Jump to content

Help with combofix.exe.


Recommended Posts

Hi guys :)

I've been getting help with fixing problems from the FakeAlert!grb. Trojan. I had posted in another thread but I think it's closed now. I was adviced to install the combofix program, which I did from BleepingComputer. I've tried to run it 3 times now and each time it runs for a few seconds and looks great then it just stops and says something like... "!!ALERT!! It is not safe to continue! The contents of the combofix. package has been compromised. Please download a fresh copy from "Bleeping Computer" Note: You may be infected with a file patching virus 'Virut'". I then uninstall and reinstall combofix and it happens every time I try to run it. :angry: I've disabled my antivirus before installing and running the combofix so I don't think that's the problem? What now? Help again! :(

Thanks in advance :)

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Hello pinkwave and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------

In Internet Explorer, please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your Desktop.
  • Copy and Paste that information in your next post.

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Please include the Kaspersky Online Scan log in your next reply.

Link to post
Share on other sites

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them. ;)

If not, please let me know so I can close this topic.

-DFB

Yes I'm still with you but frankly, I'm now paranoid to do ANYTHING on here! I'm afraid to screw it up even more. I'm not that computer savvy!

Link to post
Share on other sites

Yes I'm still with you but frankly, I'm now paranoid to do ANYTHING on here! I'm afraid to screw it up even more. I'm not that computer savvy!

Ok I just tried it. It seemed to be installing updates fine for awhile then it stopped and this message came up " ! Update has failed The program could not be started, Please close the window of Kapersky online scanner 7.0 and start the program again from the website of Kaspersky Lab.

Successful updating of Kaspersky online scanner 7.0 and scanning of your computer requires uninterrupted internet connection. Please make sure that the internet connection is established {Error: Anti-virus database was updated after licence expiry}

What now? That's all Greek to me :unsure:

Link to post
Share on other sites

Try this one :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the option Remove found threats is UNCHECKED, and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Try this one :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the option Remove found threats is UNCHECKED, and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

LOL! Good Grief! What are you doing to me? OK here goes :o

Link to post
Share on other sites

LOL! Good Grief! What are you doing to me? OK here goes :o

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=db655807c38bc34daada13d708d303d2

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-26 10:57:42

# local_time=2011-06-26 06:57:42 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 565134 565134 0 0

# compatibility_mode=5121 16777189 100 75 620857 21708061 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=108080

# found=0

# cleaned=0

# scan_time=1335

Link to post
Share on other sites

Good, let's try the following :):

Please download Malwarebytes' Anti-Malware to your Desktop

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK for either of the prompts and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

Link to post
Share on other sites

Good, let's try the following :):

Please download Malwarebytes' Anti-Malware to your Desktop

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.

Note:Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6956

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/26/2011 10:53:10 PM

mbam-log-2011-06-26 (22-53-10).txt

Scan type: Full scan (C:\|)

Objects scanned: 244276

Time elapsed: 34 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{0F86BDF8-E8F0-442B-8F77-F59A7A80CD59} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F86BDF8-E8F0-442B-8F77-F59A7A80CD59} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK for either of the prompts and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

Link to post
Share on other sites

Please do the following:

  • Download DDS by sUBs from one of the following links. Save it to your Desktop.

    NOTE: Before scanning, make sure all other running programs are closed

    There shouldn't be any scheduled antivirus scans running while the scan is being performed.

    Do not use your computer for anything else during the scan.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your Desktop.

Link to post
Share on other sites

Please do the following:

  • Download DDS by sUBs from one of the following links. Save it to your Desktop.

    NOTE: Before scanning, make sure all other running programs are closed

    There shouldn't be any scheduled antivirus scans running while the scan is being performed.

    Do not use your computer for anything else during the scan.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your Desktop.

I'll have to run that tonight. I have to do something on here for now. Will this eventually get rid of redirect, because that sure is annoying?! I wish I knew all the correct terminology, but I don't. :rolleyes: It sure would be easier to explain things. For instance when I click on start at the bottom left, there is nothing between USER and All Programs. I also have no sound in some programs, like YouTube. All kinds of strange "stuff" <_< Thanks for helping :)

Link to post
Share on other sites

We'll get to the bottom of it. ;)

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by USER at 19:54:50 on 2011-06-27

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2949 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Documents and Settings\USER\Bluebirds\BlueBirds.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ca.yahoo.com/?p=us

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110608220712.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [bluebirds] c:\documents and settings\user\bluebirds\BlueBirds.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1309118856203

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 64.71.255.198

TCP: Interfaces\{FC55C39F-9E8D-46CA-9D91-D76C54290E11} : DhcpNameServer = 64.71.255.198

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: TPSvc - TPSvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-6-8 84200]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-8 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-8 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-8 271480]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-8 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-8 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-8 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-8 148520]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-6-8 56064]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-8 153280]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-6-8 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-6-8 88736]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-26 366640]

S3 cpuz132;cpuz132;\??\c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-26 39984]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-8 52320]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-6-8 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-8 84488]

.

=============== Created Last 30 ================

.

2011-06-27 02:16:38 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes

2011-06-27 02:16:31 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-27 02:16:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-27 02:16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-26 21:57:04 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-06-26 21:57:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-26 21:23:08 -------- d-----w- c:\program files\MSXML 4.0

2011-06-26 21:20:42 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-06-26 21:20:42 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-06-26 21:20:42 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-06-26 21:20:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-06-26 21:20:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-06-26 21:20:40 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-06-26 21:20:17 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-06-26 21:12:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-06-26 21:11:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-06-26 21:11:10 272128 ------w- c:\windows\system32\drivers\bthport.sys

2011-06-26 20:41:40 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters

2011-06-26 20:41:13 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2011-06-26 20:18:07 -------- d-----w- c:\documents and settings\user\application data\Driver Smith

2011-06-26 20:18:02 -------- d-----w- c:\program files\DriverSmith

2011-06-26 20:09:56 -------- d-----w- c:\windows\system32\PreInstall

2011-06-26 20:09:54 -------- d--h--w- c:\windows\$hf_mig$

2011-06-26 20:08:22 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-06-26 20:08:22 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-06-26 20:08:21 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-06-26 20:08:21 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-06-26 20:08:21 -------- d-----w- c:\windows\system32\SoftwareDistribution

2011-06-26 19:51:47 -------- d-----w- C:\GameHouse Games

2011-06-26 18:45:57 -------- d-----w- c:\documents and settings\user\application data\WendigoStudios

2011-06-26 18:45:07 -------- d-----w- c:\program files\The Timebuilders - Caveman's Prophecy

2011-06-25 22:28:55 -------- d-----w- c:\program files\Wedding Dash 2 - Rings Around the World

2011-06-20 02:55:07 -------- d-----w- c:\program files\Diner Dash - Hometown Hero

2011-06-20 02:49:13 -------- d-----w- c:\program files\Hells Kitchen

2011-06-20 00:45:33 -------- d-----w- c:\documents and settings\user\application data\Ludia

2011-06-20 00:45:33 -------- d-----w- c:\documents and settings\all users\application data\Ludia

2011-06-19 01:17:03 69632 ----a-w- c:\windows\system32\HPZipm12.1

2011-06-16 02:02:07 -------- d-----w- c:\program files\Ghost in the Sheet

2011-06-09 17:36:36 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-06-09 17:36:35 -------- d-----w- c:\program files\Trend Micro

2011-06-09 02:07:10 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-06-09 02:07:05 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-06-09 02:07:05 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-06-09 02:07:05 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-06-09 02:07:05 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-06-09 02:07:05 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-06-09 02:07:05 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-06-09 02:07:05 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-06-09 02:07:00 -------- d-----w- c:\program files\McAfee.com

2011-06-09 02:07:00 -------- d-----w- c:\program files\common files\Mcafee

2011-06-09 02:06:52 -------- d-----w- c:\program files\McAfee

2011-06-09 01:55:22 148520 ----a-w- c:\windows\system32\mfevtps.exe

2011-06-08 19:36:05 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-08 19:36:05 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-06-08 17:34:20 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!

2011-06-02 01:24:17 -------- d-----w- c:\documents and settings\all users\application data\Trymedia

2011-06-02 01:16:58 -------- d-----w- C:\Zylom Games

2011-06-02 01:15:34 -------- d-----w- c:\program files\RealArcade

2011-06-02 01:13:16 -------- d-----w- c:\program files\Wedding Dash 4-Ever

.

==================== Find3M ====================

.

2011-06-27 02:56:40 1409 ----a-w- c:\windows\QTFont.for

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 19:55:19.62 ===============

Link to post
Share on other sites

***Note: In order for ComboFix to run properly McAfee must be uninstalled. Please go here and follow the instructions to uninstall McAfee.

You can reinstall it after the computer is clean.

---------

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure Advanced Mode is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck Resident TeaTimer and OK any prompts

You can re-enable TeaTimer once your system is clean.

---------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

Link to post
Share on other sites

***Note: In order for ComboFix to run properly McAfee must be uninstalled. Please go here and follow the instructions to uninstall McAfee.

You can reinstall it after the computer is clean.

---------

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure Advanced Mode is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck Resident TeaTimer and OK any prompts

You can re-enable TeaTimer once your system is clean.

---------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

Oh my gosh! Well if anybody can screw this up I can. I didn't even know I had Spybot anymore and I certainly never knew what teatimer was?? I knew I had it with Spybot but I still have no idea what it is. duh :blink: I'm a little worried about uninstalling McAfee. I just recently purchased it online after I got this FakeAlert thingy. It scared me. I don't usually have antivirus software. I know that's stupid but to me it's like a virus in itself. :P Anyhoo...This should be interesting! :o

Link to post
Share on other sites

Oh my gosh! Well if anybody can screw this up I can. I didn't even know I had Spybot anymore and I certainly never knew what teatimer was?? I knew I had it with Spybot but I still have no idea what it is. duh :blink: I'm a little worried about uninstalling McAfee. I just recently purchased it online after I got this FakeAlert thingy. It scared me. I don't usually have antivirus software. I know that's stupid but to me it's like a virus in itself. :P Anyhoo...This should be interesting! :o

Ok now I'm going to sound really stupid. I can't find my Spybot anywhere??

Link to post
Share on other sites

Hi, please select the post-10-126012383895.gif button from now on when posting (instead of Reply). It makes it easier for me to read that way. :)

I'm a little worried about uninstalling McAfee.

Don't be :). It has to be uninstalled in order to ensure ComboFix wlll run properly. Once we deem that you're clean then you can reinstall it without any problems. ;)

Ok now I'm going to sound really stupid. I can't find my Spybot anywhere??

Right-click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident.

Then, navigate to Start > All Programs > Spybot S&D.

Then...

2) Go to the Mode menu, and make sure Advanced Mode is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck Resident TeaTimer and OK any prompts

You can re-enable TeaTimer once your system is clean.

---------

Please post the ComboFix results in your next reply, and let me know how your system is running now :).

Link to post
Share on other sites

That's my problem. Spybot is not in my System Tray anymore (the bottom right) Also it's not listed in my programs? When I do a search with search companion it shows up and when I click on it it has "logs" "recovery" and "ProCache sbc" I have no idea how to uninstall it when I can't find it? I don't ever remember uninstalling it to begin with? :huh:

Link to post
Share on other sites

Okay, try this:

Please download and install Revo Uninstaller (Freeware) from here. Then please run Revo Uninstaller and select Spybot.

Please click Uninstall icon to uninstall the selected program.

2ev563d.gif

Please choose Advanced.

aubbd2.gif

Then click Next and follow the prompts.

Please click Select All (1.) and Delete (2.)

2hdphqf.gif

to delete all registry items, folders and files listed by Revo.

If asked to restart the computer, please do so immediately.

---------

If you uninstalled Spybot through Revo, reboot, and then go ahead and run the ComboFix scan. If not, please let me know.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.