Tech Support banner

Status
Not open for further replies.
1 - 11 of 11 Posts

·
Registered
Joined
·
17 Posts
Discussion Starter #1
If only I had found this site before I messed with my computer....

I am a blissfuly ignorant computer user with a dell desktop XP home and a wireless laptop vista basic. I looked thru some of the information on this site to try and solve my own problem, but I am overwelmed. I know more in one day of reading here than I have ever known about computers. Unfortunatly, I still know nothing about the problem I have.

About three weeks ago my kids were using the dell and said that we needed to update our software since there was a warning on the computer. Because I have an up-to-date Mcafee protection package on both computers I was not worried.

A program named Advanced Virus Remover was running on the Dell. It seems to be a virus/spyware thing. It locked up some programs and was a real pain. I tried the mcafee scan, but it would not run. I chatted mcafee and they suggested I send them about $90.00 and they may be able to help. I did not go that route. I tried several other free help things like malwarebites etc.,etc.

I tried Windows support chat, we tried many things including using their free scan, it shut down and would not run. I got to the ONECARE website and downloaded the 90 day trial package of protection, I killed the mcafee and onecare ran and I think it killed the Advanced Virus remover problem. It also said I needed many updates, so I let it start installing. It installed the XP sp3 and alot of other stuff. Some installs were not sucessful. It killed the IE on the computer also.

After that I could not get a connection on the dell, but the vista laptop works fine ( I am using it now) When I try to use email it says error 0x80040900 server can not be found on the network. I used the laptop to download and install EI7 and it is there again but it can not connect.
When I try to use it and troubleshoot the connection I get a message in the address bar " res://ieframe.dll/dnserror.htm# "

I uninstalled the onecare and the XP SP3 and reinstalled the mcafee. I tried free reg cleaners and bought and used registry mechanic ( I said I was blissfully ignorant in the beginning of this post) when the registry mechanic runs, it always finds many problems and says it fixes or ignores them. I have uninstalled it after reading about registry cleaners on this site.

Since the computer has no connection, I can't do much except download to a memory stick and add information by that method.

Although I know nothing about software, I feel tht something is just turned off or there is a setting that I need to turn back on. I tried hooking up the DSL cable without the router and it did not work, lathough the dell knew when I unplugged the cable. I tried the cable in the laptop and it worked fine.

I would be grateful for any suggestions anyone has. Thanks for reading this,



DDS (Ver_09-07-30.01) - NTFSx86
Run by ken at 20:25:12.48 on Thu 08/20/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.615 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6145\SAService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6145\SiteAdv.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptcl.dll
BHO: Browser Helper Object: {afd4ad01-58c1-47db-a404-fbe00a6c5486} - c:\program files\shared\lib.dll
BHO: CPub Object: {c68ae9c0-0909-4ddc-b661-c1afb9f5ae53} - c:\program files\mcafee\mps\mcpopup.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [Cbukixanimif] rundll32.exe "c:\windows\etoqitejigucin.dll",e
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6145\SiteAdv.exe
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DXDllRegExe] dxdllreg.exe
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 00000000
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoFileSysPage = 0 (0x0)
uPolicies-system: NoNetSetup = 0 (0x0)
uPolicies-system: NoNetSetupIDPage = 0 (0x0)
uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)
uPolicies-system: NoWorkgroupContents = 0 (0x0)
uPolicies-system: NoEntireNetwork = 0 (0x0)
uPolicies-system: NoFileSharingControl = 0 (0x0)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoFolderOptions = 00000000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com\online
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249144485875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6145\SiteAdv.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: karna.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = psrypbd.dll scecli

============= SERVICES / DRIVERS ===============

R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2009-8-14 540776]
R2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2009-8-14 493144]
R2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2009-8-14 248416]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-14 144960]
R2 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-14 643664]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-2-15 79880]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-2-15 35272]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 214024]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2009-2-15 40552]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-8-14 353368]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2008-11-5 79144]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2009-2-15 34216]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2006-6-22 131776]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2009-08-14 20:06 1,396 a------- c:\windows\system32\Config.MPF
2009-08-14 19:39 <DIR> --d----- c:\program files\SiteAdvisor
2009-08-14 19:39 <DIR> --d----- c:\docume~1\ken\applic~1\SiteAdvisor
2009-08-14 19:36 109,608 a------- c:\windows\system32\drivers\Mpfp.sys
2009-08-14 19:35 <DIR> --d----- c:\program files\common files\McAfee
2009-08-14 17:46 <DIR> --d----- c:\program files\ACW
2009-08-02 23:05 65,064 a------- C:\WindowsXP-KB953979-x86-ENU.exe
2009-08-02 23:00 8,704 a------- C:\fixccs.exe
2009-08-02 00:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Netscape Internet Service
2009-08-01 16:30 3,293 a------- c:\windows\aholutej.dll
2009-08-01 15:50 3,213 a------- c:\windows\osinehoh.dll
2009-08-01 15:45 3,245 a------- c:\windows\system32\wbem\Outlook_01ca12e8f2814070.mof
2009-08-01 13:31 3,237 a------- c:\windows\evuzeqeqal.dll
2009-08-01 12:40 268,648 a------- c:\windows\system32\mucltui.dll
2009-08-01 12:40 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-08-01 12:03 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-01 11:25 3,229 a------- c:\windows\urureciy.dll
2009-08-01 10:05 3,093 a------- c:\windows\orolanun.dll
2009-08-01 04:44 3,205 a------- c:\windows\ihubesidaci.dll
2009-08-01 02:38 3,237 a------- c:\windows\iripoquq.dll
2009-08-01 01:11 3,213 a------- c:\windows\esorowij.dll
2009-07-31 22:09 3,309 a------- c:\windows\ijocagayusaq.dll
2009-07-31 21:49 <DIR> --d----- c:\program files\msn gaming zone
2009-07-31 21:13 3,285 a------- c:\windows\omutidac.dll
2009-07-31 18:00 3,317 a------- c:\windows\ahevesebevaxitig.dll
2009-07-31 06:10 3,221 a------- c:\windows\eloderotegixiv.dll
2009-07-30 21:54 3,277 a------- c:\windows\ulinehohicekiqa.dll
2009-07-30 21:14 3,293 a------- c:\windows\exejiseciyopubop.dll
2009-07-30 20:50 3,221 a------- c:\windows\ivufacoc.dll
2009-07-30 20:32 3,285 a------- c:\windows\odihogajim.dll
2009-07-30 19:35 3,325 a------- c:\windows\ulinehoh.dll
2009-07-30 17:26 3,277 a------- c:\windows\ukeqihoj.dll
2009-07-30 17:13 3,301 a------- c:\windows\erugobeyeyogomu.dll
2009-07-29 21:31 3,205 a------- c:\windows\efufozujecaz.dll
2009-07-29 21:12 3,317 a------- c:\windows\ovahefonu.dll
2009-07-29 19:06 3,309 a------- c:\windows\efoxukow.dll
2009-07-29 18:12 3,197 a------- c:\windows\iputuzuhovehula.dll
2009-07-29 17:57 3,213 a------- c:\windows\acujivanoqiqur.dll
2009-07-28 22:41 3,253 a------- c:\windows\ibawoniqivuxege.dll
2009-07-28 21:39 3,213 a------- c:\windows\akometeq.dll
2009-07-28 20:49 <DIR> --d----- c:\program files\Enigma Software Group
2009-07-28 20:30 3,293 a------- c:\windows\epayucucenayu.dll
2009-07-28 19:43 3,309 a------- c:\windows\epuzevuq.dll
2009-07-28 19:43 369 a------- C:\Shortcut to !KillBox.lnk
2009-07-28 19:10 <DIR> --d----- C:\!KillBox
2009-07-28 18:44 3,285 a------- c:\windows\ujolikoqatu.dll
2009-07-28 17:52 3,221 a------- c:\windows\opasadoq.dll
2009-07-27 21:46 3,197 a------- c:\windows\ogawedokez.dll
2009-07-27 21:12 3,213 a------- c:\windows\ogesoletunuxafuj.dll
2009-07-27 21:00 3,205 a------- c:\windows\ivihayati.dll
2009-07-27 19:46 3,213 a------- c:\windows\ukacelotefaco.dll
2009-07-27 19:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-27 18:54 3,213 a------- c:\windows\oveqajetecoqa.dll
2009-07-27 17:58 3,213 a------- c:\windows\ujuzaxeqetalajo.dll
2009-07-27 17:36 3,213 a------- c:\windows\uhatokesikomeje.dll
2009-07-27 17:32 <DIR> --d----- c:\docume~1\ken\applic~1\Malwarebytes
2009-07-27 17:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-27 17:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 14:34 3,229 a------- c:\windows\acobimonusijeg.dll
2009-07-26 10:56 3,205 a------- c:\windows\opejomucetuheseh.dll
2009-07-26 08:52 3,205 a------- c:\windows\otihoveh.dll
2009-07-26 06:45 <DIR> --d----- c:\program files\Citrix
2009-07-26 06:21 3,221 a------- c:\windows\ogujadanapiqif.dll
2009-07-26 06:15 <DIR> --d----- c:\docume~1\ken\applic~1\McAfee
2009-07-25 22:38 3,213 a------- c:\windows\iyocosaqomice.dll
2009-07-25 22:20 120 a------- c:\windows\Pvenebev.dat
2009-07-25 19:22 20,992 -------- c:\windows\system32\winhelper.dll
2009-07-23 19:46 <DIR> --d----- c:\program files\Shared

==================== Find3M ====================

2009-08-14 23:04 77,939 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-19 08:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 08:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-06-29 06:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 06:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 03:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 03:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 03:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-16 09:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2008-10-31 18:14 61,224 a------- c:\documents and settings\ken\GoToAssistDownloadHelper.exe
2008-10-17 16:41 19,418 a------- c:\docume~1\alluse~1\applic~1\olif.dat
2008-10-17 16:41 13,494 a------- c:\docume~1\alluse~1\applic~1\owec.sys
2008-10-17 16:41 12,551 a------- c:\program files\common files\wikibawivi.reg
2008-10-17 16:41 14,952 a------- c:\program files\common files\lirewiha.ban
2009-02-06 21:09 16,384 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-10-30 22:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008103020081031\index.dat

============= FINISH: 20:25:41.68 ===============
 

Attachments

·
Registered
Joined
·
17 Posts
Discussion Starter #2
Thanks but I am trying something else. Not fixed yet, but I have a connection and may try combofix if I can't make it work any other way.
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
This machine is heavily infected, I do wish you'd hold off on running ComboFix. As mentioned in the Disclaimer and our pre-posting topic, it should only be run under guidance.

Kindly supply new dds.txt and run a new scan with gmer - but please configure it as instructed:

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 

·
Registered
Joined
·
17 Posts
Discussion Starter #4
Thanks for looking, I understand tht everyone is busy and I need to get something going with this machine. From the way it it is running, it seems fine now. But as I said, I am blissfully ignorant about computer problems.

One of the things that this virus has helped me do is get a external harddrive and back up everything.

I am attaching the logs. If they are wrong, I am a computer idiot, but I can learn, Thanks for your help, Ken


DDS (Ver_09-07-30.01) - NTFSx86
Run by ken at 20:11:07.79 on Mon 08/31/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.507 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ken\Desktop\gmer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\ken\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\ken\startm~1\programs\startup\seagat~2.lnk - c:\documents and settings\ken\application data\leadertech\powerregister\Seagate Product Registration.exe
uPolicies-explorer: NoFolderOptions = 00000000
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoFileSysPage = 0 (0x0)
uPolicies-system: NoNetSetup = 0 (0x0)
uPolicies-system: NoNetSetupIDPage = 0 (0x0)
uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)
uPolicies-system: NoWorkgroupContents = 0 (0x0)
uPolicies-system: NoEntireNetwork = 0 (0x0)
uPolicies-system: NoFileSharingControl = 0 (0x0)
mPolicies-explorer: NoFolderOptions = 00000000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com\online
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249144485875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: karna.dat??
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = psrypbd.dll scecli

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-29 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-8-29 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-29 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-29 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-15 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-15 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-15 40552]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2008-11-5 79144]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-15 34248]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2006-6-22 131776]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2009-08-30 14:03 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-30 14:03 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-30 14:03 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-30 14:03 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-30 14:03 <DIR> --d----- C:\1c92a15274d84935f629840423
2009-08-30 13:55 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-30 13:48 <DIR> --d----- c:\windows\ie8updates
2009-08-30 11:09 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-08-30 10:50 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-08-30 10:50 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-30 10:50 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-30 10:50 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-30 10:50 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-08-30 10:45 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-30 10:45 2,180,480 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-30 10:45 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-30 10:45 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-30 10:20 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-08-30 08:35 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 08:35 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-30 07:07 135,168 a------- c:\windows\system32\igfxres.dll
2009-08-30 00:56 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-29 22:37 3,187 a------- c:\windows\ezosevihego.dll
2009-08-29 21:10 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-29 20:35 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-29 20:31 3,179 a------- c:\windows\ituhukuhox.dll
2009-08-29 13:56 <DIR> --dsh--- c:\documents and settings\ken\IECompatCache
2009-08-29 13:47 3,211 a------- c:\windows\ociwixanimi.dll
2009-08-29 12:38 6,723 a------- c:\windows\system32\Config.MPF
2009-08-29 12:36 <DIR> --d----- c:\program files\SiteAdvisor
2009-08-29 12:30 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-08-29 12:29 <DIR> --d----- c:\program files\common files\McAfee
2009-08-29 12:28 <DIR> --d----- c:\program files\McAfee
2009-08-29 11:41 3,195 a------- c:\windows\ojuzaxeqeta.dll
2009-08-29 08:49 <DIR> --dsh--- c:\documents and settings\ken\PrivacIE
2009-08-29 08:43 <DIR> --dsh--- c:\documents and settings\ken\IETldCache
2009-08-29 08:35 <DIR> -cd-h--- c:\windows\ie8
2009-08-28 16:47 2,422 a------- c:\windows\system32\wpa.bak
2009-08-27 22:43 86,073 ac------ c:\windows\system32\dllcache\voicesub.dll
2009-08-27 22:42 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-08-27 22:41 66,082 ac------ c:\windows\system32\dllcache\c_1148.nls
2009-08-27 22:41 <DIR> --d----- c:\program files\msn gaming zone
2009-08-27 22:39 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-08-27 22:39 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-08-27 22:39 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-08-27 22:39 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-08-27 22:39 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-08-27 22:36 259,072 ac------ c:\windows\system32\dllcache\snmpcl.dll
2009-08-27 22:36 40,448 ac------ c:\windows\system32\dllcache\snmpthrd.dll
2009-08-27 22:36 259,072 a------- c:\windows\system32\wbem\snmpcl.dll
2009-08-27 22:36 40,448 a------- c:\windows\system32\wbem\snmpthrd.dll
2009-08-27 22:15 <DIR> --d----- c:\windows\setup.pss
2009-08-27 17:17 <DIR> --d----- c:\windows\dell
2009-08-25 23:02 1,902 a------- c:\windows\system32\SetupBD.din
2009-08-25 23:02 <DIR> --d----- C:\drvrtmp
2009-08-23 23:01 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-23 22:27 215,552 ac------ c:\windows\system32\dllcache\wordpad.exe
2009-08-23 09:25 <DIR> --d----- c:\program files\AVG
2009-08-14 17:46 <DIR> --d----- c:\program files\ACW
2009-08-02 23:05 65,064 a------- C:\WindowsXP-KB953979-x86-ENU.exe
2009-08-02 23:00 8,704 a------- C:\fixccs.exe
2009-08-02 00:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Netscape Internet Service

==================== Find3M ====================

2009-08-27 22:37 23,444 a------- c:\windows\system32\emptyregdb.dat
2009-08-14 23:04 77,939 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-01 16:30 3,293 a------- c:\windows\aholutej.dll
2009-08-01 15:50 3,213 a------- c:\windows\osinehoh.dll
2009-08-01 13:31 3,237 a------- c:\windows\evuzeqeqal.dll
2009-08-01 11:25 3,229 a------- c:\windows\urureciy.dll
2009-08-01 10:05 3,093 a------- c:\windows\orolanun.dll
2009-08-01 04:44 3,205 a------- c:\windows\ihubesidaci.dll
2009-08-01 02:38 3,237 a------- c:\windows\iripoquq.dll
2009-08-01 01:11 3,213 a------- c:\windows\esorowij.dll
2009-07-31 22:09 3,309 a------- c:\windows\ijocagayusaq.dll
2009-07-31 21:13 3,285 a------- c:\windows\omutidac.dll
2009-07-31 18:00 3,317 a------- c:\windows\ahevesebevaxitig.dll
2009-07-31 06:10 3,221 a------- c:\windows\eloderotegixiv.dll
2009-07-30 21:54 3,277 a------- c:\windows\ulinehohicekiqa.dll
2009-07-30 21:14 3,293 a------- c:\windows\exejiseciyopubop.dll
2009-07-30 20:50 3,221 a------- c:\windows\ivufacoc.dll
2009-07-30 20:32 3,285 a------- c:\windows\odihogajim.dll
2009-07-30 19:35 3,325 a------- c:\windows\ulinehoh.dll
2009-07-30 17:26 3,277 a------- c:\windows\ukeqihoj.dll
2009-07-30 17:13 3,301 a------- c:\windows\erugobeyeyogomu.dll
2009-07-29 21:31 3,205 a------- c:\windows\efufozujecaz.dll
2009-07-29 21:12 3,317 a------- c:\windows\ovahefonu.dll
2009-07-29 19:06 3,309 a------- c:\windows\efoxukow.dll
2009-07-29 18:12 3,197 a------- c:\windows\iputuzuhovehula.dll
2009-07-29 17:57 3,213 a------- c:\windows\acujivanoqiqur.dll
2009-07-28 23:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 23:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-28 22:41 3,253 a------- c:\windows\ibawoniqivuxege.dll
2009-07-28 21:39 3,213 a------- c:\windows\akometeq.dll
2009-07-28 20:30 3,293 a------- c:\windows\epayucucenayu.dll
2009-07-28 19:43 3,309 a------- c:\windows\epuzevuq.dll
2009-07-28 18:44 3,285 a------- c:\windows\ujolikoqatu.dll
2009-07-28 17:52 3,221 a------- c:\windows\opasadoq.dll
2009-07-27 21:46 3,197 a------- c:\windows\ogawedokez.dll
2009-07-27 21:12 3,213 a------- c:\windows\ogesoletunuxafuj.dll
2009-07-27 21:00 3,205 a------- c:\windows\ivihayati.dll
2009-07-27 19:46 3,213 a------- c:\windows\ukacelotefaco.dll
2009-07-27 18:54 3,213 a------- c:\windows\oveqajetecoqa.dll
2009-07-27 17:58 3,213 a------- c:\windows\ujuzaxeqetalajo.dll
2009-07-27 17:36 3,213 a------- c:\windows\uhatokesikomeje.dll
2009-07-26 14:34 3,229 a------- c:\windows\acobimonusijeg.dll
2009-07-26 10:56 3,205 a------- c:\windows\opejomucetuheseh.dll
2009-07-26 08:52 3,205 a------- c:\windows\otihoveh.dll
2009-07-26 06:21 3,221 a------- c:\windows\ogujadanapiqif.dll
2009-07-25 22:38 3,213 a------- c:\windows\iyocosaqomice.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-08 13:44 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 13:44 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-07-08 13:44 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-07-08 13:44 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-07-08 13:43 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-12 06:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 02:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll
2008-10-31 18:14 61,224 a------- c:\documents and settings\ken\GoToAssistDownloadHelper.exe
2008-10-17 16:41 19,418 a------- c:\docume~1\alluse~1\applic~1\olif.dat
2008-10-17 16:41 13,494 a------- c:\docume~1\alluse~1\applic~1\owec.sys
2008-10-17 16:41 12,551 a------- c:\program files\common files\wikibawivi.reg
2008-10-17 16:41 14,952 a------- c:\program files\common files\lirewiha.ban
2009-02-06 21:09 16,384 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-10-30 22:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008103020081031\index.dat

============= FINISH: 20:12:17.04 ===============
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hi Ken, you did just fine. Keeping regular backups is something that everyone should do, I'm glad you finally got around to it. :smie:


Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

====================================================


Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.

Open McAfee Security Centre
  • Under Common Tasks click on Home
  • Click Computer Files
  • Click Configure
  • Make sure the following are disabled by ticking the "Off" button.

    Virus protection
    Spyware protection
    System Guards Protection
    Script Scanning Protection (you may have to scroll down to see it)​
  • Next, select never for "When to re-enable real time scanning"
  • and click OK.

====================================================


Double click on combofix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
 

·
Registered
Joined
·
17 Posts
Discussion Starter #6
Some of the things I noticed, I had to turn off Mcafee before downloading the Combofix, After it was done, I turned Mcafee back on, When I went to log onto this site to post this reply, I got a message the IE was not my default browser and did I want it to be so I clicked yes.


ComboFix 09-08-31.03 - ken 08/31/2009 22:40.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.603 [GMT -5:00]
Running from: c:\documents and settings\ken\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\123\Local Settings\Application Data\{B1A8888D-9E33-4174-A9D6-A82FE4AD2093}
c:\documents and settings\123\Local Settings\Application Data\{B1A8888D-9E33-4174-A9D6-A82FE4AD2093}\chrome.manifest
c:\documents and settings\123\Local Settings\Application Data\{B1A8888D-9E33-4174-A9D6-A82FE4AD2093}\chrome\content\_cfg.js
c:\documents and settings\123\Local Settings\Application Data\{B1A8888D-9E33-4174-A9D6-A82FE4AD2093}\chrome\content\overlay.xul
c:\documents and settings\123\Local Settings\Application Data\{B1A8888D-9E33-4174-A9D6-A82FE4AD2093}\install.rdf
c:\documents and settings\Administrator\Local Settings\Application Data\{5497BECB-A36F-4A3B-A297-E3B65FBD9E1F}
c:\documents and settings\Administrator\Local Settings\Application Data\{5497BECB-A36F-4A3B-A297-E3B65FBD9E1F}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{5497BECB-A36F-4A3B-A297-E3B65FBD9E1F}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{5497BECB-A36F-4A3B-A297-E3B65FBD9E1F}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{5497BECB-A36F-4A3B-A297-E3B65FBD9E1F}\install.rdf
c:\documents and settings\ken\Local Settings\Application Data\{EE3F219B-C0A6-47E5-9F81-B9DEF6C573E2}
c:\documents and settings\ken\Local Settings\Application Data\{EE3F219B-C0A6-47E5-9F81-B9DEF6C573E2}\chrome.manifest
c:\documents and settings\ken\Local Settings\Application Data\{EE3F219B-C0A6-47E5-9F81-B9DEF6C573E2}\chrome\content\_cfg.js
c:\documents and settings\ken\Local Settings\Application Data\{EE3F219B-C0A6-47E5-9F81-B9DEF6C573E2}\chrome\content\overlay.xul
c:\documents and settings\ken\Local Settings\Application Data\{EE3F219B-C0A6-47E5-9F81-B9DEF6C573E2}\install.rdf
c:\program files\Common Files\wikibawivi.reg
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\windows\acobimonusijeg.dll
c:\windows\acujivanoqiqur.dll
c:\windows\ahevesebevaxitig.dll
c:\windows\aholutej.dll
c:\windows\akometeq.dll
c:\windows\axikexuliv.reg
c:\windows\efoxukow.dll
c:\windows\efufozujecaz.dll
c:\windows\eloderotegixiv.dll
c:\windows\epayucucenayu.dll
c:\windows\epuzevuq.dll
c:\windows\erugobeyeyogomu.dll
c:\windows\esorowij.dll
c:\windows\evuzeqeqal.dll
c:\windows\exejiseciyopubop.dll
c:\windows\ezosevihego.dll
c:\windows\ibawoniqivuxege.dll
c:\windows\ihubesidaci.dll
c:\windows\ijocagayusaq.dll
c:\windows\iputuzuhovehula.dll
c:\windows\iripoquq.dll
c:\windows\ituhukuhox.dll
c:\windows\ivihayati.dll
c:\windows\ivufacoc.dll
c:\windows\iyocosaqomice.dll
c:\windows\ociwixanimi.dll
c:\windows\odihogajim.dll
c:\windows\ogawedokez.dll
c:\windows\ogesoletunuxafuj.dll
c:\windows\ogujadanapiqif.dll
c:\windows\ojuzaxeqeta.dll
c:\windows\omutidac.dll
c:\windows\opasadoq.dll
c:\windows\opejomucetuheseh.dll
c:\windows\orolanun.dll
c:\windows\osinehoh.dll
c:\windows\otihoveh.dll
c:\windows\ovahefonu.dll
c:\windows\oveqajetecoqa.dll
c:\windows\system\oeminfo.ini
c:\windows\uhatokesikomeje.dll
c:\windows\ujolikoqatu.dll
c:\windows\ujuzaxeqetalajo.dll
c:\windows\ukacelotefaco.dll
c:\windows\ukeqihoj.dll
c:\windows\ulinehoh.dll
c:\windows\ulinehohicekiqa.dll
c:\windows\urureciy.dll
c:\windows\wpd99.drv

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-08-30 19:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-30 19:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-30 19:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-30 19:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-30 19:03 . 2009-08-30 19:04 -------- d-----w- C:\1c92a15274d84935f629840423
2009-08-30 18:55 . 2009-08-30 18:55 -------- d-----w- c:\program files\MSXML 6.0
2009-08-30 18:48 . 2009-08-30 18:48 -------- d-----w- c:\windows\ie8updates
2009-08-30 16:09 . 2009-08-30 23:08 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-08-30 15:50 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-30 15:50 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-30 15:50 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-30 15:50 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-30 15:50 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-08-30 15:45 . 2009-02-06 17:22 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-30 15:45 . 2009-02-06 17:24 2180480 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-30 15:45 . 2009-02-06 16:49 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-30 15:45 . 2009-02-06 16:49 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-30 15:20 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-30 13:35 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 13:35 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 12:07 . 2005-04-06 00:18 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-08-30 05:56 . 2009-08-30 05:56 -------- d-----w- c:\windows\ServicePackFiles
2009-08-30 02:10 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-30 01:23 . 2009-08-30 01:23 152576 ----a-w- c:\documents and settings\ken\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-29 18:56 . 2009-08-29 18:56 -------- d-sh--w- c:\documents and settings\ken\IECompatCache
2009-08-29 17:36 . 2009-08-29 17:36 -------- d-----w- c:\program files\SiteAdvisor
2009-08-29 17:30 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-29 17:29 . 2009-08-29 17:30 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-29 17:28 . 2009-08-31 22:20 -------- d-----w- c:\program files\McAfee
2009-08-29 13:49 . 2009-08-29 13:49 -------- d-sh--w- c:\documents and settings\ken\PrivacIE
2009-08-29 13:43 . 2009-08-29 13:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-29 13:43 . 2009-08-29 13:43 -------- d-sh--w- c:\documents and settings\ken\IETldCache
2009-08-29 13:35 . 2009-08-29 13:39 -------- dc-h--w- c:\windows\ie8
2009-08-28 03:44 . 2004-08-04 12:00 4677 -c--a-w- c:\windows\system32\dllcache\zeeverm.dll
2009-08-28 03:44 . 2004-08-04 12:00 41029 -c--a-w- c:\windows\system32\dllcache\zcorem.dll
2009-08-28 03:44 . 2004-08-04 12:00 36937 -c--a-w- c:\windows\system32\dllcache\zclientm.exe
2009-08-28 03:44 . 2004-08-04 12:00 29760 -c--a-w- c:\windows\system32\dllcache\znetm.dll
2009-08-28 03:44 . 2004-08-04 12:00 13894 -c--a-w- c:\windows\system32\dllcache\zonelibm.dll
2009-08-28 03:44 . 2004-08-04 12:00 113222 -c--a-w- c:\windows\system32\dllcache\zoneclim.dll
2009-08-28 03:44 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-08-28 03:44 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2009-08-28 03:42 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2009-08-28 03:41 . 2004-08-04 12:00 82501 -c--a-w- c:\windows\system32\dllcache\bckg.dll
2009-08-28 03:36 . 2004-08-04 12:00 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2009-08-28 03:36 . 2004-08-04 12:00 40448 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
2009-08-28 03:36 . 2004-08-04 12:00 259072 -c--a-w- c:\windows\system32\dllcache\snmpcl.dll
2009-08-28 03:36 . 2004-08-04 12:00 259072 ----a-w- c:\windows\system32\wbem\snmpcl.dll
2009-08-28 03:29 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-08-28 03:29 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-08-28 03:29 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-08-28 03:29 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-08-27 22:17 . 2009-08-27 22:17 -------- d-----w- c:\windows\dell
2009-08-26 04:02 . 2009-08-26 04:02 -------- d-----w- C:\drvrtmp
2009-08-26 02:29 . 2009-01-16 07:19 1731736 ----a-w- c:\documents and settings\ken\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe
2009-08-24 04:01 . 2009-08-24 04:01 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-24 03:28 . 2009-08-24 03:28 -------- d-----w- c:\windows\system32\FxsTmp
2009-08-24 03:28 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\htrn_jis.dll
2009-08-24 03:28 . 2004-08-04 10:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2009-08-24 03:28 . 2004-08-04 10:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2009-08-24 03:28 . 2004-08-04 10:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2009-08-24 03:28 . 2004-08-04 10:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2009-08-24 03:28 . 2004-08-04 10:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2009-08-23 14:25 . 2009-08-23 14:25 -------- d-----w- c:\program files\AVG
2009-08-14 22:46 . 2009-08-14 22:46 -------- d-----w- c:\program files\ACW
2009-08-14 22:11 . 2009-08-14 22:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-08-08 13:55 . 2009-08-08 13:55 35376 ----a-w- c:\documents and settings\123\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 04:05 . 2009-08-03 03:58 65064 ----a-w- C:\WindowsXP-KB953979-x86-ENU.exe
2009-08-03 04:00 . 2008-06-03 11:31 8704 ----a-w- C:\fixccs.exe
2009-08-02 05:25 . 2009-08-03 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Netscape Internet Service

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 03:50 . 2009-01-24 01:53 -------- d-----w- c:\documents and settings\ken\Application Data\IM
2009-09-01 02:09 . 2009-01-24 02:11 -------- d-----w- c:\program files\SolidWorks Corp
2009-09-01 02:07 . 2009-01-24 01:55 -------- d-----w- c:\program files\Common Files\SolidWorks Installation Manager
2009-09-01 01:29 . 2009-01-24 03:49 -------- d-----w- c:\documents and settings\ken\Application Data\SolidWorks
2009-08-30 13:35 . 2009-07-27 22:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 03:31 . 2009-07-26 03:20 120 ----a-w- c:\windows\Pvenebev.dat
2009-08-30 01:34 . 2006-04-27 22:43 -------- d-----w- c:\program files\Java
2009-08-29 17:38 . 2006-04-27 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-29 17:29 . 2006-04-27 22:58 -------- d-----w- c:\program files\McAfee.com
2009-08-29 14:29 . 2006-05-28 23:18 35376 ----a-w- c:\documents and settings\ken\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-28 03:37 . 2004-08-10 18:02 23444 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-23 20:36 . 2008-03-19 13:29 -------- d-----w- c:\program files\Punch! 5 in 1
2009-08-23 14:11 . 2006-10-07 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-08-16 14:37 . 2009-07-26 01:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-15 04:04 . 2004-08-10 18:03 77939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 17:03 . 2009-08-01 17:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-30 22:27 . 2009-07-29 01:49 -------- d-----w- c:\program files\Enigma Software Group
2009-07-29 08:56 . 2009-01-24 01:53 126976 ----a-w- c:\documents and settings\ken\Application Data\IM\lang\english\sldadminoptioneditorresu.dll
2009-07-29 08:55 . 2009-01-24 01:53 258048 ----a-w- c:\documents and settings\ken\Application Data\IM\lang\english\sldIMresu.dll
2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-28 00:20 . 2009-07-28 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 23:27 . 2009-07-27 23:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-27 22:32 . 2009-07-27 22:32 -------- d-----w- c:\documents and settings\ken\Application Data\Malwarebytes
2009-07-27 22:32 . 2009-07-27 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-26 11:45 . 2009-07-26 11:45 -------- d-----w- c:\program files\Citrix
2009-07-26 11:15 . 2009-07-26 11:15 -------- d-----w- c:\documents and settings\ken\Application Data\McAfee
2009-07-25 22:29 . 2006-09-03 02:04 35376 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 10:23 . 2009-02-01 13:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-19 07:45 . 2008-12-14 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-04 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 06:42 . 2009-07-26 11:37 286880 ----a-w- c:\documents and settings\ken\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-07-12 13:15 . 2009-01-24 02:07 -------- d-----w- c:\program files\MSECache
2009-07-11 12:45 . 2009-07-11 12:45 -------- d-----w- c:\program files\Electronic Arts
2009-07-08 18:44 . 2009-02-16 01:41 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-08 18:44 . 2009-02-16 01:41 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-08 18:44 . 2009-02-16 01:41 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-08 18:44 . 2009-01-09 18:03 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 18:43 . 2009-02-16 01:19 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2004-08-10 18:01 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2008-10-17 21:41 . 2008-10-17 21:41 14952 ----a-w- c:\program files\Common Files\lirewiha.ban
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-07-29 7320872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

c:\documents and settings\ken\Start Menu\Programs\Startup\
Seagate Product Registration.lnk - c:\documents and settings\ken\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe [2009-8-25 1731736]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/29/2009 12:35 PM 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [11/5/2008 2:59 AM 79144]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [6/22/2006 9:40 PM 131776]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 8:01 AM 2799808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-29 02:26]

2009-08-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-29 02:26]

2009-09-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-DXDllRegExe - dxdllreg.exe
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com\online
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 22:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1820)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-09-01 22:56 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-01 03:56

Pre-Run: 80,826,220,544 bytes free
Post-Run: 80,811,692,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

327 --- E O F --- 2009-08-31 22:26
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hi realitycheck,

Some of the things I noticed, I had to turn off Mcafee before downloading the Combofix
Amazing how it will let infections in and not be able to clean them, yet block the tools we need to clean the system. :rolleyes:

ComboFix resets IE to Windows default, which is why you received that prompt. It's the same prompt you would have seen when you first updated to IE7, and you would see that prompt again should you upgrade to IE8.


How is the system behaving now?

What we need to do now is run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
 

·
Registered
Joined
·
17 Posts
Discussion Starter #8
I ran the kaspersky scan and here are the results. What would you recommend as far as virus protection and settings to prevent problems in the future?

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 2, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 02, 2009 04:49:29
Records in database: 2738954
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 88902
Threats found: 1
Infected objects found: 0
Suspicious objects found: 9
Scan duration: 02:40:35


File name / Threat / Threats count
C:\Documents and Settings\ken\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 9

Selected area has been scanned.
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Your McAfee is fine. Nothing can protect you from all forms of malware, nor clean it all. New methods of infecting systems comes out daily, and it's impossible for anyone or any company to anticipate what, and how, they will infect a system next.

The first line of defense are your internet surfing habits. I'll have links for you shortly.

Kaspersky is reporting suspicious emails in your Outlook backup, and they really do not pose any threat there. If you do not know how to clear that out, I would suggest asking the folks in our Microsoft Office Support section.

=================================


Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and IE.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

- Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

- Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.



- Most importantly, Think Prevention

-----------------------------------------------------


**Kindly respond one more time and let me know if we may consider this thread resolved.
 

·
Registered
Joined
·
17 Posts
Discussion Starter #10
throw down your crutches and walk, you are healed!!

Ried, you rule! My problem is solved, I have my computer back, I did not lose any data. I could not be happier. Thank You for helping this computer idiot get rid of a computer problem.

Ken
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Thanks, but really, it's ComboFix that rules. :winkgrin:

I'm glad your computer is back to how it should be. Take care. :wave:
 
1 - 11 of 11 Posts
Status
Not open for further replies.
Top