Inactive 1st Post Problem 7 Step Info

[everythingsm]

This my 2nd time to post so if I've doesn't something wrong let me know.

I recvd a Java File and the problems started. My Mcaffee quarratiened 2ea Trojans(211DB.545 Generic Dropper.vagent & 4131E3.SYS Generic Dropper.vagent .. maybe off with some of the info).

Then I started running My MalwreBytes and with Quckscan it found the below log. I then deleted the bad files and reboot as instructed by Malwarebytes.

5/30/2011 3:06:43 PM
mbam-log-2011-05-30 (15-06-43).txt

Scan type: Quick scan
Objects scanned: 166011
Time elapsed: 20 minute(s), 3 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\documents and settings\all users\application data\ggepskfpxtp.exe (Trojan.FakeMS) -> 4164 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ggePSKfpxtP (Trojan.FakeMS) -> Value: ggePSKfpxtP -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\ggepskfpxtp.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.


When my computer came back up No Desk Top, No Taskbar, NO Explorer, could not System Restore, can't update Windows files. I then ran programs (Malwarebytes = found nothing, SPybot = Win32Palevo, SuperAntiSypyare=0... ran these in Safe Mode & regular MODE). When my problem persist I tried a XP REPAIR(I've done this before and it fixed my problems. This time at XP REPAIR it hangs at the black Microsoft Screen with hour glass.. and does not complete the REPAIR. I do HARD REBOOT(turn computer on and off) and still have same problems. I went to folder options and checked SHOW HIDDEN FILES so I can see my files now that had dissappeared by data still on drive.

Please HELP I have provided what I can for your 7 Step request.

6/2/11
Step 1: Ran McAfee - Nothing found (Quick & Full Scan)

Step 2: I can not get updates to MalewareBytes. I beleive since I tried the XP Repair all updates were eraised and my version is old and as I start to update I get error messages. I tried to REMOVE program to reinstall and now my verion doesn't show a date and says no updates available. CAN I DOWN OAD THIS TO CD AND RUN ON BD COMPUTER ???

Step 3: GMER
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-02 07:46:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500620AS rev.DE13
Running: uioh329i.exe; Driver: C:\DOCUME~1\Scott\LOCALS~1\Temp\afnyrpow.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EAF212]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EAF1D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EAF1E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9EAF23C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EAF228]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EAF1FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Step 4 DDS


DDS (Ver_2011-06-01.06) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Scott at 7:52:39 on 2011-06-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2451 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110516154635.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: download.microsoft.com
Trusted Zone: internet
Trusted Zone: live.com\help
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306968218859
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238625505953
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5570/mcfscan.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{828C2BA4-0F6E-453A-BB67-3E7A39EBCB20} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-26 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-7 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-7 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-2-14 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-7 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-7 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-7 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-7 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-7 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-7 141792]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-7 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-1 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-1 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-7 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-7 88736]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-7 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-7 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-1 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-1 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-01 00:30:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-06-01 00:30:48 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2011-05-31 14:18:59 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2011-05-31 14:17:59 7680 -c--a-w- c:\windows\system32\dllcache\ftpctrs2.dll
2011-05-31 14:03:52 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-05-31 14:03:52 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-05-31 14:03:52 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-05-31 14:03:52 13312 ----a-w- c:\windows\system32\irclass.dll
2011-05-31 14:03:30 16535 ----a-r- c:\windows\SETB6.tmp
2011-05-31 14:03:27 1088840 ----a-r- c:\windows\SETAA.tmp
2011-05-31 14:03:26 1296669 ----a-r- c:\windows\SETA7.tmp
2011-05-31 12:39:35 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-05-31 09:19:40 -------- d-----w- C:\ads
2011-05-31 02:20:28 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-05-31 02:20:28 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-05-31 02:01:54 734438 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-05-31 02:01:16 16535 ----a-r- c:\windows\SET12E.tmp
2011-05-31 02:01:12 1088840 ----a-r- c:\windows\SET122.tmp
2011-05-31 02:01:11 1296669 ----a-r- c:\windows\SET11F.tmp
2011-05-30 21:44:41 65536 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\1881E2.tmp
2011-05-30 17:06:56 -------- d--h--w- C:\RECOVERY
2011-05-30 16:29:32 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-05-30 16:29:32 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-27 22:38:07 6962000 ---ha-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{18203369-1c4e-4e53-b6d7-cbd98ef75552}\mpengine.dll
2011-05-18 21:55:11 388096 ---ha-r- c:\documents and settings\scott\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-18 21:55:09 -------- d--h--w- c:\program files\Trend Micro
.
==================== Find3M ====================
.
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 21:01:38 95824 ---ha-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 21:01:38 9344 ---ha-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 21:01:38 88736 ---ha-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 21:01:38 84488 ---ha-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 21:01:38 84200 ---ha-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 21:01:38 56064 ---ha-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 21:01:38 52320 ---ha-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 21:01:38 387480 ---ha-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 21:01:38 314088 ---ha-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 21:01:38 153280 ---ha-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-03 19:44:27 0 ---ha-w- c:\windows\Ybacafesuj.bin
.
============= FINISH: 7:52:53.25 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-01.06)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/31/2011 7:19:40 AM
System Uptime: 6/2/2011 7:12:59 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0G679R
Processor: Intel Pentium III Xeon processor | Socket 775 | 2792/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 12.302 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 5/31/2011 8:15:54 AM - System Checkpoint
RP2: 5/31/2011 5:32:27 PM - Installed Windows Internet Explorer 8.
.
==== Installed Programs ======================
.
6300
6300_Help
6300Trb
7-Zip 4.57
Acrobat.com
ACT! 2000
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2
AiO_Scan_CDA
AiOSoftwareNPI
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
BlackBerry Desktop Software 4.1
BufferChm
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 2.2.3.258h
CutePDF Writer 2.8
Dell Resource CD
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
EZ-DUB
EZ-DUB Finder
Fax_CDA
ffdshow
Free File Recovery 1.1
GoToAssist 8.0.0.514
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 7.0
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Software Update
HP Solution Center 7.0
ImgBurn
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
Internet Explorer (Enable DEP)
iTunes
Java 2 Runtime Environment, SE v1.4.1_07
Java Auto Updater
Java(TM) 6 Update 18
K-Lite Codec Pack 4.7.5 (Standard)
LiveUpdate
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Fix it Center
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Windows XP Video Decoder Checkup Utility
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy_CDA
OGA Notifier 2.0.0048.0
PanoStandAlone
Platform
ProductContextNPI
QuickTime
Readme
Realtek High Definition Audio Driver
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows XP (KB923789)
SolutionCenter
Spell Checker For OE 2.1
Spybot - Search & Destroy
Status
SUPERAntiSpyware Free Edition
SyncBack
System Requirements Lab for Intel
Toolbox
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Platform Device Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.0
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Live OneCare safety scanner
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
.
==== End Of File ===========================

Step 5 Done

Step 6 & 7 Done

If possible as everyone says I would like to avoid a reformat if possible. I'm not great with computers but as you can see knowlegdeable enough to get myself in a very bad jam. Thanks in advance for any help. In desperate straits right now.

 

[Bobbye]

I will be glad to help with the malware. There are rogue malware programs on the system. These programs make it appear that programs and files are gone- they are not- they have been hidden. But we will run a program to 'unhide' them because changing the setting to 'show hidden files and folders' doesn't work for this.

It also appears that you have one of the rogue 'error fix' programs. This one will alert you to numerous "errors" on the system> they are false also and it's important that you don't act on them. Once you click on the button they say you need to in order to 'fix' the 'error', you get more malware

Be patient. Hopefully we will find and remove the malware entries and you will have everything back again!
==========================================
You need to remove all of these sites from the Trusted Zone. The security is lower in that zone and you have put the entire internet into it!
Open Internet Options either through Tools in IE or in the Control Panel> Select the Security tab> Click on Trusted Sites> Sites> highlight and remove all of these sites:

Trusted Zone: download.microsoft.com
Trusted Zone: internet
Trusted Zone: live.com\help
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com

NONE of these sites need to be in the Trusted Zone!
Click on Apply when through> OK
=====================================
Do not do a System Restore. Do not try to do updates. Do not run any programs except those I instruct you to. Be patient. Everything is still in the system. Follow my instructions and run programs in the order I give them. If you have a problem with a program- don't try to fix it>> let me know so I can guide you.
======================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
========================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.