Help with combofix log

[tw0rld]

I would like some help with this combo fix log. I am in the process of cleaning up a system for a fiend of mine. I am now in the final stage, and would like some help interpreting this log.
I have read the post here https://www.techspot.com/vb/topic138086.html, but hoping that this is ok as I am not asking for much help. Hope to hear from someone.
Thank You.

 

[kimsland]

Well my personal thoughts would be to remove McAfee, obviously it hasn't helped the User

Preferably try Free Avira Antivirus (fully updated) and full scan completed
But if you don't do this then you will have to do an online scan (Kaspersky will do for that) Edit: Oh Kaspersky online scanner is temporarily unavailable

Oh and P2P doesn't help (and its the likely cause anyway)
Consider uninstalling BearShare and any others installed

Also do all Windows Security Updates

You know the log really reports a mess

 

[tw0rld]

yeah I know. I have been working on his system for 3 days now. It has gotten a lot better. I ran Malwarebytes, spybot, SAS, Avira, ccleaner, Vundofix, Combofix and Eset fron Nod32. Almost a thousand instances of infections were found. At this point I know that I should be considering reformatting, but there are prorams on he system that the user uses, but do not have any source for reinstallation. I know that I should update software and OS, but I am only in what I think is the final process of Malware removal process.

 

[kimsland]

>> Malwarebytes has just updated to a new version and database in the last day
Please update it, and run a quick scan (whilst in Normal Mode, on the infected computer)

 

[tw0rld]

I did get that update, as I have done Multiple updates and rescans. The newer version found nothing. The combo fix log is what I am concerned about, as shows that there are still some suspicious files on the system.

 

[kritius]

In the future don't run things on peoples machines that you cannot interperet.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\fmywqwhd.sys
c:\windows\system32\drivers\wjlqgjdz.sys
c:\windows\system32\drivers\qiktdir.sys

Driver::
fmywqwhd
wjlqgjdz
jjwmgnefwt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=-

SRPeek::
c:\windows\system32\qmgr.dll

Folder::
C:\program files\yaitkl
c:\documents and settings\Carol Douglas\Application Data\mjusbsp

DirLook::
c:\documents and settings\Guest\Application Data\blinkx

KILLALL::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

[tw0rld]

Combofix log

Thank You for the help kritius. The requested log is attached.

 

[kritius]

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  • c:\windows\system32\qmgr.dll
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Guest\Application Data\wklnhst.dat

Folder::
c:\documents and settings\Guest\Application Data\mjusbsp
c:\documents and settings\Guest\Application Data\blinkx


Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.