Jump to content

Virus hit; lost programs and files

EdOr

By EdOr
in Resolved Malware Removal Logs

 Share

Recommended Posts

EdOr

EdOr

Posted
Posted

attach.zipark.zipI hope someone can help me. By downloading from Cnet antivirus, antispyware and antimalware apps, I was able to get back IE only which works and a couple other icons that do not work to launch the application. only new downloaded programs show up in Start Menu and All Programs. I followed the instructions for a newbie ("I'm Infected - ...") and here are the attached files:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by Administrator at 21:13:20 on 2011-06-30

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.1924 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\PDF Complete\pdfsvc.exe

c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Documents and Settings\tnelson\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\CounterPath\Bria\bria.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft\BingBar\BingBar.exe

C:\Program Files\Microsoft\BingBar\BingApp.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.hp.com

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110510115829.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~1\televi~2\bar\1.bin\64bar.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [rBdBVPVSFJr] c:\documents and settings\all users\application data\rBdBVPVSFJr.exe

uRun: [bria] "c:\program files\counterpath\bria\bria.exe"

uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://hwcserver/connectcomputer/nshelp.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199410328133

DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxps://reports2.paychoiceonline.com/pcoreports/arview2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://homewatchcaregivers.webex.com/client/T27L/nbr/ieatgpc.cab

TCP: DhcpNameServer = 192.168.1.250 24.205.192.61

TCP: Interfaces\{1310A1C8-B84C-4950-8AF2-D34B47D7F11C} : DhcpNameServer = 192.168.1.250 24.205.192.61

TCP: Interfaces\{C0BF6E7B-4FA8-47FB-BD90-1BFBE01C189D} : DhcpNameServer = 192.168.1.15 24.205.192.61 24.205.224.36

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LMIinit - LMIinit.dll

AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-9-13 3840]

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-1 387480]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-1 84200]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-30 353168]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-10 47640]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-1 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-1 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 141792]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-7-2 534040]

R2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\tnelson\local settings\application data\zimbra\zdesktop\zdesktop.exe [2010-7-6 139264]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-1 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-1 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-1 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

S2 gupdate1c9e3d12c9c5c2d;Google Update Service (gupdate1c9e3d12c9c5c2d);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\logmein\x86\lmiguardiansvc.exe" --> c:\program files\logmein\x86\LMIGuardianSvc.exe [?]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-29 93320]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

S2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\televi~2\bar\1.bin\64barsvc.exe [2011-6-27 42504]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-6-30 1025352]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-1 56064]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-30 39984]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-1 84488]

S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]

S3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\drivers\TSUSB2.sys [2009-4-13 54016]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-07-01 04:09:37 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\Skinux

2011-07-01 04:09:35 -------- d-----w- c:\documents and settings\administrator.homewatch\local settings\application data\CounterPath Corporation

2011-07-01 04:09:35 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\CounterPath Corporation

2011-07-01 02:39:25 -------- d-----w- C:\8e229b368aea56275bbfc5681ec25e

2011-06-30 22:50:29 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\IObit

2011-06-30 22:49:46 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\Malwarebytes

2011-06-30 22:49:38 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-30 22:49:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-30 22:49:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 22:49:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-30 22:06:43 -------- d-sh--w- c:\documents and settings\administrator.homewatch\PrivacIE

2011-06-30 19:37:27 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-30 19:37:27 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-06-30 18:37:21 -------- d-----w- c:\program files\CCleaner

2011-06-30 16:25:20 -------- d-----w- c:\program files\IObit

2011-06-30 15:43:42 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar

2011-06-30 15:42:46 -------- d-----w- c:\windows\system32\drivers\AVG

2011-06-30 15:42:46 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-06-30 15:42:08 -------- d-----w- c:\program files\AVG

2011-06-30 15:37:42 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-06-27 19:16:38 -------- d-----w- c:\program files\TelevisionFanatic

2011-06-27 19:16:26 -------- d-----w- c:\program files\TelevisionFanaticEI

2011-06-27 19:14:44 650752 ----a-w- c:\windows\system32\xvidcore.dll

2011-06-27 19:14:44 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-06-27 19:14:44 152064 ----a-w- c:\windows\system32\xvid.ax

2011-06-27 19:14:41 -------- d-----w- c:\program files\Xvid

2011-06-17 10:02:52 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 14:20:23 105472 ------w- c:\windows\system32\dllcache\mup.sys

.

==================== Find3M ====================

.

2011-06-27 19:25:20 18944 ----a-w- c:\windows\system32\version.dll

2011-06-27 19:25:19 110080 ----a-w- c:\windows\system32\imm32.dll

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-15 04:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-14 21:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 21:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 21:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 21:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 21:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 21:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 21:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 21:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 21:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 21:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 21:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe

2011-04-05 07:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2003-06-20 22:05:44 2368613 ---ha-w- c:\program files\common files\QBFC2.1Installer.exe

.

============= FINISH: 21:15:43.37 ===============

Malware Log fiile:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6989

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/30/2011 6:54:17 PM

mbam-log-2011-06-30 (18-54-17).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 416203

Time elapsed: 3 hour(s), 2 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 3

Files Infected: 18

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images (Adware.Mp3Tube) -> Quarantined and deleted successfully.

Files Infected:

c:\documents and settings\all users\application data\rbdbvpvsfjr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8d290bb5-e59c-462b-a0ee-e8949a1e4344}\RP3\A0000204.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8d290bb5-e59c-462b-a0ee-e8949a1e4344}\RP3\A0000205.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8d290bb5-e59c-462b-a0ee-e8949a1e4344}\RP3\A0000206.dll (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\system volume information\_restore{8d290bb5-e59c-462b-a0ee-e8949a1e4344}\RP3\A0000207.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\pref.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\tbconfig.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\dailyhotdeals.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\divider.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\feeditem.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\games.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\savemp3.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\savemp3_disabled.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\screensaver.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\shopping.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\watermark.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

c:\documents and settings\TracieN\application data\mp3tube toolbar\images\weatherbug.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (AVG and McAfee). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites
  • 2 weeks later...
EdOr

EdOr

Posted
  • Author
Posted

Hi,

Thanks for getting back. But, something went wrong Monday (7/11) when I completed your instructions and attempted to send the logs. I don't see my reply here with the attached logs. I will repeat the combofix and DDS scans and again attach the logs by endo of day (7/13). Sorr, my time demands make it tough to get on thjis daily. Thanks for your patients and help.

Link to post
Share on other sites
EdOr

EdOr

Posted
  • Author
Posted

Ok, Here is the new logs created today 7/13/11. I did remove AVG antivirus and only have MaCafee on the PC. However MaCafe is one of several apps not working, or at least not accessible via the icon, start menu or All Programs.

CombFix:

ComboFix 11-07-11.02 - administrator 07/13/2011 10:03:03.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2269 [GMT -7:00]

Running from: c:\documents and settings\Administrator.HOMEWATCH\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

.

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))

.

.

2011-07-13 15:13 . 2011-07-13 15:13 -------- d-----w- c:\windows\LastGood

2011-07-13 15:04 . 2011-07-13 15:04 -------- d-----w- C:\16bd3373b7daba1cb67e09ec130953

2011-07-12 15:50 . 2011-07-12 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2011-07-12 15:50 . 2011-07-12 15:50 -------- d-----w- c:\program files\McAfee Security Scan

2011-07-11 22:37 . 2011-07-12 15:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-11 20:59 . 2011-07-11 20:59 -------- d-----w- C:\bb90d90176c79febb773643a

2011-07-05 19:06 . 2011-07-05 19:06 -------- d-----w- c:\documents and settings\TracieN\Application Data\Malwarebytes

2011-07-01 05:03 . 2011-07-01 05:03 -------- d-----w- c:\program files\7-Zip

2011-07-01 04:03 . 2011-07-01 04:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Intuit

2011-07-01 02:39 . 2011-07-01 02:39 -------- d-----w- C:\8e229b368aea56275bbfc5681ec25e

2011-06-30 22:49 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-30 22:49 . 2011-06-30 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-30 22:49 . 2011-06-30 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-30 22:49 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 22:00 . 2011-07-11 22:06 -------- d-----w- c:\documents and settings\Administrator.HOMEWATCH

2011-06-30 19:37 . 2011-07-11 22:31 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-30 19:37 . 2011-07-11 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-06-30 16:25 . 2011-06-30 16:26 -------- d-----w- c:\documents and settings\TracieN\Application Data\IObit

2011-06-30 16:25 . 2011-06-30 16:26 -------- d-----w- c:\program files\IObit

2011-06-30 15:49 . 2011-06-30 15:49 -------- d-----w- c:\documents and settings\TracieN\Application Data\AVG10

2011-06-30 15:42 . 2011-07-11 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-06-30 15:42 . 2011-06-30 15:42 -------- d-----w- c:\program files\AVG

2011-06-30 15:37 . 2011-07-11 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-06-27 19:16 . 2011-06-27 19:16 -------- d-----w- c:\program files\TelevisionFanatic

2011-06-27 19:14 . 2011-03-21 13:58 152064 ----a-w- c:\windows\system32\xvid.ax

2011-06-27 19:14 . 2011-03-19 15:06 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-06-27 19:14 . 2011-03-19 15:04 650752 ----a-w- c:\windows\system32\xvidcore.dll

2011-06-27 19:14 . 2011-06-27 19:14 -------- d-----w- c:\program files\Xvid

2011-06-21 19:01 . 2011-06-21 19:07 -------- d-----w- c:\documents and settings\coordinator

2011-06-21 18:49 . 2011-07-01 15:11 -------- d-----w- c:\documents and settings\scheduler

2011-06-17 10:02 . 2011-06-17 10:25 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 14:20 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-27 19:25 . 2006-02-28 02:00 18944 ----a-w- c:\windows\system32\version.dll

2011-06-27 19:25 . 2006-02-28 02:00 110080 ----a-w- c:\windows\system32\imm32.dll

2011-05-02 15:31 . 2006-02-28 02:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2006-02-28 02:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2006-02-28 02:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2006-02-28 02:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2006-02-28 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2006-02-28 02:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2006-02-28 02:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2006-02-28 02:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-14 21:01 . 2011-03-01 22:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 21:01 . 2011-03-01 22:16 141792 ----a-w- c:\windows\system32\mfevtps.exe

2011-04-14 21:01 . 2011-03-01 22:16 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 21:01 . 2011-03-01 22:16 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 21:01 . 2011-03-01 22:16 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 21:01 . 2011-03-01 22:16 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 21:01 . 2011-03-01 22:16 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 21:01 . 2011-03-01 22:16 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 21:01 . 2011-03-01 22:16 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 21:01 . 2011-03-01 22:16 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 21:01 . 2011-03-01 22:16 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2003-06-20 22:05 . 2007-07-19 17:45 2368613 ----a-w- c:\program files\Common Files\QBFC2.1Installer.exe

2010-01-29 18:37 . 2010-01-29 18:37 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2011-04-14 21:01 . 2011-03-01 22:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-06-27 . 06F64F27A3D4E24D7152F8515CF635EC . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll

[7] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

.

[-] 2011-06-27 . C7307DF49D6C9A9C6E1A995F515A419A . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll

[7] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}]

2011-06-27 19:16 62864 ----a-w- c:\program files\TelevisionFanatic\bar\1.bin\64SrcAs.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}]

2011-06-27 19:16 669072 ----a-w- c:\progra~1\TELEVI~2\bar\1.bin\64bar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c98d5b61-b0ea-4d48-9839-1079d352d880}"= "c:\program files\TelevisionFanatic\bar\1.bin\64bar.dll" [2011-06-27 669072]

.

[HKEY_CLASSES_ROOT\clsid\{c98d5b61-b0ea-4d48-9839-1079d352d880}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 68856]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"Bria"="c:\program files\CounterPath\Bria\bria.exe" [2009-06-26 17907712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\tnelson\Start Menu\Programs\Startup\

Yammer.lnk - c:\program files\Yammer\Yammer.exe [2010-4-1 95232]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-10-05 15:36 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"IMFservice"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\CounterPath\\Bria\\bria.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R2 gupdate1c9e3d12c9c5c2d;Google Update Service (gupdate1c9e3d12c9c5c2d);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 133104]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]

R2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\TELEVI~2\bar\1.bin\64barsvc.exe [2011-06-27 42504]

R2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\tnelson\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe [2010-01-27 139264]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 133104]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]

R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]

R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2009-08-18 678912]

R3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\DRIVERS\TSUSB2.sys [2008-08-04 54016]

S0 atiide;atiide;c:\windows\system32\DRIVERS\atiide.sys [2006-09-13 3840]

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-04-14 84200]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2006-07-14 534040]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]

S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

.

2011-07-01 c:\windows\Tasks\diff.job

- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]

.

2011-05-28 c:\windows\Tasks\Full.job

- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]

.

2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 22:26]

.

2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 22:26]

.

2011-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1089530128-397176591-3299723014-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1911278139-1797553926-3513879574-1155.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-1138.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-1142.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-1144.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-06-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1089530128-397176591-3299723014-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-06-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1911278139-1797553926-3513879574-1155.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-1138.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-1142.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-1144.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-13 c:\windows\Tasks\User_Feed_Synchronization-{F2DD748F-06C7-49A3-898B-EE25583F45AF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.hp.com

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.250 24.205.192.61

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

FF - ProfilePath -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-13 10:15

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

**************************************************************************

.

Completion time: 2011-07-13 10:18:46

ComboFix-quarantined-files.txt 2011-07-13 17:18

ComboFix2.txt 2011-07-12 01:21

.

Pre-Run: 26,173,247,488 bytes free

Post-Run: 26,360,266,752 bytes free

.

- - End Of File - - 02839834C23976749F670AB6C5184F09

DDS

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by administrator at 10:19:14 on 2011-07-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2309 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\PDF Complete\pdfsvc.exe

c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Google\Google Toolbar\Component\SearchWithGoogleUpdate_86D23231A3A85F4A.exe

C:\Program Files\Google\Google Toolbar\Component\SearchWithGoogleUpdate_86D23231A3A85F4A.exe

C:\WINDOWS\SoftwareDistribution\Download\Install\vcredist_x86.exe

c:\16bd3373b7daba1cb67e09ec130953\install.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.hp.com

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110510115829.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~1\televi~2\bar\1.bin\64bar.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

uRun: [bria] "c:\program files\counterpath\bria\bria.exe"

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://hwcserver/connectcomputer/nshelp.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199410328133

DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxps://reports2.paychoiceonline.com/pcoreports/arview2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://homewatchcaregivers.webex.com/client/T27L/nbr/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.250 24.205.192.61

TCP: Interfaces\{1310A1C8-B84C-4950-8AF2-D34B47D7F11C} : DhcpNameServer = 192.168.1.250 24.205.192.61

TCP: Interfaces\{C0BF6E7B-4FA8-47FB-BD90-1BFBE01C189D} : DhcpNameServer = 192.168.1.15 24.205.192.61 24.205.224.36

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-9-13 3840]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-1 387480]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-1 84200]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-10 47640]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-1 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-1 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 141792]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-7-2 534040]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-1 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-1 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-1 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736]

S2 gupdate1c9e3d12c9c5c2d;Google Update Service (gupdate1c9e3d12c9c5c2d);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\logmein\x86\lmiguardiansvc.exe" --> c:\program files\logmein\x86\LMIGuardianSvc.exe [?]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-29 93320]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

S2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\televi~2\bar\1.bin\64barsvc.exe [2011-6-27 42504]

S2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\tnelson\local settings\application data\zimbra\zdesktop\zdesktop.exe [2010-7-6 139264]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-1 56064]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-30 39984]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-1 84488]

S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]

S3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\drivers\TSUSB2.sys [2009-4-13 54016]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-07-13 16:59:24 -------- d-----w- C:\ComboFix

2011-07-13 15:04:29 -------- d-----w- C:\16bd3373b7daba1cb67e09ec130953

2011-07-12 15:50:37 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan

2011-07-12 15:50:35 -------- d-----w- c:\program files\McAfee Security Scan

2011-07-11 23:00:21 208896 ----a-w- c:\windows\MBR.exe

2011-07-11 23:00:18 256000 ----a-w- c:\windows\PEV.exe

2011-07-11 23:00:17 98816 ----a-w- c:\windows\sed.exe

2011-07-11 23:00:17 518144 ----a-w- c:\windows\SWREG.exe

2011-07-11 22:37:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-11 22:06:16 -------- d-sh--w- c:\documents and settings\administrator.homewatch\IECompatCache

2011-07-11 22:02:53 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\AVG10

2011-07-11 20:59:35 -------- d-----w- C:\bb90d90176c79febb773643a

2011-07-01 04:09:37 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\Skinux

2011-07-01 04:09:35 -------- d-----w- c:\documents and settings\administrator.homewatch\local settings\application data\CounterPath Corporation

2011-07-01 04:09:35 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\CounterPath Corporation

2011-07-01 02:39:25 -------- d-----w- C:\8e229b368aea56275bbfc5681ec25e

2011-06-30 22:50:29 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\IObit

2011-06-30 22:49:46 -------- d-----w- c:\documents and settings\administrator.homewatch\application data\Malwarebytes

2011-06-30 22:49:38 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-30 22:49:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-30 22:49:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 22:49:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-30 22:06:43 -------- d-sh--w- c:\documents and settings\administrator.homewatch\PrivacIE

2011-06-30 19:37:27 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-30 19:37:27 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-06-30 16:25:20 -------- d-----w- c:\program files\IObit

2011-06-30 15:42:46 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-06-30 15:42:08 -------- d-----w- c:\program files\AVG

2011-06-30 15:37:42 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-06-27 19:16:38 -------- d-----w- c:\program files\TelevisionFanatic

2011-06-27 19:16:26 -------- d-----w- c:\program files\TelevisionFanaticEI

2011-06-27 19:14:44 650752 ----a-w- c:\windows\system32\xvidcore.dll

2011-06-27 19:14:44 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-06-27 19:14:44 152064 ----a-w- c:\windows\system32\xvid.ax

2011-06-27 19:14:41 -------- d-----w- c:\program files\Xvid

2011-06-17 10:02:52 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-16 14:20:23 105472 ------w- c:\windows\system32\dllcache\mup.sys

.

==================== Find3M ====================

.

2011-06-27 19:25:20 18944 ----a-w- c:\windows\system32\version.dll

2011-06-27 19:25:19 110080 ----a-w- c:\windows\system32\imm32.dll

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2011-04-14 21:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-04-14 21:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-04-14 21:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-04-14 21:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-04-14 21:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-04-14 21:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-04-14 21:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-04-14 21:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-04-14 21:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-04-14 21:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-04-14 21:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe

2003-06-20 22:05:44 2368613 ----a-w- c:\program files\common files\QBFC2.1Installer.exe

.

============= FINISH: 10:20:21.46 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

I still see AVG and McAfee installed/enabled. They will continue to interfere.

Please download this file and save it as it's originally named, next to ComboFix.exe.

RC1-4.gif

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, it will ask you whether or not to continue with the malware scan. Select Yes, and post the resultant log.

-screen317

Link to post
Share on other sites
EdOr

EdOr

Posted
  • Author
Posted

Ok, finally got it to produce a log file after the added in Windows utility you instructe to add to Combofix.

If it helps; In "Add and Remove Programs" I was able to remove AVG, and it no longer shows up in the list of programs after reboot, but I see in the log it says it is still installed and active. I tried to remove MacAfee too, but it pops up a window that says:"Navigation to webpage was canceled" and does nothing else but allow to "x" out of the window.

What next?

Here it is the combofix log:

ComboFix 11-07-18.01 - TracieN 07/19/2011 13:23:20.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2382 [GMT -7:00]

Running from: c:\documents and settings\TracieN\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\TracieN\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

.

.

.

((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))

.

.

2011-07-19 15:05 . 2011-07-19 15:05 -------- d-----w- C:\02e068d404290831023535

2011-07-18 18:38 . 2011-07-18 18:38 -------- d-----w- C:\aa034c97014b6ae55c708d

2011-07-15 22:46 . 2011-07-15 22:46 -------- d-----w- C:\a32b7b54ccd144f5ef4f3e10

2011-07-14 15:04 . 2011-07-15 21:48 -------- d-----w- C:\514dabeb394370549631

2011-07-13 15:04 . 2011-07-13 15:04 -------- d-----w- C:\16bd3373b7daba1cb67e09ec130953

2011-07-11 22:37 . 2011-07-12 15:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-11 20:59 . 2011-07-11 20:59 -------- d-----w- C:\bb90d90176c79febb773643a

2011-07-05 19:06 . 2011-07-05 19:06 -------- d-----w- c:\documents and settings\TracieN\Application Data\Malwarebytes

2011-07-01 05:03 . 2011-07-01 05:03 -------- d-----w- c:\program files\7-Zip

2011-07-01 04:03 . 2011-07-01 04:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Intuit

2011-07-01 02:39 . 2011-07-01 02:39 -------- d-----w- C:\8e229b368aea56275bbfc5681ec25e

2011-06-30 22:49 . 2011-06-30 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-30 22:49 . 2011-07-18 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-30 22:00 . 2011-07-11 22:06 -------- d-----w- c:\documents and settings\Administrator.HOMEWATCH

2011-06-30 19:37 . 2011-07-11 22:31 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-30 19:37 . 2011-07-11 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-06-30 16:25 . 2011-06-30 16:26 -------- d-----w- c:\documents and settings\TracieN\Application Data\IObit

2011-06-30 16:25 . 2011-06-30 16:26 -------- d-----w- c:\program files\IObit

2011-06-30 15:49 . 2011-06-30 15:49 -------- d-----w- c:\documents and settings\TracieN\Application Data\AVG10

2011-06-30 15:42 . 2011-07-11 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-06-30 15:42 . 2011-06-30 15:42 -------- d-----w- c:\program files\AVG

2011-06-30 15:37 . 2011-07-11 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-06-27 19:16 . 2011-06-27 19:16 -------- d-----w- c:\program files\TelevisionFanatic

2011-06-27 19:14 . 2011-03-21 13:58 152064 ----a-w- c:\windows\system32\xvid.ax

2011-06-27 19:14 . 2011-03-19 15:06 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-06-27 19:14 . 2011-03-19 15:04 650752 ----a-w- c:\windows\system32\xvidcore.dll

2011-06-27 19:14 . 2011-06-27 19:14 -------- d-----w- c:\program files\Xvid

2011-06-21 19:01 . 2011-06-21 19:07 -------- d-----w- c:\documents and settings\coordinator

2011-06-21 18:49 . 2011-07-01 15:11 -------- d-----w- c:\documents and settings\scheduler

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-27 19:25 . 2006-02-28 02:00 18944 ----a-w- c:\windows\system32\version.dll

2011-06-27 19:25 . 2006-02-28 02:00 110080 ----a-w- c:\windows\system32\imm32.dll

2011-06-02 14:02 . 2006-02-28 02:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-02 15:31 . 2006-02-28 02:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2006-02-28 02:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2006-02-28 02:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2006-02-28 02:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-26 11:07 . 2006-02-28 02:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-04-25 16:11 . 2006-02-28 02:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2006-02-28 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2006-02-28 02:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2006-02-28 02:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2006-02-28 02:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2003-06-20 22:05 . 2007-07-19 17:45 2368613 ----a-w- c:\program files\Common Files\QBFC2.1Installer.exe

2010-01-29 18:37 . 2010-01-29 18:37 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2011-04-14 21:01 . 2011-03-01 22:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-06-27 . 06F64F27A3D4E24D7152F8515CF635EC . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll

[7] 2006-02-28 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

.

[-] 2011-06-27 . C7307DF49D6C9A9C6E1A995F515A419A . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll

[7] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\tnelson\Start Menu\Programs\Startup\

Yammer.lnk - c:\program files\Yammer\Yammer.exe [2010-4-1 95232]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-10-05 15:36 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"IMFservice"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\CounterPath\\Bria\\bria.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R2 gupdate1c9e3d12c9c5c2d;Google Update Service (gupdate1c9e3d12c9c5c2d);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 133104]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]

R2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\TELEVI~2\bar\1.bin\64barsvc.exe [2011-06-27 42504]

R2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\tnelson\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe [2010-01-27 139264]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 133104]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]

R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2009-08-18 678912]

R3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\DRIVERS\TSUSB2.sys [2008-08-04 54016]

S0 atiide;atiide;c:\windows\system32\DRIVERS\atiide.sys [2006-09-13 3840]

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-04-14 84200]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2006-07-14 534040]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]

S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

.

2011-07-01 c:\windows\Tasks\diff.job

- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]

.

2011-07-16 c:\windows\Tasks\Full.job

- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 22:26]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 22:26]

.

2011-07-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1089530128-397176591-3299723014-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1911278139-1797553926-3513879574-1155.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-1138.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-1142.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-1144.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1089530128-397176591-3299723014-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1911278139-1797553926-3513879574-1155.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-1138.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-1142.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-1144.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-19 c:\windows\Tasks\User_Feed_Synchronization-{F2DD748F-06C7-49A3-898B-EE25583F45AF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=XPxdm002YYus&ptb=86F8072E-3F6B-4371-98E9-DBEC706A17DB

uInternet Connection Wizard,ShellNext = ftp://ftp.homewatchcaregivers.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.250 24.205.192.61

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-19 14:12

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

**************************************************************************

.

Completion time: 2011-07-19 14:21:16

ComboFix-quarantined-files.txt 2011-07-19 21:21

ComboFix2.txt 2011-07-13 17:18

ComboFix3.txt 2011-07-12 01:21

.

Pre-Run: 24,801,918,976 bytes free

Post-Run: 25,410,613,248 bytes free

.

- - End Of File - - 7A69F60153800248E71C03AB4381F44D

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Run this to remove all AVG components; reboot afterward:

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe

Run this to remove all McAfee components; reboot afterward:

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Fcopy::
C:\windows\ServicePackFiles\i386\imm32.dll | c:\windows\system32\imm32.dll

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites
  • 3 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.