Jump to content

all programs in Start Menu and "All Programs" are missing


Recommended Posts

I tried the suggested http://download.blee...beta/unhide.exe, it starte but I got a small dialog box that said "Check Fail" and then several repeating "Loader Error" messages": " the procedure entry poin Http QUERYINFOA could not be located in the dynamic link library WININET>dll". Clicking off the repet message about a 6 times and the program stiops running and goes away leaving the little "Check Fail" dialog box. Also, after tying a third time with same reults, one new event happended; I got a notepad window that said, "Volume in drive C has no label.

Volume Serial Number is 62C6-4C16". Any ideas what this is about? I should mention I'm on this forum due to this PC (XP) has been hit with a virus. In safe mode with networking I was able to get 'finagle" an IE window to go to Cnet for Malwarebytes and others to scan and fix this PC. I got this PC to the point where I have the IE icon in the Start Menu which works, and the Outlook Icon in Start Menue which does not work. Nor other programs in Start Menu and only the new downloaded applications via Cnet in "All Programs". The Malwarebytes log after scanning and fixing is:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6989

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/30/2011 6:54:17 PM

mbam-log-2011-06-30 (18-54-17).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 416203

Time elapsed: 3 hour(s), 2 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 3

Files Infected: 18

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images (Adware.Mp3Tube) -> Quarantined and deleted successfully.

Files Infected:

c:\documents and settings\all users\application data\rbdbvpvsfjr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8d290bb5-e59c-462b-a0ee-e8949a1e4344}\RP3\A0000204.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8d290bb5-e59c-462b-a0ee-e8949a1e4344}\RP3\A0000205.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8d290bb5-e59c-462b-a0ee-e8949a1e4344}\RP3\A0000206.dll (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8d290bb5-e59c-462b-a0ee-e8949a1e4344}\RP3\A0000207.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\pref.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\tbconfig.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\dailyhotdeals.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\divider.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\feeditem.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\games.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\savemp3.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\savemp3_disabled.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\screensaver.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\shopping.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\watermark.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\weatherbug.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

I'm restarting the this PC as recommended after this log was displayed. HELP is GREATLY appreciated!

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Ok, Interesting and maybe worth noting:

1) I could ot get the boot up to complete. It would loop and not bring up the login dialog. I had to boot up in "Safe Mode".

2) ONce Sae Mode boot up was complete all the desktop icons were back in view and I randomly seleted a few MS Word docs and they did come up. Previously no icons appeared, nor any applications on Desktop, Start Menu and "All Programs", except for the IE icon in start menu.

3) A "Loader Error: The procedure entry point HTTPQueryInfoA could not be located in the dynamic link library WININRT.dll" keeps popping up and not going away when cliking "OK" repeatedly, unlike last week it would good away for stretches of time.

Here is the MBAM log after cleaning the bad objects:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6989

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

7/5/2011 12:21:07 PM

mbam-log-2011-07-05 (12-21-07).txt

Scan type: Quick scan

Objects scanned: 316383

Time elapsed: 11 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 13

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.txt file:

.

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by TracieN at 13:50:55 on 2011-07-05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2370 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=XPxdm002YYus&ptb=86F8072E-3F6B-4371-98E9-DBEC706A17DB

uInternet Connection Wizard,ShellNext = ftp://ftp.homewatchcaregivers.com/

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uURLSearchHooks: N/A: {0696f815-a3a9-490a-bb14-9ec3350b1276} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110510115829.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~1\televi~2\bar\1.bin\64bar.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

IE: &Search - ?s=100000337&p=ZUzeb0044AUS_ZLman000&si=&a=mgBoHR9KP_H3PN2UBZF.VQ&n=2010092211

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://hwcserver/connectcomputer/nshelp.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199410328133

DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxps://reports2.paychoiceonline.com/pcoreports/arview2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://homewatchcaregivers.webex.com/client/T27L/nbr/ieatgpc.cab

TCP: DhcpNameServer = 192.168.1.250 24.205.192.61

TCP: Interfaces\{1310A1C8-B84C-4950-8AF2-D34B47D7F11C} : DhcpNameServer = 192.168.1.250 24.205.192.61

TCP: Interfaces\{C0BF6E7B-4FA8-47FB-BD90-1BFBE01C189D} : DhcpNameServer = 192.168.1.15 24.205.192.61 24.205.224.36

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LMIinit - LMIinit.dll

AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-9-13 3840]

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-1 387480]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-1 84200]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-1 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 141792]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-1 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-30 353168]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

S2 gupdate1c9e3d12c9c5c2d;Google Update Service (gupdate1c9e3d12c9c5c2d);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\logmein\x86\lmiguardiansvc.exe" --> c:\program files\logmein\x86\LMIGuardianSvc.exe [?]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-10 47640]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-29 93320]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-1 171168]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-7-2 534040]

S2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\televi~2\bar\1.bin\64barsvc.exe [2011-6-27 42504]

S2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\tnelson\local settings\application data\zimbra\zdesktop\zdesktop.exe [2010-7-6 139264]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-6-30 1025352]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-1 56064]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-30 39984]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-1 153280]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-1 52320]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-1 84488]

S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]

S3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\drivers\TSUSB2.sys [2009-4-13 54016]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-07-05 19:06:55 -------- d-----w- c:\documents and settings\tracien\application data\Malwarebytes

2011-07-01 02:39:25 -------- d-----w- C:\8e229b368aea56275bbfc5681ec25e

2011-06-30 22:49:38 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-30 22:49:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-30 22:49:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 22:49:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-30 19:37:27 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-30 19:37:27 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-06-30 18:37:21 -------- d-----w- c:\program files\CCleaner

2011-06-30 16:25:22 -------- d-----w- c:\documents and settings\tracien\application data\IObit

2011-06-30 16:25:20 -------- d-----w- c:\program files\IObit

2011-06-30 15:49:27 -------- d-----w- c:\documents and settings\tracien\application data\AVG10

2011-06-30 15:43:42 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar

2011-06-30 15:42:46 -------- d-----w- c:\windows\system32\drivers\AVG

2011-06-30 15:42:46 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-06-30 15:42:08 -------- d-----w- c:\program files\AVG

2011-06-30 15:37:42 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-06-27 19:16:38 -------- d-----w- c:\program files\TelevisionFanatic

2011-06-27 19:16:26 -------- d-----w- c:\program files\TelevisionFanaticEI

2011-06-27 19:14:44 650752 ----a-w- c:\windows\system32\xvidcore.dll

2011-06-27 19:14:44 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-06-27 19:14:44 152064 ----a-w- c:\windows\system32\xvid.ax

2011-06-27 19:14:41 -------- d-----w- c:\program files\Xvid

2011-06-17 10:02:52 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 14:20:23 105472 ------w- c:\windows\system32\dllcache\mup.sys

.

==================== Find3M ====================

.

2011-06-27 19:25:20 18944 ----a-w- c:\windows\system32\version.dll

2011-06-27 19:25:19 110080 ----a-w- c:\windows\system32\imm32.dll

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-15 04:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-14 21:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 21:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 21:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 21:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 21:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 21:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 21:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 21:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 21:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 21:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 21:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe

2003-06-20 22:05:44 2368613 ---ha-w- c:\program files\common files\QBFC2.1Installer.exe

.

============= FINISH: 13:52:05.89 ===============

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program (AVG and McAfee). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

OK, here are the logs requested. FYI -- I had to 'nurse' thru the CombFix scan by cliking off a repeating error message; "The System cannot find the file NIRCMD". this one came up at every stage of the scan. There were other error messages too, but this was the dominate meeage in frequency. Still seeing the LOADER ERROR: previously mentioned.

ComboFix 11-07-11.02 - administrator 07/11/2011 17:44:45.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2360 [GMT -7:00]

Running from: c:\documents and settings\Administrator.HOMEWATCH\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

.

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\tnelson\WINDOWS

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

.

.

((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))

.

.

2011-07-11 22:37 . 2011-07-11 22:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-11 20:59 . 2011-07-11 20:59 -------- d-----w- C:\bb90d90176c79febb773643a

2011-07-05 19:06 . 2011-07-05 19:06 -------- d-----w- c:\documents and settings\TracieN\Application Data\Malwarebytes

2011-07-01 05:03 . 2011-07-01 05:03 -------- d-----w- c:\program files\7-Zip

2011-07-01 04:03 . 2011-07-01 04:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Intuit

2011-07-01 02:39 . 2011-07-01 02:39 -------- d-----w- C:\8e229b368aea56275bbfc5681ec25e

2011-06-30 22:49 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-30 22:49 . 2011-06-30 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-30 22:49 . 2011-06-30 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-30 22:49 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 22:00 . 2011-07-11 22:06 -------- d-----w- c:\documents and settings\Administrator.HOMEWATCH

2011-06-30 19:37 . 2011-07-11 22:31 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-30 19:37 . 2011-07-11 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-06-30 16:25 . 2011-06-30 16:26 -------- d-----w- c:\documents and settings\TracieN\Application Data\IObit

2011-06-30 16:25 . 2011-06-30 16:26 -------- d-----w- c:\program files\IObit

2011-06-30 15:49 . 2011-06-30 15:49 -------- d-----w- c:\documents and settings\TracieN\Application Data\AVG10

2011-06-30 15:42 . 2011-07-11 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-06-30 15:42 . 2011-06-30 15:42 -------- d-----w- c:\program files\AVG

2011-06-30 15:37 . 2011-07-11 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-06-27 19:16 . 2011-06-27 19:16 -------- d-----w- c:\program files\TelevisionFanatic

2011-06-27 19:14 . 2011-03-21 13:58 152064 ----a-w- c:\windows\system32\xvid.ax

2011-06-27 19:14 . 2011-03-19 15:06 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-06-27 19:14 . 2011-03-19 15:04 650752 ----a-w- c:\windows\system32\xvidcore.dll

2011-06-27 19:14 . 2011-06-27 19:14 -------- d-----w- c:\program files\Xvid

2011-06-21 19:01 . 2011-06-21 19:07 -------- d--h--w- c:\documents and settings\coordinator

2011-06-21 18:49 . 2011-07-01 15:11 -------- d--h--w- c:\documents and settings\scheduler

2011-06-17 10:02 . 2011-06-17 10:25 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 14:20 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-27 19:25 . 2006-02-28 02:00 18944 ----a-w- c:\windows\system32\version.dll

2011-06-27 19:25 . 2006-02-28 02:00 110080 ----a-w- c:\windows\system32\imm32.dll

2011-05-02 15:31 . 2006-02-28 02:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2006-02-28 02:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2006-02-28 02:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2006-02-28 02:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2006-02-28 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2006-02-28 02:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2006-02-28 02:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2006-02-28 02:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-14 21:01 . 2011-03-01 22:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 21:01 . 2011-03-01 22:16 141792 ----a-w- c:\windows\system32\mfevtps.exe

2011-04-14 21:01 . 2011-03-01 22:16 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 21:01 . 2011-03-01 22:16 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 21:01 . 2011-03-01 22:16 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 21:01 . 2011-03-01 22:16 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 21:01 . 2011-03-01 22:16 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 21:01 . 2011-03-01 22:16 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 21:01 . 2011-03-01 22:16 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 21:01 . 2011-03-01 22:16 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 21:01 . 2011-03-01 22:16 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2003-06-20 22:05 . 2007-07-19 17:45 2368613 ---ha-w- c:\program files\Common Files\QBFC2.1Installer.exe

2010-01-29 18:37 . 2010-01-29 18:37 135680 ---ha-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2011-04-14 21:01 . 2011-03-01 22:16 24376 ---ha-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-06-27 . 06F64F27A3D4E24D7152F8515CF635EC . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll

[7] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

.

[-] 2011-06-27 . C7307DF49D6C9A9C6E1A995F515A419A . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll

[7] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}]

2011-06-27 19:16 62864 ----a-w- c:\program files\TelevisionFanatic\bar\1.bin\64SrcAs.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}]

2011-06-27 19:16 669072 ----a-w- c:\progra~1\TELEVI~2\bar\1.bin\64bar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c98d5b61-b0ea-4d48-9839-1079d352d880}"= "c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll" [2011-06-27 669072]

.

[HKEY_CLASSES_ROOT\clsid\{c98d5b61-b0ea-4d48-9839-1079d352d880}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 68856]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"Bria"="c:\program files\CounterPath\Bria\bria.exe" [2009-06-26 17907712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\tnelson\Start Menu\Programs\Startup\

Yammer.lnk - c:\program files\Yammer\Yammer.exe [2010-4-1 95232]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-10-05 15:36 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"IMFservice"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\CounterPath\\Bria\\bria.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R2 gupdate1c9e3d12c9c5c2d;Google Update Service (gupdate1c9e3d12c9c5c2d);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 133104]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]

R2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\TELEVI~2\bar\1.bin\64barsvc.exe [2011-06-27 42504]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 133104]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]

R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]

R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2009-08-18 678912]

R3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\DRIVERS\TSUSB2.sys [2008-08-04 54016]

S0 atiide;atiide;c:\windows\system32\DRIVERS\atiide.sys [2006-09-13 3840]

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-04-14 84200]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2006-07-14 534040]

S2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\tnelson\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe [2010-01-27 139264]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]

S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

.

2011-07-01 c:\windows\Tasks\diff.job

- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]

.

2011-05-28 c:\windows\Tasks\Full.job

- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]

.

2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 22:26]

.

2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 22:26]

.

2011-07-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1089530128-397176591-3299723014-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1911278139-1797553926-3513879574-1155.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-1138.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-1142.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-1144.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-06-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1089530128-397176591-3299723014-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-06-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1911278139-1797553926-3513879574-1155.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-1138.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-06-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-1142.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-1144.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-12 c:\windows\Tasks\User_Feed_Synchronization-{F2DD748F-06C7-49A3-898B-EE25583F45AF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.hp.com

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.250 24.205.192.61

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{0696f815-a3a9-490a-bb14-9ec3350b1276} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-rBdBVPVSFJr - c:\documents and settings\All Users\Application Data\rBdBVPVSFJr.exe

Notify-NavLogon - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-11 18:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\SearchIndexer.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft\BingBar\BingBar.exe

c:\program files\Microsoft\BingBar\BingApp.exe

c:\windows\system32\NOTEPAD.EXE

c:\program files\internet explorer\iexplore.exe

c:\program files\internet explorer\iexplore.exe

c:\windows\system32\SearchFilterHost.exe

c:\windows\system32\SearchProtocolHost.exe

.

**************************************************************************

.

Completion time: 2011-07-11 18:21:32 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-12 01:21

.

Pre-Run: 25,682,128,896 bytes free

Post-Run: 26,334,752,768 bytes free

.

- - End Of File - - CCC26700E27EDA004D9EFEE27B5E09CD

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by administrator at 18:27:11 on 2011-07-11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2250 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\PDF Complete\pdfsvc.exe

c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Documents and Settings\tnelson\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft\BingBar\BingBar.exe

C:\Program Files\Microsoft\BingBar\BingApp.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.hp.com

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110510115829.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~1\televi~2\bar\1.bin\64bar.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

uRun: [bria] "c:\program files\counterpath\bria\bria.exe"

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://hwcserver/connectcomputer/nshelp.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199410328133

DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxps://reports2.paychoiceonline.com/pcoreports/arview2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://homewatchcaregivers.webex.com/client/T27L/nbr/ieatgpc.cab

TCP: DhcpNameServer = 192.168.1.250 24.205.192.61

TCP: Interfaces\{1310A1C8-B84C-4950-8AF2-D34B47D7F11C} : DhcpNameServer = 192.168.1.250 24.205.192.61

TCP: Interfaces\{C0BF6E7B-4FA8-47FB-BD90-1BFBE01C189D} : DhcpNameServer = 192.168.1.15 24.205.192.61 24.205.224.36

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-9-13 3840]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-1 387480]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-1 84200]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-10 47640]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-1 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-1 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 141792]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-7-2 534040]

R2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\tnelson\local settings\application data\zimbra\zdesktop\zdesktop.exe [2010-7-6 139264]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-1 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-1 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-1 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736]

S2 gupdate1c9e3d12c9c5c2d;Google Update Service (gupdate1c9e3d12c9c5c2d);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\logmein\x86\lmiguardiansvc.exe" --> c:\program files\logmein\x86\LMIGuardianSvc.exe [?]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-29 93320]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

S2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\televi~2\bar\1.bin\64barsvc.exe [2011-6-27 42504]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-1 56064]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-30 39984]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-1 84488]

S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]

S3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\drivers\TSUSB2.sys [2009-4-13 54016]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-07-12 00:43:07 -------- d-----w- C:\ComboFix

2011-07-11 23:00:21 208896 ----a-w- c:\windows\MBR.exe

2011-07-11 23:00:18 256000 ----a-w- c:\windows\PEV.exe

2011-07-11 23:00:17 98816 ----a-w- c:\windows\sed.exe

2011-07-11 23:00:17 518144 ----a-w- c:\windows\SWREG.exe

2011-07-11 22:37:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-11 22:06:16 -------- d-sh--w- c:\documents and settings\administrator.homewatch\IECompatCache

2011-07-11 22:02:53 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\AVG10

2011-07-11 20:59:35 -------- d-----w- C:\bb90d90176c79febb773643a

2011-07-01 04:09:37 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\Skinux

2011-07-01 04:09:35 -------- d-----w- c:\documents and settings\administrator.homewatch\local settings\application data\CounterPath Corporation

2011-07-01 04:09:35 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\CounterPath Corporation

2011-07-01 02:39:25 -------- d-----w- C:\8e229b368aea56275bbfc5681ec25e

2011-06-30 22:50:29 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\IObit

2011-06-30 22:49:46 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\Malwarebytes

2011-06-30 22:49:38 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-30 22:49:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-30 22:49:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 22:49:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-30 22:06:43 -------- d-sh--w- c:\documents and settings\administrator.homewatch\PrivacIE

2011-06-30 19:37:27 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-30 19:37:27 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-06-30 16:25:20 -------- d-----w- c:\program files\IObit

2011-06-30 15:42:46 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-06-30 15:42:08 -------- d-----w- c:\program files\AVG

2011-06-30 15:37:42 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-06-27 19:16:38 -------- d-----w- c:\program files\TelevisionFanatic

2011-06-27 19:16:26 -------- d-----w- c:\program files\TelevisionFanaticEI

2011-06-27 19:14:44 650752 ----a-w- c:\windows\system32\xvidcore.dll

2011-06-27 19:14:44 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-06-27 19:14:44 152064 ----a-w- c:\windows\system32\xvid.ax

2011-06-27 19:14:41 -------- d-----w- c:\program files\Xvid

2011-06-17 10:02:52 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 14:20:23 105472 ------w- c:\windows\system32\dllcache\mup.sys

.

==================== Find3M ====================

.

2011-06-27 19:25:20 18944 ----a-w- c:\windows\system32\version.dll

2011-06-27 19:25:19 110080 ----a-w- c:\windows\system32\imm32.dll

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-14 21:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 21:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 21:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 21:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 21:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 21:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 21:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 21:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 21:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 21:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 21:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe

2003-06-20 22:05:44 2368613 ----a-w- c:\program files\common files\QBFC2.1Installer.exe

.

============= FINISH: 18:28:17.14 ===============

Link to post
Share on other sites

  • Staff

Hi,

I still see AVG and McAfee installed. They will continue to interfere...

Please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.