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-USuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 GTB6 (.NET CLR 3.5.30729)" -"http://www.shockwave.com/gamelanding/figureskating.jsp?extcmp=5_figureskating_ON_df_OL_online_home"uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -pmRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exemRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exemRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCentermRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"mRun: [sigmatelSysTrayApp] stsystra.exemRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /traymRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /rmRun: [MBMon] Rundll32 CTMBHA.DLL,MBMonmRun: [updReg] c:\windows\UpdReg.EXEmRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXEmRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hidemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"StartupFolder: c:\docume~1\p\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag print\AGremind.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\miniey~1.lnk - c:\program files\infinite mind lc\eyeq\ARLaunch.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\qshelf.lnk - c:\program files\microsoft reference\bookshelf 98\qshelf98.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllTrusted Zone: intuit.com\ttlcTrusted Zone: turbotax.comDPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://www.shockwave.com/content/cookingdash/sis/CookingDashWeb.1.0.0.9.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dllDPF: {7D492D61-303A-45C3-8A55-63449339943D} - hxxp://www.shockwave.com/content/nightshiftcode/sis/NightShiftCodeWeb.1.0.0.5.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cabDPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://chill.comcast.net/GameShell/online/en/insaniquarium_new/popcaploader_v10.cabDPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cabHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\p\applic~1\mozilla\firefox\profiles\yzdkbsi6.default\FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=19-06-2010&tb_mrud=19-06-2010FF - prefs.js: browser.search.selectedEngine - Surf CanyonFF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=19-06-2010&tb_mrud=19-06-2010&query=FF - component: c:\documents and settings\p\application data\mozilla\firefox\profiles\yzdkbsi6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dllFF - component: c:\documents and settings\p\application data\mozilla\firefox\profiles\yzdkbsi6.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\ebayAccessComponent.dllFF - component: c:\documents and settings\p\application data\mozilla\firefox\profiles\yzdkbsi6.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\ebayShortcutMaker.dllFF - component: c:\documents and settings\p\application data\mozilla\firefox\profiles\yzdkbsi6.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dllFF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dllFF - plugin: c:\documents and settings\p\application data\move networks\plugins\npqmp071503000010.dllFF - plugin: c:\documents and settings\p\application data\move networks\plugins\npqmp071701000002.dllFF - plugin: c:\program files\gobit games\browserplugin\npgobitgamesplugin.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dllFF - plugin: c:\program files\mozilla firefox\plugins\npgobitgamesplugin.dllFF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dllFF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falseFF - user.js: browser.sessionstore.resume_from_crash - falseFF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");============= SERVICES / DRIVERS ===============R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-8 385880]R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-22 54752]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-7-12 203280]R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-7-12 359952]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-7-12 144704]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-22 24652]R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-7-12 606736]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-12 79816]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-12 35272]R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-7-12 40552]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-7-12 34248]=============== Created Last 30 ================2010-07-19 17:57:32 230 ----a-w- c:\windows\system32\spupdsvc.inf2010-07-18 22:30:34 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2010-07-18 17:50:50 0 d-sha-r- C:\cmdcons2010-07-18 17:46:52 77312 ----a-w- c:\windows\MBR.exe2010-07-18 17:46:51 98816 ----a-w- c:\windows\sed.exe2010-07-18 17:46:51 256512 ----a-w- c:\windows\PEV.exe2010-07-18 17:46:51 161792 ----a-w- c:\windows\SWREG.exe2010-07-14 16:35:17 0 ----a-w- c:\documents and settings\p\defogger_reenable2010-07-13 17:12:27 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-07-13 17:12:27 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-07-13 03:21:37 9285 ----a-w- c:\windows\system32\Config.MPF2010-07-13 03:17:43 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2010-07-13 03:17:43 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys2010-07-13 03:17:43 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys2010-07-13 03:17:37 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys2010-07-13 03:17:03 0 d-----w- c:\program files\common files\McAfee2010-07-13 03:17:02 0 d-----w- c:\program files\McAfee.com2010-07-13 03:16:54 0 d-----w- c:\program files\McAfee2010-07-13 03:14:06 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys2010-07-13 01:54:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-07-13 01:54:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-07-13 01:32:27 0 d-----w- c:\windows\system32\wbem\Repository2010-07-12 16:17:54 0 dc----w- c:\windows\ie8(2)2010-07-12 02:53:57 0 d-----w- c:\documents and settings\p\IECompatCache2010-07-11 16:01:42 0 d-----w- c:\docume~1\p\applic~1\Malwarebytes2010-07-11 16:01:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-07-11 16:01:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-07-11 13:44:15 0 d-----w- c:\documents and settings\p\IETldCache2010-07-11 13:29:38 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll2010-07-11 13:29:38 81920 ----a-w- c:\windows\system32\ieencode.dll2010-07-11 02:59:02 0 d-----w- C:\127d526d9545186a8bb30c2010-07-10 20:50:59 552 ----a-w- c:\windows\system32\d3d8caps.dat2010-07-02 17:17:20 8341 ----a-w- c:\documents and settings\p\Cover sheet for Jason Struble at David Stern Law Firm.wks2010-06-28 00:10:07 786432 ----a-w- C:\ffastunT.ffl==================== Find3M ====================2010-06-01 00:32:58 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys2009-05-24 22:50:37 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052420090525\index.dat============= FINISH: 21:34:40.50 =============== Link to post Share on other sites More sharing options...
kahdah Posted July 20, 2010 ID:287229 Share Posted July 20, 2010 Yes you can re-enable them now DeFogger - Re-Enable To re-enable your Emulation drivers, double click DeFogger to run the tool.The application window will appearClick the Re-enable button to re-enable your CD Emulation drivers.Click Yes to continueA 'Finished!' message will appearClick OKDeFogger will now ask to reboot the machine - click OKIMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.Your Emulation drivers are now re-enabled.===================================Cleanup======= Click START then RUN Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.===============Update JavaYour Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.Scroll down to where it says "(JRE) then click on itClick the "Download" button to the right.Select your Platform: "Windows".Select your Language: "Multi-language".Read the License Agreement, and then check the box that says: "Accept License Agreement".Click Continue and the page will refresh.Click on the link to download Windows Offline Installation and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.======================Clear out infected System Restore points======================Then we need to reset your System Restore points.The link below shows how to do this.How to Turn On and Turn Off System Restore in Windows XPhttp://support.microsoft.com/kb/310405/en-usIf you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual Delete\uninstall anything else that we have used that is leftover.=====================================After that your all set. The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes. If your computer is slow Is a tutorial on what you can do if your computer is slow.File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc... Link to post Share on other sites More sharing options...
peterpan Posted July 20, 2010 Author ID:287360 Share Posted July 20, 2010 Computer cannot find the file: Combofix /uninstall. I was very careful to type in the file name as instructed. I did this several times. Still cannot find it. I searched the C drive (Start > Search), found the ComboFix log as well as Combofix quarantined files. The quarantined files folder ( C:\Qoobox ) seems to have a file in it called Add/Remove.txt (this shows up when I pass the cursor over the folder icon), but I am leery of opening it since it has files that have been quarantined. Any ideas? Link to post Share on other sites More sharing options...
peterpan Posted July 20, 2010 Author ID:287389 Share Posted July 20, 2010 BTW, the computer constantly refreshes the page currently open without my prompting. Could you tell me how to fix this? I appreciate it Kahdah. Link to post Share on other sites More sharing options...
kahdah Posted July 20, 2010 ID:287423 Share Posted July 20, 2010 Is combofix on the desktop still?If it is not re-download it again and do the same steps.Can you elaborate on this:BTW, the computer constantly refreshes the page currently open without my prompting. Could you tell me how to fix this? Link to post Share on other sites More sharing options...
peterpan Posted July 21, 2010 Author ID:287873 Share Posted July 21, 2010 Whenever I am on a page (particularly Earthlink email) the "loading page" indicator at the bottom right of screen continually appears, the screen stutters and then is OK. Kind of like when you refresh a page and it already shows the most current info. It may do this 2 or three times, but had never done this before. Link to post Share on other sites More sharing options...
kahdah Posted July 21, 2010 ID:287889 Share Posted July 21, 2010 Does it do that after upgrading to IE8? Link to post Share on other sites More sharing options...
peterpan Posted July 21, 2010 Author ID:287925 Share Posted July 21, 2010 Haven't upgraded to IE again yet, but yes, it did in fact begin after we initially did upgrade. Link to post Share on other sites More sharing options...
kahdah Posted July 21, 2010 ID:287934 Share Posted July 21, 2010 Ok so what version are you at now? Link to post Share on other sites More sharing options...
peterpan Posted July 21, 2010 Author ID:288026 Share Posted July 21, 2010 Currently running IE6 after rolling back from IE7 (see posts 6 and 10). Have not upgraded to IE8 as per posts 11 or 12. Ironically we installed IE8 (prior to contacting Malwarebytes), but it never showed up in the Add/Remove files. Link to post Share on other sites More sharing options...
kahdah Posted July 21, 2010 ID:288049 Share Posted July 21, 2010 Ok I misunderstood what you posted.My apologies..Go ahead and re-upgrade to IE8 and see if it changes. Link to post Share on other sites More sharing options...
peterpan Posted July 21, 2010 Author ID:288086 Share Posted July 21, 2010 No worries. Will do and let you know. Link to post Share on other sites More sharing options...
Recommended Posts