Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Virus/Pop ups - Vista Anti-Virus 2011

This is a discussion on Virus/Pop ups - Vista Anti-Virus 2011 within the Resolved HJT Threads forums, part of the Tech Support Forum category. ** DDS.txt ** . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.19048 Run by Ram Balakumar at 10:30:37 on 2011-05-21 Microsoft®


 
 
Thread Tools Search this Thread
Old 05-21-2011, 10:26 PM   #1
Registered Member
 
Join Date: Mar 2006
Posts: 133
OS: WINDOWS XP



** DDS.txt **
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by Ram Balakumar at 10:30:37 on 2011-05-21
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2045.760 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\Windows\system32\rundll32.exe
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\mdm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Ram Balakumar\AppData\Local\icp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
H:\dds.com
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {74F6C5A9-0EAD-4a71-891E-376A838DF1F0} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110519143625.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [googletalk] c:\users\ram balakumar\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EasyTether] "c:\program files\mobile stream\easytether\easytthr.exe"
uRun: [Google Update] "c:\users\ram balakumar\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\rambal~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: kimley-horn.com\mail01
Trusted Zone: mcafee.com
Trusted Zone: pbcc.edu\www
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ram balakumar\appdata\roaming\mozilla\firefox\profiles\d7v2f6n3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - Google
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\ram balakumar\appdata\roaming\mozilla\firefox\profiles\d7v2f6n3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\ram balakumar\appdata\roaming\mozilla\firefox\profiles\d7v2f6n3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\users\ram balakumar\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\users\ram balakumar\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\ram balakumar\appdata\roaming\mozilla\firefox\profiles\d7v2f6n3.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\users\ram balakumar\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ram balakumar\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuestService: {F2DDDB92-1605-4260-9B25-45A4DAE87B50} - c:\program files\mozilla firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
FF - Ext: Autofill Forms: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: C# Formatters: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: Groovy Formatters: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: Java Formatters: [email protected] - %profile%\extensions\[email protected]
FF - Ext: LogMeIn, Inc. Remote Access Plugin: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: Perl Formatter: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: PHP Formatters: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: Python Formatters: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: Ruby Formatters: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: PopupMaster: {35106bca-6c78-48c7-ac28-56df30b51d2d} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Selenium IDE: {a6fd85ed-e919-4a43-a5af-8da18bda539f} - %profile%\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-6 387480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-10-6 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-6 165032]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-6 56064]
R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2010-8-24 10496]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-6 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-6 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-6 314088]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-4-6 13224]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-6 84488]
.
=============== Created Last 30 ================
.
2011-05-21 14:31:30 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{29072f99-eed7-481e-97eb-268095adb681}\MpKsl38cf1242.sys
2011-05-21 05:54:11 327680 --sha-w- c:\users\ram balakumar\appdata\local\icp.exe
2011-05-21 04:14:54 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8481817c-98c1-49d5-a3d3-e5e05fc8a300}\gapaengine.dll
2011-05-21 04:13:45 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{29072f99-eed7-481e-97eb-268095adb681}\mpengine.dll
2011-05-20 21:38:51 -------- d-----w- c:\program files\NaturalSoft
2011-05-20 04:01:45 -------- d-----w- c:\windows\pss
2011-05-11 04:24:45 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-27 18:14:48 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 18:14:45 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 18:14:34 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
==================== Find3M ====================
.
2011-04-14 19:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 19:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 19:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 19:01:38 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 19:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 19:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 19:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 19:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 19:01:38 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 19:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 19:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-03-18 18:32:10 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:24:10 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24:02 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23:59 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23:55 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 10:41:27.62 ===============


**ISSUE**



My computer is infected with Vista Anti-Virus 2011. When I try to open Firefox or Internet Explorer I get a pop up (Attached - Image 1). I also get various other pop ups from Vista Anti-Virus 2011 and I have screenshots of the same however I am not able to attach them with this message cos of the limit on the number of attachments.

I normally use Firefox as my primary browser but yesterday I opened IE as I was having some problem with Firefox. As soon as I did it I started getting these pop ups.

Also when I tried to run gmer.exe my computer crashed and a blue screen appeared. Finally I did manage to run the program. I am posting this query from another computer and not the infected one.

Thank you so much in advance for your help.
Attached Thumbnails
Click image for larger version

Name:	Image 1.jpg
Views:	19
Size:	46.5 KB
ID:	92211  
Attached Files
File Type: zip Attach.zip (10.2 KB, 17 views)
edifiz is offline  
Sponsored Links
Advertisement
 
Old 05-25-2011, 05:39 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

It appears that you have two antivirus programs installed and running, McAfee and MS Security Essentials. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix_N.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-25-2011, 06:25 PM   #3
Registered Member
 
Join Date: Mar 2006
Posts: 133
OS: WINDOWS XP



Thanks for your response. I am actually using a different computer to post to this thread as I am unable to open Firefox or IE or programs like notepad, paint on the infected computer. Today I am getting this error message (attached file - 1). Few days back I got the following error message (attached file - 5)

So initially when I ran the DDS and GMER files I copied it on a flash drive and ran it on the infected computer. In your response you mention that ComboFix should be directly saved on my desktop. Can I save it on a flash drive, transfer it to the desktop of the infected computer and then run it from there?

Please let me know.

Thanks
Attached Thumbnails
Click image for larger version

Name:	Image 5.jpg
Views:	24
Size:	82.1 KB
ID:	92395  
Attached Files
File Type: doc 1.doc (89.0 KB, 16 views)
edifiz is offline  
Sponsored Links
Advertisement
 
Old 05-25-2011, 06:46 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello edifiz. You're welcome.

Quote:
Can I save it on a flash drive, transfer it to the desktop of the infected computer and then run it from there?
Absolutely. Do this first:
  • Download EXE File Association Fix and Save it to your Desktop.
  • If necessary, download to USB drive and run it from the drive.
  • Extract the reg file to your desktop and double-click xp_exe_fix.reg
  • Answer 'Yes' to merge/add it to the registry.
  • Click 'OK'.
  • X out of the window.
You should be able to run your executables now. IE and FF may or may not run.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-25-2011, 08:29 PM   #5
Registered Member
 
Join Date: Mar 2006
Posts: 133
OS: WINDOWS XP



Thank you so much.

As soon as I ran EXE File Association Fix all the programs like Notepad, Paint, FF and IE started working. When I opened FF/IE I did not get the Vista 2011 Anti Virus pop ups or any other error message. I do not know if the EXE filed fixed the virus problem. However I still went ahead and ran ComboFix. Here is the log.

Thank you so much once again for all your help.

**ComboFix.txt**


ComboFix 11-05-25.01 - Ram Balakumar 05/25/2011 21:00:07.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2045.1103 [GMT -5:00]
Running from: c:\users\Ram Balakumar\Desktop\ComboFix_N.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ram Balakumar\AppData\Roaming\Local
c:\users\Ram Balakumar\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Ram Balakumar\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Ram Balakumar\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Top.Chef.S08E03.New.Yorks.Finest.HDTV.XviD-MOMENTUM_ns.avi.ddp
c:\users\Ram Balakumar\AppData\Roaming\Local\Temp\DDM\Settings\Top.Chef.S08E03.New.Yorks.Finest.HDTV.XviD-MOMENTUM_ns.avi.ddr
c:\users\Ram Balakumar\g2mdlhlpx.exe
c:\windows\system32\arp.exe
c:\windows\system32\msconfig.exe
c:\windows\system32\spool\prtprocs\w32x86\LXAKPP5C.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 )))))))))))))))))))))))))))))))
.
.
2011-05-26 02:16 . 2011-05-26 02:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-26 02:16 . 2011-05-26 02:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-26 01:53 . 2011-05-26 01:54 -------- d-----w- C:\ComboFix_N
2011-05-20 21:38 . 2011-05-20 21:38 -------- d-----w- c:\program files\NaturalSoft
2011-05-11 04:24 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-27 18:14 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 18:14 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 18:14 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 19:01 . 2010-10-06 22:12 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 19:01 . 2010-10-06 22:11 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 19:01 . 2010-10-06 22:11 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 19:01 . 2010-10-06 22:11 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 19:01 . 2010-10-06 22:11 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 19:01 . 2010-10-06 22:11 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 19:01 . 2010-10-06 22:11 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 19:01 . 2010-10-06 22:11 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 19:01 . 2010-10-06 22:11 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 19:01 . 2010-10-06 22:11 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 19:01 . 2010-10-06 22:11 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-03-18 18:32 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-10 17:03 . 2011-04-15 02:28 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 02:28 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 02:28 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 18:14 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 18:14 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 18:14 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 18:14 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-15 02:28 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 02:28 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-06-27 11:57 . 2008-08-01 23:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 19:01 . 2010-10-06 22:12 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"googletalk"="c:\users\Ram Balakumar\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-26 68856]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-27 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-25 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-25 81920]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
.
c:\users\Ram Balakumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-23 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-11-23 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 500 Series (Copy 1)]
2008-02-21 21:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEQA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 20:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R0 mbyvlisi;mbyvlisi;c:\windows\System32\drivers\gwqteq.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 204800]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-04-07 13224]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-27 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 13312]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]
S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
S2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2007-02-11 11107]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-04-07 27632]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
*Deregistered* - MpNWMon
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-26 13:44]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 01:42]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 01:42]
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1520818200-32887276-2255528091-1000Core.job
- c:\users\Ram Balakumar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:36]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1520818200-32887276-2255528091-1000UA.job
- c:\users\Ram Balakumar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:36]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{EC5514CC-3DCA-4261-B197-8ADDE2F3EFC7}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: kimley-horn.com\mail01
Trusted Zone: mcafee.com
Trusted Zone: pbcc.edu\www
FF - ProfilePath - c:\users\Ram Balakumar\AppData\Roaming\Mozilla\Firefox\Profiles\d7v2f6n3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: QuestService: {F2DDDB92-1605-4260-9B25-45A4DAE87B50} - c:\program files\Mozilla Firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
FF - Ext: Autofill Forms: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: C# Formatters: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: Groovy Formatters: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: Java Formatters: [email protected] - %profile%\extensions\[email protected]
FF - Ext: LogMeIn, Inc. Remote Access Plugin: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: Perl Formatter: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: PHP Formatters: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: Python Formatters: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Selenium IDE: Ruby Formatters: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: PopupMaster: {35106bca-6c78-48c7-ac28-56df30b51d2d} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Selenium IDE: {a6fd85ed-e919-4a43-a5af-8da18bda539f} - %profile%\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{74F6C5A9-0EAD-4a71-891E-376A838DF1F0} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-25 21:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-25 21:24:06
ComboFix-quarantined-files.txt 2011-05-26 02:23
ComboFix2.txt 2010-02-09 02:33
.
Pre-Run: 19,667,734,528 bytes free
Post-Run: 19,814,694,912 bytes free
.
- - End Of File - - E43BD8923D534F06E26C812EBA8EC356
edifiz is offline  
Old 05-25-2011, 08:46 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, edifiz. You're very welcome! How is the machine behaving?

------------------------------------------------------

I see you have P2P software ( BitLord ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here and here.

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->Programs->Programs and Features if it still exists:

Coupon Printer for Windows<<Please read here

If you decide to uninstall it, also delete the following Folder if it still exists:

C:\Program Files\Coupons

------------------------------------------------------

Please uninstall the following via the Programs and Features section of your Control Panel if they still exist:

LiveUpdate 3.2 (Symantec Corporation)

------------------------------------------------------

I see you already have MBAM on your machine.
  • Launch Malwarebytes' Anti-Malware
  • Under the Update tab, click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says JDK 6 Update 25 (JDK or JRE)
  • Click the Download JRE button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6u25 with JavaFX License Agreement.
  • Click Continue The page will refresh.
  • Click on the link to download Offline Installation and Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start(or Computer) > Control Panel > Programs and double-click on Programs and Features and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE, J2SE, Java(TM) SE or Java(TM) 6) in the name.
  • Click the Uninstall button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop right-click on jre-6u25-windows-i586.exe and select Run as Administrator to install the newest version.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
    • Delete jre-6u25-windows-i586.exe from your desktop.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-26-2011, 08:39 PM   #7
Registered Member
 
Join Date: Mar 2006
Posts: 133
OS: WINDOWS XP



I apologize for the late reply. The scanning took almost 12 hours.

I had uninstalled Bitlord some time back. It was not under my list of installed progams however there was a folder under C:/Programs which I deleted now.

I have uninstalled Coupon Printer for Windows and also deleted the related folder.

I did not find LiveUpdate 3.2 in Control Panel under the list of installed programs.

I deleted the older version of Java and have now installed the newer version.

**MBAM log**

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6682

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

5/26/2011 12:59:21 AM
mbam-log-2011-05-26 (00-59-21).txt

Scan type: Quick scan
Objects scanned: 160955
Time elapsed: 12 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Gameztar Toolbar (Adware.Gameztar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Ram Balakumar\AppData\Local\icp.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\ram balakumar\local settings\temporary internet files\Low\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\Users\ram balakumar\local settings\temporary internet files\Low\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\tdf.dat (Adware.BHO) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------

**ESET report**

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=7002a0aa72af4f4dbdecc184dc88253a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-27 01:57:01
# local_time=2011-05-26 08:57:01 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 44995786 44995786 0 0
# compatibility_mode=5121 16777213 100 75 500892 22654758 0 0
# compatibility_mode=5892 16776573 100 100 28149592 143028692 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=418854
# found=2
# cleaned=0
# scan_time=40300
I:\My Games\Azad01a1_DL.exe a variant of Win32/Kryptik.GTW trojan (unable to clean) 00000000000000000000000000000000 I
I:\My Games\Enlightenus 1\En1igh13nus_DL.part1.rar a variant of Win32/Kryptik.GTW trojan (unable to clean) 00000000000000000000000000000000 I


--------------------------------------------------------------------------

**report on system behavior**

My issue was the Vista 2011 Antivirus application that kept popping up and would not let me access internet on my computer. That issue is now resolved. Thank you.

My computer does take a lot of time to load at start up. Is it cos of all the programs that load on start up? I see lot of programs on the task bar near the clock. I have tried exiting from these programs however they appear every time i restart the machine. Can you please let me know if I need all those programs? And if not, how can I permanently disable them. I have attached a screenshot o give you a better idea.

Thank you once again for all your help. I really appreciate it.
Attached Thumbnails
Click image for larger version

Name:	Taskbar programs.jpg
Views:	25
Size:	53.1 KB
ID:	92437  
edifiz is offline  
Old 05-26-2011, 09:08 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, edifiz. You're very welcome.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"I:\My Games\Azad01a1_DL.exe"
"I:\My Games\Enlightenus 1\En1igh13nus_DL.part1.rar"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.bat to run it.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

Go here and follow the Usage Instructions for analyzing your startups and whether or not they need to start automatically:

Startup Programs Database

It gives instructions for downloading a simple application(Autoruns) that will allow you to stop unnecessary applications from running at startup.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-27-2011, 07:20 PM   #9
Registered Member
 
Join Date: Mar 2006
Posts: 133
OS: WINDOWS XP



Hi

How long is fix.bat supposed to run. When I ran the program a blank window with a black screen opened but nothing is showing up and there is a cursor blinking in the window. This is for the last 30 minutes. I just want to make sure its running properly.

**Start up Programs**

Thanks for the link with regards to the Start up programs. However I am a little confused here. There are many programs listed with the same name (for example: windows update). There are some programs that runs on Start up in my computer that is not listed there (for example. Dell Touchpad, Dell Quickset, Side Note). I don't know if it listed under a different name in the database. Or if I am searching it wrong. There is no icon or symbol for me to check and be sure if its the same program. Also they have a 'Filename' column. What is that for? How do I check the 'Filename' of the program running on my computer that way it will be easier to correspond it with the 'Name'. I apologize if I am asking you very basic questions.

Thanks a lot for your help.
edifiz is offline  
Old 05-27-2011, 08:21 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, edifiz. Was your I:\ drive inserted when you ran fix.bat? Please try it again. It should be quick.

See if this helps with Autoruns:

How To Use The Startup Database.

Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-27-2011, 08:43 PM   #11
Registered Member
 
Join Date: Mar 2006
Posts: 133
OS: WINDOWS XP



Thanks. The external hard drive was not connected. I got the following message: Deleted Successfully !!! Press any key to continue ...

I will read the thread about Startup Database and post in the appropriate forum if I have any concerns.

Thanks once again.
edifiz is offline  
Old 05-27-2011, 09:01 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable McAfee before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > Windows End of Support Information - Windows Help & How-to

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-27-2011, 10:22 PM   #13
Registered Member
 
Join Date: Mar 2006
Posts: 133
OS: WINDOWS XP



I have uninstalled Combofix, deleted all logs and files and emptied my recycle bin.

I also read the Startup Program Database thread and they have explained everything clearly there. I have removed the programs that are not required or are threats.

I will also follow all the other instructions in your post about keeping my computer clean and free from virus. I generally do it regularly but I will be more careful in the future.

Thank you so much for your help and time. I really appreciate it a lot.
edifiz is offline  
Old 05-27-2011, 10:30 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, edifiz! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
xp Anti Virus 2011
I have successfully removed the virus before but now it has come back. I forgot on how I did it :sigh: so I am coming here for help. It is currently happening on my other computer which has Windows Xp. I need help :S . DDS (Ver_11-03-05.01) - NTFSx86 Run by HP_Owner at 20:45:19.18 on...
younginz Inactive Malware Help Topics 7 05-16-2011 07:07 AM
100++ 0x7f (0x0,,,) BSODs - ati2mtag.sys
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*https://msdl.microsoft.com/download/symbols...
victory89 Windows XP Support 26 04-02-2011 06:27 AM
Redirecting and virus problems
My computer is redirecting and im sure i have a virus. When i try to run gmer it shuts my computer down even when only checking sections and c drive. Here is the logs that i could get. Thanks in advance. Timmy This is not the same computer as my previous problems. Thanks timmy DDS...
toliver30471 Resolved HJT Threads 21 02-23-2011 06:09 PM
Repeated Crashing and BSOD during games
Hey. So here is my problem. I build my computer maybe 2 years ago, and for about the last 6 months it has been crashing and bsod, mostly on games. It wasn't bad at first, but kept getting worse and worse. Lately I can't play a game for more than 5 minutes without a crash. I am currently doing a...
Vega_034 BSOD, App Crashes And Hangs 10 01-18-2011 05:13 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:16 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts