Still messed up

[EdOr]

Hi,

I was in the mix to recover this PC and had to drop it for about 4 weeks ago for other priorities. I've lost the thread and so I'm starting a new one. The difficulty is removing MacAfee and AVG to progress beyond where we left off. The progress to date has recovered some programs, file and folders, yet there are several programs in the "All Programs" list that show "empty", e.g., Quickbooks. I have the disk for QB, you recommend to try loading it again?

Last ComboFix Log:

ComboFix 11-08-01.02 - TracieN 08/01/2011 10:58:04.7.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2470 [GMT -7:00]

Running from: c:\documents and settings\TracieN\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\TracieN\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\imm32.dll --> c:\windows\system32\imm32.dll

.

((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))

.

.

2011-08-01 17:29 . 2011-08-01 17:29 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-19 15:05 . 2011-07-19 15:05 -------- d-----w- C:\02e068d404290831023535

2011-07-18 18:38 . 2011-07-18 18:38 -------- d-----w- C:\aa034c97014b6ae55c708d

2011-07-15 22:46 . 2011-07-15 22:46 -------- d-----w- C:\a32b7b54ccd144f5ef4f3e10

2011-07-14 15:04 . 2011-07-15 21:48 -------- d-----w- C:\514dabeb394370549631

2011-07-13 15:04 . 2011-07-13 15:04 -------- d-----w- C:\16bd3373b7daba1cb67e09ec130953

2011-07-11 22:37 . 2011-08-01 17:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-11 22:06 . 2011-07-11 22:06 -------- d-sh--w- c:\documents and settings\Administrator.HOMEWATCH\IECompatCache

2011-07-11 20:59 . 2011-07-11 20:59 -------- d-----w- C:\bb90d90176c79febb773643a

2011-07-05 19:06 . 2011-07-05 19:06 -------- d-----w- c:\documents and settings\TracieN\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-01 17:29 . 2010-05-19 19:21 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-27 19:25 . 2006-02-28 02:00 18944 ----a-w- c:\windows\system32\version.dll

2011-06-02 14:02 . 2006-02-28 02:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2003-06-20 22:05 . 2007-07-19 17:45 2368613 ----a-w- c:\program files\Common Files\QBFC2.1Installer.exe

2010-01-29 18:37 . 2010-01-29 18:37 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2011-04-14 21:01 . 2011-03-01 22:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-06-27 . C7307DF49D6C9A9C6E1A995F515A419A . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll

[7] 2006-02-28 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\documents and settings\tnelson\Start Menu\Programs\Startup\

Yammer.lnk - c:\program files\Yammer\Yammer.exe [2010-4-1 95232]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2010-10-05 15:36 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bria]

2009-06-26 23:07 17907712 ----a-w- c:\program files\CounterPath\Bria\bria.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"IMFservice"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\CounterPath\\Bria\\bria.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R2 gupdate1c9e3d12c9c5c2d;Google Update Service (gupdate1c9e3d12c9c5c2d);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 133104]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]

R2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\TELEVI~2\bar\1.bin\64barsvc.exe [2011-06-27 42504]

R2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\tnelson\Local Settings\Application Data\Zimbra\zdesktop\zdesktop.exe [2010-01-27 139264]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 133104]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]

R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2009-08-18 678912]

R3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\DRIVERS\TSUSB2.sys [2008-08-04 54016]

S0 atiide;atiide;c:\windows\system32\DRIVERS\atiide.sys [2006-09-13 3840]

S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-04-14 84200]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2006-07-14 534040]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]

S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-04-14 88736]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

.

2011-07-01 c:\windows\Tasks\diff.job

- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]

.

2011-07-23 c:\windows\Tasks\Full.job

- c:\windows\system32\ntbackup.exe [2006-02-28 00:12]

.

2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 22:26]

.

2011-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 22:26]

.

2011-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1089530128-397176591-3299723014-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1911278139-1797553926-3513879574-1155.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-1138.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-1142.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-1144.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-961117031-1944572115-1770970122-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1089530128-397176591-3299723014-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1911278139-1797553926-3513879574-1155.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-1138.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-08-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-1142.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-1144.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-07-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-961117031-1944572115-1770970122-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2011-08-01 c:\windows\Tasks\User_Feed_Synchronization-{F2DD748F-06C7-49A3-898B-EE25583F45AF}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = ftp://ftp.homewatchcaregivers.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.250 24.205.192.61

FF - ProfilePath -

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-01 11:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

Completion time: 2011-08-01 11:13:57

ComboFix-quarantined-files.txt 2011-08-01 18:13

ComboFix2.txt 2011-07-23 23:57

ComboFix3.txt 2011-07-19 22:33

ComboFix4.txt 2011-07-19 21:21

ComboFix5.txt 2011-08-01 17:51

.

Pre-Run: 22,859,255,808 bytes free

Post-Run: 23,904,595,968 bytes free

.

- - End Of File - - 6F4E616DBFE212F9B60809C4A60D996E

Last dss log:

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by TracieN at 11:22:36 on 2011-08-01

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2265 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\PDF Complete\pdfsvc.exe

c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = ftp://ftp.homewatchcaregivers.com/

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110510115829.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://hwcserver/connectcomputer/nshelp.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199410328133

DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxps://reports2.paychoiceonline.com/pcoreports/arview2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://homewatchcaregivers.webex.com/client/T27L/nbr/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.250 24.205.192.61

TCP: Interfaces\{1310A1C8-B84C-4950-8AF2-D34B47D7F11C} : DhcpNameServer = 192.168.1.250 24.205.192.61

TCP: Interfaces\{C0BF6E7B-4FA8-47FB-BD90-1BFBE01C189D} : DhcpNameServer = 192.168.1.15 24.205.192.61 24.205.224.36

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-9-13 3840]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-1 387480]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-1 84200]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-10 47640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-29 93320]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-1 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-1 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 141792]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-7-2 534040]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-1 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-1 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-1 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736]

S2 gupdate1c9e3d12c9c5c2d;Google Update Service (gupdate1c9e3d12c9c5c2d);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]

S2 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\logmein\x86\lmiguardiansvc.exe" --> c:\program files\logmein\x86\LMIGuardianSvc.exe [?]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]

S2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\televi~2\bar\1.bin\64barsvc.exe [2011-6-27 42504]

S2 Zimbra Desktop Service;Zimbra Desktop Service;c:\documents and settings\tnelson\local settings\application data\zimbra\zdesktop\zdesktop.exe [2010-7-6 139264]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-1 56064]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-1 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-1 84488]

S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]

S3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\drivers\TSUSB2.sys [2009-4-13 54016]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2011-08-01 17:48:42 -------- d-----w- C:\ComboFix

2011-08-01 17:38:20 -------- d-----w- C:\ComboFix124530C

2011-08-01 17:29:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-24 00:22:17 -------- d-----w- C:\ComboFix18028C

2011-07-23 23:39:15 208896 ----a-w- c:\windows\MBR.exe

2011-07-23 23:39:11 98816 ----a-w- c:\windows\sed.exe

2011-07-23 23:39:11 518144 ----a-w- c:\windows\SWREG.exe

2011-07-23 23:39:11 256000 ----a-w- c:\windows\PEV.exe

2011-07-23 23:38:53 -------- d-----w- C:\ComboFix1

2011-07-19 15:05:48 -------- d-----w- C:\02e068d404290831023535

2011-07-18 18:38:10 -------- d-----w- C:\aa034c97014b6ae55c708d

2011-07-18 17:56:03 -------- d-sha-r- C:\cmdcons

2011-07-15 22:46:25 -------- d-----w- C:\a32b7b54ccd144f5ef4f3e10

2011-07-14 15:04:28 -------- d-----w- C:\514dabeb394370549631

2011-07-13 15:04:29 -------- d-----w- C:\16bd3373b7daba1cb67e09ec130953

2011-07-11 22:37:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-11 20:59:35 -------- d-----w- C:\bb90d90176c79febb773643a

2011-07-05 19:06:55 -------- d-----w- c:\documents and settings\tracien\application data\Malwarebytes

.

==================== Find3M ====================

.

2011-08-01 17:29:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-27 19:25:20 18944 ----a-w- c:\windows\system32\version.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

2003-06-20 22:05:44 2368613 ----a-w- c:\program files\common files\QBFC2.1Installer.exe

.

============= FINISH: 11:23:44.03 ===============

last attempt log to unistall MacAfee:

MCAFEE CLEANUP

August 01, 2011 10:36:51

INFO Silent mode activated.

INFO Cleanup will be scheduled and run.

INFO Product Auth to be removed from system.

INFO Product EMproxy to be removed from system.

INFO Product FWdiver to be removed from system.

INFO Product McSvcHost to be removed from system.

INFO Product HW to be removed from system.

INFO Product MAS to be removed from system.

INFO Product MAT to be removed from system.

INFO Product MBK to be removed from system.

INFO Product MCPR to be removed from system.

INFO Product McProxy to be removed from system.

INFO Product MHN to be removed from system.

INFO Product MNA to be removed from system.

INFO Product MOBK to be removed from system.

INFO Product MPFP to be removed from system.

INFO Product MPFPCU to be removed from system.

INFO Product MPS to be removed from system.

INFO Product SHRED to be removed from system.

INFO Product MPSCU to be removed from system.

INFO Product MQC to be removed from system.

INFO Product MQCCU to be removed from system.

INFO Product MSAD to be removed from system.

INFO Product MSHR to be removed from system.

INFO Product MSK to be removed from system.

INFO Product MSKCU to be removed from system.

INFO Product MWL to be removed from system.

INFO Product NMC to be removed from system.

INFO Product RedirSvc to be removed from system.

INFO Product VS to be removed from system.

INFO Product MSC to be removed from system.

INFO Start trust.

INFO MfeApTrustLegacyProcessStart return FALSE.

INFO Disable AP and wait for 5 seconds.

INFO Task Scheduler service started.

WINERR IPersistFile::Save() failed. Error: 0x8007007a

FAIL Error while running cleanup using Task Scheduler.

INFO End trust.

Hope we can get this fixed soon! Tahnks.

[screen317]

Hi,

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

FCOPY::
c:\windows\ServicePackFiles\i386\version.dll | c:\windows\system32\version.dll

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!