Jump to content

Recommended Posts

For the past few days I have been unable to open any programs like Malwarebytes or the calculator. Every time I try, I get the "Open With" box that prompts me to choose a program from the provided list. I am able to access Firfox via Safe Mode by selecting Firefox from the list provided in the Open With box. When I select Firefox a box opens saying I "have chosen to open firefox.exe" and it wants me to "Save File". I choose Cancel instead and am able to access Firefox.

I have read the "I'm infected - What do I do Now?" thread. I cannot run Malwarebytes from my desktop. Each time I try, the "Open With" box opens and says "Choose the program you want to use to open this file:

File: iexplore.exe" followed by a list of Programs to choose from.

I tried downloading DeFogger, but when I try to open DeFogger.exe from the Download list, I get this popup box:

C:\Documents and Settings\Me\MyDocuments\Downloads\Defogger.exe

Application not found

I have tried searching on this website and on the internet for a solution, but I don't know if the suggestions I've found are appropriate. I am able to open My Computer and my personal drives, but can't run any anti-virus software like McAfee. McAfee says that "Real-Time Scanning is off", but it won't let me turn it on. I apologize if this "Open With" problem has been covered elsewhere on this forum. If it is, please direct me to the solution.

Please help!

Much appreciated.

Link to post
Share on other sites

Hi emilywvu82

:welcome:

Please download exeHelper from one of the two links.

Link 1

Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Next

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Link to post
Share on other sites

Thank you for your reply, Kenny94. Here are the contents of log.txt:

exeHelper by Raktor

Build 20100414

Run at 21:27:11 on 05/13/11

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Checking for bad files...

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

Here is the DDS.txt:

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by Me at 22:33:42.03 on Fri 05/13/2011

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.763 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Documents and Settings\Me\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

mDefault_Page_URL = hxxp://www.yahoo.com/

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

{1989a57b-33ee-43d9-94f9-d60c1cde3eb5}

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101118100253.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar5.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar5.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Aim6]

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware (2011)\malwarebytes' anti-malware\iexplore.exe" /runcleanupscript

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\me\startm~1\programs\startup\cyber-~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe

StartupFolder: c:\docume~1\me\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: aplfcu.org\www

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: wkglobal.com\mailna

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL lsvdeu.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvVPfgH

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\kjbbek1n.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://forums.malwarebytes.org/index.php?showforum=7

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - component: c:\documents and settings\me\application data\mozilla\firefox\profiles\kjbbek1n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\me\application data\mozilla\firefox\profiles\kjbbek1n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07030901.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 386840]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-10 84072]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-10 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-10 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-10 141792]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-10 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-10-10 88544]

S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-11-4 6656]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-10 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-10 271480]

S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-10 271480]

S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-10 171168]

S2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-6-24 91456]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-19 24652]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-10 55840]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-7-14 30192]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-16 38224]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-10 152960]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-10 52104]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-10-10 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-10 84264]

S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2002-2-20 72576]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll

2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 22:33:58.92 ===============

Here is the Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 7/22/2006 10:27:53 PM

System Uptime: 5/13/2011 9:23:15 PM (1 hours ago)

.

Motherboard: Dell Computer Corp. | | 0WF887

Processor: Intel® Celeron® CPU 2.53GHz | Microprocessor | 2527/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 109 GiB total, 83.964 GiB free.

D: is FIXED (NTFS) - 37 GiB total, 37.173 GiB free.

E: is CDROM (CDFS)

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader 7.0

AIM 6

AiO_Scan_CDA

AiOSoftwareNPI

Akamai NetSession Interface

AOL Coach Version 1.0(Build:20040229.1 en)

AOL Uninstaller (Choose which Products to Remove)

AOLIcon

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AutoUpdate

Banctec Service Agreement

Bonjour

BufferChm

C3100

c3100_Help

CDex extraction audio

Conexant D850 56K V.9x DFVc Modem

Critical Update for Windows Media Player 11 (KB959772)

Dell CinePlayer

Dell Driver Reset Tool

Dell Support Center (Support Software)

Dell System Restore

DellSupport

Destinations

DeviceManagementQFolder

Digital Content Portal

Digital Line Detect

DING!

DivX Codec

DivX Converter

DocProc

DocProcQFolder

Documentation & Support Launcher

doubleTwist

EarthLink setup files

EducateU

ELIcon

eSupportQFolder

Fax_CDA

ffdshow [rev 2527] [2008-12-19]

Full Tilt Poker.Net

Games, Music, & Photos Launcher

Google Desktop

Google Toolbar for Internet Explorer

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

HP Imaging Device Functions 7.0

HP Photosmart and Deskjet 7.0.A

HP Photosmart Essential

HP Product Assistant

HP Solution Center 7.0

HP Update

HPPhotoSmartExpress

HPProductAssistant

InstantShareDevicesMFC

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet for Wired Connections

iPod for Windows 2006-01-10

IrfanView (remove only)

iTunes

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 13

Java 6 Update 2

Java 6 Update 5

LiveUpdate 2.6 (Symantec Corporation)

Malwarebytes' Anti-Malware

McAfee Security Scan Plus

McAfee SecurityCenter

McAfee Virtual Technician

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 2000 SR-1 Professional

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

MobileMe Control Panel

Modem Helper

MotoConnect 1.1.31

Motorola Mobile Drivers Installation 4.7.1

Move Networks Player for Firefox

Mozilla Firefox 4.0.1 (x86 en-US)

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetZeroInstallers

NewCopy_CDA

OCR Software by I.R.I.S 7.0

PanoStandAlone

ProductContextNPI

QuickTime

Readme

RealPlayer

Rhapsody Player Engine

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Scan

ScannerCopy

Search Assist

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SolutionCenter

Sonic Activation Module

Sonic Update Manager

Sony Picture Utility

Sony USB Driver

Status

Toolbox

TrayApp

TurboTax 2010

TurboTax 2010 waliper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

URL Assistant

Veetle TV 0.9.18

Viewpoint Media Player

WebCyberCoach 3.2 Dell

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Installer 3.1 (KB893803)

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

WordPerfect Office 12

Yahoo! Browser Services

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

5/8/2011 10:54:26 PM, error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s).

5/6/2011 6:45:56 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

5/13/2011 10:07:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}

5/12/2011 8:46:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

5/12/2011 8:36:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

5/12/2011 8:31:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/12/2011 6:49:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm

5/12/2011 6:48:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

.

==== End Of File ===========================

***If you need any additional information from me, please let me know. Thanks so much!

Link to post
Share on other sites

Hi CajunAngelLisa,

You should start your own topic as exeHelper is a temporary fix in most cases.

Hi emilywvu82.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Kenny94, here is the log from Combofix: (thank you!)

ComboFix 11-05-14.03 - Me 05/15/2011 10:34:22.1.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.766 [GMT -5:00]

Running from: c:\documents and settings\Me\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\t0m8ctog368483w04675vl7l06dw6i5r6krf

c:\documents and settings\Me\GoToAssistDownloadHelper.exe

c:\documents and settings\Me\Local Settings\Application Data\{AF7B8871-5102-49FD-9B52-CBC6554D40B3}

c:\documents and settings\Me\Local Settings\Application Data\{AF7B8871-5102-49FD-9B52-CBC6554D40B3}\chrome.manifest

c:\documents and settings\Me\Local Settings\Application Data\{AF7B8871-5102-49FD-9B52-CBC6554D40B3}\chrome\content\_cfg.js

c:\documents and settings\Me\Local Settings\Application Data\{AF7B8871-5102-49FD-9B52-CBC6554D40B3}\chrome\content\c.js

c:\documents and settings\Me\Local Settings\Application Data\{AF7B8871-5102-49FD-9B52-CBC6554D40B3}\chrome\content\overlay.xul

c:\documents and settings\Me\Local Settings\Application Data\{AF7B8871-5102-49FD-9B52-CBC6554D40B3}\install.rdf

c:\documents and settings\Me\Local Settings\Application Data\t0m8ctog368483w04675vl7l06dw6i5r6krf

c:\documents and settings\Me\Start Menu\Programs\System Tool

c:\documents and settings\Me\Start Menu\Programs\System Tool\System Tool 2011.lnk

c:\documents and settings\Me\Templates\t0m8ctog368483w04675vl7l06dw6i5r6krf

c:\windows\system32\cache329

c:\windows\system32\cache329\B_329_0_0_106800.htm

c:\windows\system32\cache329\B_329_0_0_107400.htm

c:\windows\system32\cache329\B_329_1_0_449200.gif

c:\windows\system32\cache329\B_329_1_0_449600.gif

c:\windows\system32\cache329\B_329_1_0_454300.gif

c:\windows\system32\cache329\B_329_2_0_105300.htm

c:\windows\system32\cache329\B_329_2_0_106800.htm

c:\windows\system32\cache329\B_329_2_0_107400.htm

c:\windows\system32\cache329\B_329_3_0_106800.htm

c:\windows\system32\cache329\B_329_3_0_107400.htm

c:\windows\system32\cache329\B_329_4_0_111600.htm

c:\windows\system32\cache329\B_329_4_0_152400.htm

c:\windows\system32\cache329\B_329_4_0_155300.htm

c:\windows\system32\cache329\B_329_4_0_164100.htm

c:\windows\system32\cache329\t_B_329_0_0_106800.htm

c:\windows\system32\cache329\t_B_329_0_0_107400.htm

c:\windows\system32\cache329\t_B_329_2_0_105300.htm

c:\windows\system32\cache329\t_B_329_2_0_106800.htm

c:\windows\system32\cache329\t_B_329_2_0_107400.htm

c:\windows\system32\cache329\t_B_329_3_0_106800.htm

c:\windows\system32\cache329\t_B_329_3_0_107400.htm

c:\windows\system32\cache329\t_B_329_4_0_111600.htm

c:\windows\system32\cache329\t_B_329_4_0_152400.htm

c:\windows\system32\cache329\t_B_329_4_0_155300.htm

c:\windows\system32\cache329\t_B_329_4_0_164100.htm

c:\windows\system32\HgfPVvut.ini

c:\windows\system32\HgfPVvut.ini2

c:\windows\system32\logs

c:\windows\system32\logs\{000ECFD6-380A-4012-8826-0A414DBA0210}.log

c:\windows\Tasks\lkiopfpj.job

D:\AUTORUN.INF

.

.

((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))))

.

.

2011-05-12 23:32 . 2011-05-12 23:32 -------- d-----w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45 . 2004-08-10 17:51 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-08-10 17:51 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-17 13:51 . 2004-08-10 17:51 667136 ----a-w- c:\windows\system32\wininet.dll

2011-02-17 13:51 . 2004-08-10 17:51 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-02-17 13:51 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-02-17 13:18 . 2006-07-14 23:01 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2006-07-14 23:01 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:37 . 2004-08-10 17:51 369664 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32 . 2009-06-25 23:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2004-08-10 17:50 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-05-06 02:19 . 2011-03-25 00:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-10-10 19:21 . 2007-08-13 02:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2010-10-14 04:28 . 2010-10-10 20:34 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]

"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-10 30192]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-12 148888]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-28 185896]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\Me\Start Menu\Programs\Startup\

Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-12-29 155648]

DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-14 24576]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Taskman"=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1036:TCP"= 1036:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/10/2010 3:34 PM 84072]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 12:51 PM 14336]

R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [11/4/2010 5:12 PM 6656]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2010 3:33 PM 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2010 3:33 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/10/2010 3:33 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [10/10/2010 3:34 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/10/2010 3:11 PM 141792]

R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [6/24/2010 2:34 PM 91456]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/19/2007 7:46 PM 24652]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/10/2010 3:34 PM 55840]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/10/2010 3:34 PM 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/10/2010 3:34 PM 88544]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/14/2006 6:32 PM 30192]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/16/2009 6:17 PM 38224]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/10/2010 3:34 PM 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/10/2010 3:34 PM 84264]

S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2/20/2002 1:34 AM 72576]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

Trusted Zone: aplfcu.org\www

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: wkglobal.com\mailna

FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\kjbbek1n.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://forums.malwarebytes.org/index.php?showforum=7

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{1989A57B-33EE-43D9-94F9-D60C1CDE3EB5} - (no file)

HKCU-Run-Aim6 - (no file)

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-15 11:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2532)

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\system32\rundll32.exe

c:\program files\Motorola\MotoConnectService\MotoConnect.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\program files\Real\RealPlayer\RealPlay.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

c:\program files\Common Files\InstallShield\UpdateService\agent.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\progra~1\mcafee\msc\mcupdmgr.exe

c:\program files\Java\jre6\bin\jucheck.exe

c:\program files\mcafee\virusscan\mcinsupd.exe

c:\program files\McAfee Security Scan\2.0.181\McUICnt.exe

.

**************************************************************************

.

Completion time: 2011-05-15 11:20:51 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-15 16:20

.

Pre-Run: 90,130,038,784 bytes free

Post-Run: 89,167,503,360 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 70BD8E4DD922169FEEE2811011826D9A

Link to post
Share on other sites

There are some older versions of Java and Adobe Acrobat Reader on your computer. These can be a source of the infection/infections.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel

Adobe Reader 7.0

Java 2 Runtime Environment, SE v1.4.2_03

Java

Link to post
Share on other sites

  • 2 weeks later...

Kenny94, thanks for the information. Which Java do I download on the page? I can't find "Java SE Runtime Environment (JRE) - JRE 6 Update 25" word for word. These are my options:

Java Platform, Standard Edition

-Java SE 6 Update 25

Java SE Development Kit (JDK) Bundles

-JDK 6 Update 25 with Java EE

-JDK 6 Update 25 with JavaFX 1.3.1 SDK

-JDK 6 Update 25 with NetBeans 7.0

Java SE Floating Point Updater Tool

JDK DST Timezone Update Tool - 1.3.38

Java SE 6 JDK Source Code

Link to post
Share on other sites

Here is the log from the MBAM scan this morning.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6670

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

5/24/2011 10:37:58 PM

mbam-log-2011-05-24 (22-37-58).txt

Scan type: Quick scan

Objects scanned: 173655

Time elapsed: 9 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

How are things now emilywvu82?

Please run this online scan to help look for remnants.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

Link to post
Share on other sites

Here is the logfile from the ESET scan.

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=20864277956c354c83940d0a3a8166b9

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-05-30 01:48:04

# local_time=2011-05-29 08:48:04 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5121 16777173 100 75 152230 22946352 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=77829

# found=5

# cleaned=0

# scan_time=7372

C:\Program Files\Common Files\Intuit\TurboTax\TY10\PER\MSI\WinPerReleaseEngine.msi probably a variant of Win32/PSW.OnLineGames.FRWEPAN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\doubleTwist 2.0\Infragistics2.Win.v8.2.dll probably a variant of Win32/PSW.OnLineGames.FRWEPAN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\TurboTax\Deluxe 2010\32bit\Infragistics2.Win.v8.2.dll probably a variant of Win32/PSW.OnLineGames.FRWEPAN trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\HgfPVvut.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\WINDOWS\system32\HgfPVvut.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I

Things have been running seemingly fine now for about a week. McAfee is working (firewall would not stay on before) and I have had no "open with" boxes popping up.

-Emily

Link to post
Share on other sites

The ESET entries are fine. Let's do some house cleaning on your computer:

Please download the OTM by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]

  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Your Computer is Clean

mr-clean.gif

Some final items:

Follow these steps to uninstall Combofix and tools used in the removal of malware

To remove all of the tools we used and the files and folders they created, please do the following:

Please download OTC.exe by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Secunia software inspector & update checker

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from to help speed up your computer.

Visit My Blog for Malware and Spyware Tips

6567E80CC55576485246E130E48A9FA8.png

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.