Solved Browser redirect virus and McAfee being disabled

[bababoo]

Hi, I really appreciate if you can help me. I have the redirect virus when using IE, Fire fox just crashes and wont open. I have McAfee and it did detect and clean something a few weeks ago but since then I have had all sorts of trouble with the virus scanning closing down, or uninstalling itself. I have re-installed the software 3 times.

I run windows XP on a Dell Inspirion 6000

The requested logs will be attached below.

 

[bababoo]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7892

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/10/2011 7:58:24 PM
mbam-log-2011-10-07 (19-58-24).txt

Scan type: Quick scan
Objects scanned: 230900
Time elapsed: 41 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\cocacolais.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

 

[bababoo]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-07 21:06:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2060AH rev.006C
Running: l768vhir.exe; Driver: C:\DOCUME~1\KERRYA~1\LOCALS~1\Temp\fwldykod.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7325290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF73252A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF73252D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7325326]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF732527C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7325254]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7325268]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF73252BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF73252FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF73252E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7325350]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF732533C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7325310]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

 

[bababoo]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Kerry and Matt at 21:36:58 on 2011-10-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1023.490 [GMT 10.5:30]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell.com/ap/ap/en/gen/default.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111007073015.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\mskagent.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ieMouse.NET] rundll32.exe "c:\documents and settings\kerry and matt\local settings\application data\directmobilemon\ieMouse.NET.dll",nsCommsplugin appAuthenticationARM
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [FPCCSMiddleware] c:\program files\fisher-price\computer cool school\FPCCSMiddleware.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe"
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Logitech Desktop Messenger.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Smart Wizard Wireless Settings.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\VideoCam Suite 2.0.lnk.disabled
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: colesonline.com.au\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{12302F06-7DFF-4CC9-8A16-55EEA29E3178} : DhcpNameServer = 10.0.0.138
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kerry and matt\application data\mozilla\firefox\profiles\vcr1mlqh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-10-7 64048]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 461864]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-10-7 89624]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-10-7 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-7 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-7 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-7 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-10-7 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-7 166024]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-10-7 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-7 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-7 57432]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-7 180072]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-7 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-7 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-10-7 83688]
S1 M9207;LifeView M9207 USB Digital TV BOX;c:\windows\system32\drivers\M9207BDA.sys [2007-1-25 43264]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-21 135664]
S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;\??\d:\bpiksp50.sys --> d:\BPIKSp50.sys [?]
S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [2007-12-12 81152]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [2007-12-12 87040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-21 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-10-7 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-7 87808]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-3 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-3 40552]
.
=============== Created Last 30 ================
.
2011-10-07 08:43:40 -------- d-----w- c:\documents and settings\kerry and matt\application data\Malwarebytes
2011-10-07 08:43:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-07 08:43:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-07 08:43:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-06 21:04:08 -------- d-----w- c:\program files\McAfeeMOBK
2011-10-06 21:03:50 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-10-06 21:03:20 -------- d-----w- c:\program files\McAfee Online Backup
2011-10-06 21:02:48 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2011-10-06 21:00:16 28504 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2011-10-06 21:00:13 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-06 20:59:54 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-06 20:59:54 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-06 20:59:54 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-06 20:59:54 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-06 20:59:54 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-06 20:59:54 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-06 20:59:54 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-06 20:59:45 -------- d-----w- c:\program files\common files\Mcafee
2011-10-06 20:58:06 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-04 06:52:00 -------- d-----w- c:\program files\Citrix
2011-09-19 09:43:14 -------- d-----w- c:\documents and settings\kerry and matt\local settings\application data\McAfee Anti-Theft
2011-09-19 07:45:04 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-19 07:43:21 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-11 10:13:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-09-11 10:13:28 713016 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2011-09-11 10:13:15 19416 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2011-09-11 10:13:15 15494104 ----a-w- c:\program files\mozilla firefox\xul.dll
2011-09-11 10:13:14 269272 ----a-w- c:\program files\mozilla firefox\updater.exe
2011-09-11 10:13:13 142296 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2011-09-11 10:13:12 166872 ----a-w- c:\program files\mozilla firefox\softokn3.dll
.
==================== Find3M ====================
.
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-14 23:30:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-14 23:30:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-11-23 11:48:19 317248 ----a-w- c:\program files\dxwebsetup.exe
.
============= FINISH: 21:40:20.82 ===============

 

[bababoo]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 13/05/2005 9:09:16 PM
System Uptime: 7/10/2011 8:01:20 PM (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 5.631 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Default Monitor
Device ID: DISPLAY\DEFAULT_MONITOR\5&2203AF2D&0&00000110&01&00
Manufacturer: (Standard monitor types)
Name: Default Monitor
PNP Device ID: DISPLAY\DEFAULT_MONITOR\5&2203AF2D&0&00000110&01&00
Service:
.
Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Default Monitor
Device ID: DISPLAY\DEFAULT_MONITOR\5&2203AF2D&0&00000200&01&00
Manufacturer: (Standard monitor types)
Name: Default Monitor
PNP Device ID: DISPLAY\DEFAULT_MONITOR\5&2203AF2D&0&00000200&01&00
Service:
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: 6720c-1b
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia E71
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia E71
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1: 26/09/2011 8:54:49 PM - System Checkpoint
RP2: 27/09/2011 8:59:20 PM - System Checkpoint
RP3: 29/09/2011 12:26:30 PM - System Checkpoint
RP4: 30/09/2011 1:18:32 PM - System Checkpoint
RP5: 4/10/2011 5:21:54 PM - Installed Citrix Presentation Server Client
.
==== Installed Programs ======================
.
.
"Nero SoundTrax Help
ABBYY FineReader 5.0 Sprint Plus
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player 11.5
Advertising Center
ALPS Touch Pad Driver
AOL Australia
AOL|7 Broadband Demo
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avanquest update
BigPond Broadband ADSL
BigPond Broadband ADSL FAQ
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs 2
Business Contact Manager for Outlook 2003
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Canon MP640 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CD-LabelPrint
Citrix Presentation Server Client
Conexant D110 MDC V.9x Modem
Dell Driver Download Manager
Dell Media Experience
Dell Media Experience Update
Dell Photo AIO Printer 922
Digital Line Detect
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DNTV Live! 1.2.7
DNTV Live! Decoders
DolbyFiles
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Fisher-Price Computer Cool School
Fisher-Price Dora and Diego's Classroom
G5a922EN
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImagXpress
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
LaCie Backup Software v1.5.2215
LifeView MVP
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Online Backup
McAfee Shredder
McAfee Total Protection
mCore
mDrWiFi
Menu Templates - Starter Kit
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Motorola Driver Installation
Motorola Phone Tools
Movie Templates - Starter Kit
Mozilla Firefox 6.0.2 (x86 en-GB)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mToolkit
mWlsSafe
mXML
mZConfig
Nero 9 Trial
Nero Burning ROM Help
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NETGEAR WG111 Software
NetWaiting
Nikon Message Center
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Music
Nokia Ovi Application Installer
Nokia Ovi Application Installer 6.85.3011
Nokia Ovi Content Copier
Nokia Ovi Content Copier 6.85.3011
Nokia Ovi One Touch Access
Nokia Ovi One Touch Access 6.85.3011
Nokia Ovi Suite
Nokia Ovi System Utilities
Nokia Ovi System Utilities 6.85.3016
Nokia PC Suite
Nokia Photos
Nokia Software Updater
Number Run
PC Connectivity Solution
PictureProject
PowerDVD 5.3
QuickSet
QuickTime
RealPlayer
Remote Control USB Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SoundTrax
Spybot - Search & Destroy
Telstra Turbo Card Manager
Telstra Turbo Modem Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB PC Camera
VC80CRTRedist - 8.0.50727.4053
VideoCam Suite 2.0
VideoReDo/Plus Version 2.5.6.512
Viewpoint Media Player (Remove Only)
VoiceOver Kit
WebFldrs XP
Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131)
Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
7/10/2011 8:02:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
7/10/2011 6:54:42 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
6/10/2011 9:37:18 PM, error: Service Control Manager [7000] - The MOBCleanup service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

 

[bababoo]

I do also have some external drives that have been connected since this problem began, but they are currently disconnected, because I dont want to loose that data.

Let me know the next steps

Thanks

 

[Bobbye]

Welcome to TechSpot! I'll be glad to help you!

Something has disabled the security center, so we will try to find that. Before starting that, you have 2 very outdated programs running and they are vulnerabilities to the system:

1. Update Adobe: Visit this Adobe Reader site Current version is V10. Uninstall any earlier updates as they are vulnerabilities.
2. Update Java: Check this site .Java Updates Please get v6u27.Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
====================================
You will have malware in the Java cache due to the outdated program:
To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
=======================================
Please go on to Download Combofix> Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
===================================
Then run this online virus scan:

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

Please post the entire log with heading resembling this:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
====================================
Please read and follow My Guidelines: :

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[bababoo]

I have uninstalled and re-installed the current versions of Java and Adobe.

I installed Combofix, but it ran before I could disable McAfee.

It kept coming up with an error in a dialog box

Windows cannot find NIRCMD

And

Windows cannot find NIRKMD

In the blue screen it kept coming up with NIRKMD not reconised as an internal or external command or NIRCMDC not reconised as internal or external command.

Below is the log, I have not run the Eset scan yet, do you want me to re-run combofix?

ComboFix 11-10-07.04 - Kerry and Matt 08/10/2011 8:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1023.521 [GMT 10.5:30]
Running from: c:\documents and settings\Kerry and Matt\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kerry and Matt\Application Data\Local
c:\documents and settings\Kerry and Matt\Local Settings\Application Data\DirectMobilemon\ieMouse.NET.dll
c:\documents and settings\Kerry and Matt\WINDOWS
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\dasetup.log
c:\windows\system32\CddbCdda.dll
c:\windows\system32\comct332.ocx
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-07 to 2011-10-07 )))))))))))))))))))))))))))))))
.
.
2011-10-07 21:45 . 2011-10-07 21:45 -------- d-----w- c:\program files\Common Files\Java
2011-10-07 21:44 . 2011-10-07 21:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-07 21:44 . 2011-10-07 21:43 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-07 21:44 . 2011-10-07 21:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-07 21:33 . 2011-10-07 21:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-07 08:43 . 2011-10-07 08:43 -------- d-----w- c:\documents and settings\Kerry and Matt\Application Data\Malwarebytes
2011-10-07 08:43 . 2011-10-07 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-07 08:43 . 2011-08-31 06:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-07 08:43 . 2011-10-07 08:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-06 21:04 . 2011-10-06 21:04 -------- d-----w- c:\program files\McAfeeMOBK
2011-10-06 21:03 . 2010-04-13 09:40 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-10-06 21:03 . 2011-10-06 21:03 -------- d-----w- c:\program files\McAfee Online Backup
2011-10-06 21:02 . 2011-04-11 03:59 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2011-10-06 21:00 . 2011-08-19 05:26 28504 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2011-10-06 21:00 . 2011-08-14 23:30 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-06 20:59 . 2011-08-14 23:30 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-06 20:59 . 2011-08-14 23:30 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-06 20:59 . 2011-08-14 23:30 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-06 20:59 . 2011-08-14 23:30 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-06 20:59 . 2011-08-14 23:30 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-06 20:59 . 2011-08-14 23:30 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-06 20:59 . 2011-08-14 23:30 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-06 20:59 . 2011-10-06 21:01 -------- d-----w- c:\program files\Common Files\Mcafee
2011-10-06 20:58 . 2011-08-19 05:29 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-04 06:52 . 2011-10-04 06:52 -------- d-----w- c:\program files\Citrix
2011-09-26 07:47 . 2011-09-26 07:50 -------- d-----w- c:\documents and settings\Administrator
2011-09-19 09:43 . 2011-09-19 09:43 -------- d-----w- c:\documents and settings\Kerry and Matt\Local Settings\Application Data\McAfee Anti-Theft
2011-09-19 07:45 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-19 07:43 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-11 10:13 . 2011-09-03 06:18 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-11 10:13 . 2011-09-03 06:18 713016 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-09-11 10:13 . 2011-09-03 06:18 19416 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2011-09-11 10:13 . 2011-09-03 06:18 15494104 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2011-09-11 10:13 . 2011-09-03 06:18 269272 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2011-09-11 10:13 . 2011-09-03 06:18 142296 ----a-w- c:\program files\Mozilla Firefox\ssl3.dll
2011-09-11 10:13 . 2011-09-03 06:18 166872 ----a-w- c:\program files\Mozilla Firefox\softokn3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-10 04:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-14 23:30 . 2011-03-13 00:50 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-14 23:30 . 2011-03-13 00:50 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-07-15 13:29 . 2004-08-10 04:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-11-23 11:48 . 2006-11-23 11:48 317248 ----a-w- c:\program files\dxwebsetup.exe
2011-09-03 06:18 . 2011-09-11 10:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 09:41 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 09:41 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 09:41 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-03-06 536184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk.disabled [2009-4-11 2072]
Smart Wizard Wireless Settings.lnk.disabled [2005-5-31 1659]
VideoCam Suite 2.0.lnk.disabled [2011-3-21 1655]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
"Windows Update"=c:\docume~1\KERRYA~1\LOCALS~1\Temp\amb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"DTVRemote"="c:\program files\LifeView MVP\RemoteControl.exe"
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"IJNetworkScanUtility"=c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"snpstd"=c:\windows\vsnpstd.exe
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"Windows Services"=amb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LifeView MVP\\LIFEVIEWMVP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
R1 M9207;LifeView M9207 USB Digital TV BOX;c:\windows\system32\DRIVERS\M9207BDA.sys [2006-03-30 43264]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 135664]
R3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;D:\BPIKSp50.sys [x]
R3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\DRIVERS\cmusbnet.sys [2006-11-23 81152]
R3 cmusbser;%CMUSBSER%;c:\windows\system32\DRIVERS\cmusbser.sys [2006-12-13 87040]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2011-08-14 83688]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-08-14 87808]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 64048]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-08-14 89624]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 54776]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 160344]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-08-19 148520]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-08-14 57432]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-08-14 338040]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2011-08-14 83688]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:04]
.
2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 05:32]
.
2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 05:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: colesonline.com.au\www
TCP: DhcpNameServer = 10.0.0.138
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Kerry and Matt\Application Data\Mozilla\Firefox\Profiles\vcr1mlqh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-MSKAGENTEXE - c:\progra~1\mcafee\SPAMKI~1\mskagent.exe
HKCU-Run-ieMouse.NET - c:\documents and settings\Kerry and Matt\Local Settings\Application Data\DirectMobilemon\ieMouse.NET.dll
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-08 09:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1556)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-10-08 09:27:08
ComboFix-quarantined-files.txt 2011-10-07 22:56
.
Pre-Run: 5,282,209,792 bytes free
Post-Run: 6,833,889,280 bytes free
.
- - End Of File - - A751B6BC57BAD8A174D580DFF465C469

 

[bababoo]

Hi, I have noticed that at startup today the McAfee says the licence has expired, and therfore not current. I will contact them to see if it is an issue with their subscription. However I will not download anything until I hear a reponse from you so that we dont have to start again

thanks for your help, it is very much appreciated

 

[Bobbye]

Okay, McAfee should still be running, but you won't be able to update it. If you would like to put a free AV on the system now, choose either of the following:
Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=====================================
Did you intentionally disconnect from the internet before you ran Combofix or did you refuse the Recovery Console?

Note: Do you realize that you are almost out of hard drive space?
56 GiB total, 5.631 GiB free.
We are encouraged to keep the systems as close to 80% free as possible: you have only 10% free. It's time to consider either removing or moving as much as you can in Add/Remove Programs in the Control Panel and/or getting an external hard drive.

You may want to drop McAfee and use one of the free AV and a free firewall. The standalone programs are not as resource-intensive as the suites like McAfee> that one puts a lot of processes on the system and it a 'large' program.
=====================================
The NRCmd error is not unusual here. It is a process used in Combofix. It was most likely caused by a conflict with your security, but it appears that Combofix has run okay.
====================================
I noticed these in the DDS log:
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Logitech Desktop Messenger.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Smart Wizard Wireless Settings.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\VideoCam Suite 2.0.lnk.disabled
Why don't you just remove these from the Startup Menu instead of loading the 'disabled' shortcut?
======================================
I'm going to check the Combofix log now, but wanted to get the AV info out in case you are online.
==================================

 

[Bobbye]

Before I give you the script to run through Combofix, please tell me about the 3 startup processes I asked about. There are some related entries in Combofix.

Do you just not want them to start on boot? Did you find related Services for them that you Disabled?
====================================
The system is infected by the W32/Sdbot.worm! McAfee should have caught it. Here is a removal:
W32/Sdbot disinfection instructions- F-SdBot

Download F-SdBot and save to your desktop.

• Unpack the F-SdBot utility from the provided ZIP archive
• Run the unpacked F-SdBot.exe either of the following ways:
  [o] Doubleclick on F-SdBot from Windows explorer.
  [o] Or you can start it from a command prompt: Click on Start> Run> type in F-SdBot> Enter.

Action:

• First the F-SdBot utility will kill SdBot backdoor's processes in memory.
• Then the utility will remove Registry entries created by the backdoor.
• Finally the utility will scan all hard drives for infected files and delete them.
• Reboot the computer.

==========================================
The main problem with bots is that they install a Backdoor on the system. Although we my remove all of the entries seen, it is possible the Backdoor can remain or that the system has already been compromised.
=========================================
After you run the removal I'd like for you to go ahead with the online Eset virus scan.
============================================
You will need to disinfect any removable drive that has been connected. The protection shouldn't remove the [good] files on it unless they have been infected also..

 

[bababoo]

I am sorry my reply is long, I am trying to keep things as concise as possible, but give you all the info you need. Thanks for your patience with this, I try to keep on top of it all, but technology has started moving too fast for me to keep up these days.

Okay, McAfee should still be running, but you won't be able to update it. If you would like to put a free AV on the system now, choose either of the following:
Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version

My anti virus - I have used McAfee for many years on this laptop (since it was new) I renewed the 12 month licence about 2 weeks ago. Despite slowing down the system, I like having everything in one program, and I hoped I didnt need to worry about it. Pay the money and it keeps me safe I also run Spybot S&D about once a month. As it is saying it has expired, I cannot get to the options to disable it. Should I just uninstall it, put on one of the free ones for now, and when things are clean go back to McAfee?

Did you intentionally disconnect from the internet before you ran Combofix or did you refuse the Recovery Console?

I did not disconnect from the internet, and allowed access when McAfee tried to block it.

Note: Do you realize that you are almost out of hard drive space?
56 GiB total, 5.631 GiB free.
We are encouraged to keep the systems as close to 80% free as possible: you have only 10% free. It's time to consider either removing or moving as much as you can in Add/Remove Programs in the Control Panel and/or getting an external hard drive.

Hard Drives: Due to the limited pace on the internal drive, I have 4 external hard drives that are primarily used for back ups, 3 are essentially mirror images of all my data files, photos etc..... When the internal drive starts to get full I migrate the files accross to these. The 4th one is smaller and has iTunes music, or recorded TV programs.

I have bought a new laptop with larger internal dive, but not done anything with it until I fix up my existing one that we are working on. I have only connected it to the router and internet, and worry I may have infected it already. I have printed some advise you gave to others in setting up a new PC (settings etc) but lets not confuse things.

I noticed these in the DDS log:
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Logitech Desktop Messenger.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Smart Wizard Wireless Settings.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\VideoCam Suite 2.0.lnk.disabled
Why don't you just remove these from the Startup Menu instead of loading the 'disabled' shortcut?

Do you just not want them to start on boot? Did you find related Services for them that you Disabled?

This was my attempt to speed things up at startup. I could not find them in the startup menu, and now I think about it they are probably hidden files . anyway, I disabled them using Spybot, to check they didnt cause any instability. I do use the programs occasionally.

I really want to clean up this laptop as there is alot of "Junk" on it. I am happy to un-install anything as I have all the disks to re-install if i need to use the programs later.

The main problem with bots is that they install a Backdoor on the system. Although we my remove all of the entries seen, it is possible the Backdoor can remain or that the system has already been compromised.

Does it infect the router or just the PC? Can you ensure it is gone by reformating?

Can you tell how long it has been on the system? My backup drives have not been connected for months, but would still like to check them. When things started playing up I stopped logging into anything, and changed all my bank account, ebay etc.. passwords, through my work's system. My wife kept using facebook, even though I told her not to, and her account was accessed over the weekend, lesson learned for her.

I will run the items suggested and let you know what happens

Thankyou

 

[bababoo]

The system is infected by the W32/Sdbot.worm! McAfee should have caught it. Here is a removal:
W32/Sdbot disinfection instructions- F-SdBot

This scan found no threats

Below is the .TXT file from ESET scan, it found 1 threat. There was only 1 line in the log:

C:\Documents and Settings\Kerry and Matt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfgn.class-4fb4df33-59ef83b0.class probably a variant of Java/TrojanDownloader.OpenStream trojan

 

[Bobbye]

You have this temp file in the docs linked with "Windows Update:
amb.exe

For one: It is called a >>
Mail Bomber: Software that will flood a victim's inbox with hundreds or thousands of pieces of mail. Such mail generally does not correctly reveal its source.

It's listed as loading from the Registry as "Windows Servics"=amb.exe. this is the W32/Sdbot.worm!

 

[bababoo]

I will run the scans again

 

[Bobbye]

We're crossing paths here. I just noticed this comment"

I also run Spybot S&D about once a month. As it is saying it has expired, I cannot get to the options to disable it. Should I just uninstall it, put on one of the free ones for now, and when things are clean go back to McAfee?

Spyware Search & Destroy antimalware program, is a free program.There is a bootable S&D that cost $$, but that is separate from the basic malware program. There are some programs that mock the name of 'Spybot' and doing a search using just that name will bring up those sites. Did you get your program from HERE?
===========================================
Let's do the following:
1. Disinfect all of the removable drives:

When the internal drive starts to get full I migrate the files accross to these

I can't pin point when the system first got malware, so since you are moving files to external driver, those drives could have also become infected. It's best to go ahead with this:

Please disinfect all movable drives

1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
   Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
4. Wait until it has finished scanning and then exit the program.
5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
2. If not done yet, please update Java to v6u27: Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download.
=======================================
The entry that was found by Eset is in the Java cache. This happens frequently when the Java is out of date, so the cache needs to be cleared as follows:
3. To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
=================================
4. Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
DDS::
uStart Page = about:blank
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Logitech Desktop Messenger.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Smart Wizard Wireless Settings.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\VideoCam Suite 2.0.lnk.disabled
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Services"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Windows Update"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Services"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================

 

[bababoo]

Spybot I downloaded many years ago uing a URL listed in a PC magazine. Have just done updates ever since.

I ran the flash drive scanner, nothing found

Java is updated and cache is deleted

combo fix log below

ComboFix 11-10-14.02 - Kerry and Matt 14/10/2011 15:43:10.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1023.576 [GMT 10.5:30]
Running from: c:\documents and settings\Kerry and Matt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kerry and Matt\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\autorun.inf
F:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))
.
.
2011-10-14 05:03 . 2011-10-14 05:03 -------- d-sh--w- c:\documents and settings\Kerry and Matt\UserData
2011-10-13 11:16 . 2011-10-13 11:16 -------- d-----w- c:\program files\McAfeeMOBK
2011-10-13 11:16 . 2010-04-13 09:40 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-10-13 11:15 . 2011-10-13 11:16 -------- d-----w- c:\program files\McAfee Online Backup
2011-10-13 11:15 . 2011-04-11 03:59 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2011-10-13 11:11 . 2011-10-06 06:12 28504 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2011-10-13 11:11 . 2011-08-14 23:30 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-13 11:11 . 2011-08-14 23:30 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-13 11:11 . 2011-08-14 23:30 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-13 11:11 . 2011-08-14 23:30 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-13 11:11 . 2011-08-14 23:30 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-13 11:11 . 2011-08-14 23:30 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-13 11:11 . 2011-08-14 23:30 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-13 11:11 . 2011-08-14 23:30 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-13 11:11 . 2011-10-13 11:12 -------- d-----w- c:\program files\Common Files\Mcafee
2011-10-13 10:55 . 2011-10-06 06:14 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-11 11:00 . 2011-10-11 11:00 -------- d-----w- c:\program files\ESET
2011-10-07 21:45 . 2011-10-07 21:45 -------- d-----w- c:\program files\Common Files\Java
2011-10-07 21:44 . 2011-10-07 21:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-07 21:44 . 2011-10-07 21:43 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-07 21:44 . 2011-10-07 21:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-07 21:33 . 2011-10-07 21:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-07 08:43 . 2011-10-07 08:43 -------- d-----w- c:\documents and settings\Kerry and Matt\Application Data\Malwarebytes
2011-10-07 08:43 . 2011-10-07 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-07 08:43 . 2011-08-31 06:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-07 08:43 . 2011-10-07 08:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 06:52 . 2011-10-04 06:52 -------- d-----w- c:\program files\Citrix
2011-09-26 07:47 . 2011-09-26 07:50 -------- d-----w- c:\documents and settings\Administrator
2011-09-19 09:43 . 2011-09-19 09:43 -------- d-----w- c:\documents and settings\Kerry and Matt\Local Settings\Application Data\McAfee Anti-Theft
2011-09-19 07:45 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-19 07:43 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-10 04:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-14 23:30 . 2011-03-13 00:50 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-14 23:30 . 2011-03-13 00:50 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2006-11-23 11:48 . 2006-11-23 11:48 317248 ----a-w- c:\program files\dxwebsetup.exe
2011-09-03 06:18 . 2011-09-11 10:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 09:41 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 09:41 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 09:41 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-03-06 536184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk.disabled [2009-4-11 2072]
Smart Wizard Wireless Settings.lnk.disabled [2005-5-31 1659]
VideoCam Suite 2.0.lnk.disabled [2011-3-21 1655]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"DTVRemote"="c:\program files\LifeView MVP\RemoteControl.exe"
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"IJNetworkScanUtility"=c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"snpstd"=c:\windows\vsnpstd.exe
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LifeView MVP\\LIFEVIEWMVP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [13/10/2011 9:45 PM 64048]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [13/10/2011 9:41 PM 89624]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [13/10/2011 9:46 PM 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [13/10/2011 9:41 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [13/10/2011 9:41 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [13/10/2011 9:41 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [13/10/2011 9:42 PM 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [13/10/2011 9:25 PM 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [13/04/2010 8:11 PM 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [13/10/2011 9:41 PM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [13/10/2011 9:41 PM 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [13/10/2011 9:41 PM 83688]
S1 M9207;LifeView M9207 USB Digital TV BOX;c:\windows\system32\drivers\M9207BDA.sys [25/01/2007 10:54 PM 43264]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/06/2010 4:02 PM 135664]
S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;\??\d:\bpiksp50.sys --> d:\BPIKSp50.sys [?]
S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [12/12/2007 1:18 PM 81152]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [12/12/2007 1:18 PM 87040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21/06/2010 4:02 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [13/10/2011 9:41 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [13/10/2011 9:41 PM 87808]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:04]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 05:32]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 05:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: colesonline.com.au\www
TCP: DhcpNameServer = 10.0.0.138
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Kerry and Matt\Application Data\Mozilla\Firefox\Profiles\vcr1mlqh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-14 15:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1572)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-10-14 16:00:47
ComboFix-quarantined-files.txt 2011-10-14 05:30
ComboFix2.txt 2011-10-07 22:57
.
Pre-Run: 7,645,872,128 bytes free
Post-Run: 7,788,720,128 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1113A5B0AB40F02695AA50FED45298B7

 

[Bobbye]

These 2 deletions in Combofix indicated infected drives:
E:\autorun.inf
F:\autorun.inf
These are the only 'drives' showing in the DDS log:
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 5.631 GiB free.
D: is CDROM ()
=====================================================
Has the redirect been resolved> Is McAfee running?

.

 

[bababoo]

McAfee seems to be running ok, I re-installed it prior to running combo fix, and it has started up every time the computer has been turned on.

I thought the redirect had been fixed, but the other night the internet all went really slow, and one site redirected from the google search. I got fed up with the delays and, just turned it off.

It seems that IE has been reset to default settings after combo fix.

 

[bababoo]

The other thing, 2 of the external drives didnt work. One seems to have a powerpack problem, which according to my searches is very comon for this model Lace hard drive.

The other (Maxtor) was not reconignised by windows, and and error came up to say there was a problem connecting to it.

 

[Bobbye]

You can use the Edit feature to add a sentence or two. I get email feedback for each reply.

Does this refer to the two drives below?

2 of the external drives didnt work. One seems to have a powerpack problem, which according to my searches is very comon for this model Lace hard drive.

E:\autorun.inf
F:\autorun.inf

They must have been 'working' if they got infected.

What drive is this?

The other (Maxtor) was not reconignised by windows, and and error came up to say there was a problem connecting to it.

Regarding this:

It seems that IE has been reset to default settings after combo fix.

From Combofix Directions:
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

but the other night the internet all went really slow, and one site redirected from the google search. I got fed up with the delays and, just turned it off.

One site One time. Which browser? Describe the 'redirect.' The 'slow' sounds like it's related to the ISP or connection problem. It can also indicate you don't have enough RAM.

 

[bababoo]

Thankyou for your help, it is much appreciated, sorry if I have not been clear in my comments, hopefully we are near the end of this.

E:\autorun.inf
F:\autorun.inf

They must have been 'working' if they got infected.

These 2 were working ok. would they be clean now?

What drive is this?
Quote:
The other (Maxtor) was not reconignised by windows, and and error came up to say there was a problem connecting to it.

Not one of those 2 that were infected, it didnt connect so could not be scanned.

I was using IE, as firefox wont load.

The redirect was a google search, for a classifieds website called Gumtree. Went to some other classifieds site in the UK, I back arrowed and re-selected Gumtree and it connected OK.

Once this computer is clean I will start using my new one which may be a bit faster (AMD A8 with 8 gig RAM), and I can move my files accross.

 

[Bobbye]

About the external drives: you mentioned that you have had them connected while you had this problem. But the you mentioned you hadn't connected them for months. The 2 deletions in Combofox suggest that those 2 drives may be infected.

I recommend tht you disinfect all movable drives to be on the safe side.
================================
About security and Combofix: Instructions are to disable the security when you run the Combofix scan. McAfee is know to cause a problem with these scans when running. You do not need to disconnect from the internet yourself. Conbofix needs the connection to check for the Recovery Console. It will disconnect itself during the scan.
================================
What happens when you try to run Firefox? When you say 'it won't load', do you mean when you try to launch it nothing happens? Error message?
================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\docume~1\KERRYA~1\LOCALS~1\Temp\amb.exe
D:\BPIKSp50.sys
DDS::
uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
mRun: [<NO NAME>] 
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Logitech Desktop Messenger.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Smart Wizard Wireless Settings.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\VideoCam Suite 2.0.lnk.disabled
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Services"=-
[HKEY_LOCAL_MACHINE\software\microsoft\securitycenter\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\securitycenter\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Windows Update"=-
Driver::
BPIKSp50

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
==============================================
Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

To remove entries from the Startup Menu using the msconfig utility:

• Click on Start> Run> type in msconfig> enter>
  
  
• Click on Selective Startup
• Choose the Startup tab:
  
  
  
  All images courtesy NetSquirrel
• To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
• Uncheck any processes you do not need to start on boot.Uncheck process for following:
  [o]Logitech Desktop Messenger
  [o]Smart Wizard Wireless Settings.
  [o]VideoCam Suite 2.0.
• Click on Apply> OK when finished.

NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
----
Click on Start> Run> type in services.msc> enter> check for Services related to any of the following:
[o]Logitech Desktop Messenger
[o]Smart Wizard Wireless Settings.
[o]VideoCam Suite 2.0.
If found> double click to open each> Change Startup Type to Manual for each> Exit when through.

 

[bababoo]

I was able to connect another of my external drives, it was a faulty USB cable. This was connected as H: and combo fix found Autorun.inf on it, so that means My system has been infected for at least 6 months because I havent used this drive for that long. I had 3 external drives connected during the scan.

Firefox loaded but wanted to update. I did not update at this time.

I noticed that amb.exe came up again, which you said was a email spam bomber. I have noticed spam to have disapeared, particually the cheap Viagra. Is there a reason McAfee and spybot S&D wouldnt pick this up?

I ran msconfig after the scan and removed those settings, does Java and Adobe need to be in startup?

There was no services relating to the entries that I removed.

I have disabled McAfee to run combofix. Log below

ComboFix 11-10-19.03 - Kerry and Matt 19/10/2011 21:52:50.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1023.579 [GMT 10.5:30]
Running from: c:\documents and settings\Kerry and Matt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kerry and Matt\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\docume~1\KERRYA~1\LOCALS~1\Temp\amb.exe"
"D:\BPIKSp50.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
H:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BPIKSP50
-------\Service_BPIKSp50
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 11:16 . 2011-10-19 11:16 -------- d-sh--w- c:\documents and settings\Kerry and Matt\UserData
2011-10-13 11:16 . 2011-10-13 11:16 -------- d-----w- c:\program files\McAfeeMOBK
2011-10-13 11:16 . 2010-04-13 09:40 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-10-13 11:15 . 2011-10-13 11:16 -------- d-----w- c:\program files\McAfee Online Backup
2011-10-13 11:15 . 2011-04-11 03:59 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2011-10-13 11:11 . 2011-10-06 06:12 28504 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll
2011-10-13 11:11 . 2011-08-14 23:30 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-13 11:11 . 2011-08-14 23:30 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-13 11:11 . 2011-08-14 23:30 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-13 11:11 . 2011-08-14 23:30 83688 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-13 11:11 . 2011-08-14 23:30 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-13 11:11 . 2011-08-14 23:30 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-13 11:11 . 2011-08-14 23:30 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-13 11:11 . 2011-08-14 23:30 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-13 11:11 . 2011-10-13 11:12 -------- d-----w- c:\program files\Common Files\Mcafee
2011-10-13 10:55 . 2011-10-06 06:14 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-11 11:00 . 2011-10-11 11:00 -------- d-----w- c:\program files\ESET
2011-10-07 21:45 . 2011-10-07 21:45 -------- d-----w- c:\program files\Common Files\Java
2011-10-07 21:44 . 2011-10-07 21:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-07 21:44 . 2011-10-07 21:43 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-07 21:44 . 2011-10-07 21:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-07 21:33 . 2011-10-07 21:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-07 08:43 . 2011-10-07 08:43 -------- d-----w- c:\documents and settings\Kerry and Matt\Application Data\Malwarebytes
2011-10-07 08:43 . 2011-10-07 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-07 08:43 . 2011-08-31 06:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-07 08:43 . 2011-10-07 08:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-04 06:52 . 2011-10-04 06:52 -------- d-----w- c:\program files\Citrix
2011-09-26 07:47 . 2011-09-26 07:50 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2004-08-10 04:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-14 23:30 . 2011-03-13 00:50 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-14 23:30 . 2011-03-13 00:50 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2006-11-23 11:48 . 2006-11-23 11:48 317248 ----a-w- c:\program files\dxwebsetup.exe
2011-09-03 06:18 . 2011-09-11 10:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-14_05.26.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-19 11:38 . 2011-10-19 11:38 16384 c:\windows\Temp\Perflib_Perfdata_548.dat
+ 2011-10-19 11:38 . 2011-10-19 11:38 16384 c:\windows\Temp\Perflib_Perfdata_4e4.dat
+ 2011-10-19 11:38 . 2011-10-19 11:38 16384 c:\windows\Temp\Perflib_Perfdata_438.dat
+ 2011-10-19 10:21 . 2011-10-19 10:21 16384 c:\windows\Temp\Perflib_Perfdata_208.dat
+ 2005-05-13 11:28 . 2011-10-15 06:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-05-13 11:28 . 2011-10-14 01:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-05-13 11:28 . 2011-10-14 01:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-05-13 11:28 . 2011-10-15 06:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-04-01 04:21 . 2011-10-14 01:30 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-04-01 04:21 . 2011-10-15 06:47 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-10-07 23:20 . 2011-10-14 01:30 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-10-14 06:10 . 2011-10-15 06:47 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 09:41 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 09:41 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 09:41 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-21 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-03-06 536184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk.disabled [2009-4-11 2072]
Smart Wizard Wireless Settings.lnk.disabled [2005-5-31 1659]
VideoCam Suite 2.0.lnk.disabled [2011-3-21 1655]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" start
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"DTVRemote"="c:\program files\LifeView MVP\RemoteControl.exe"
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"IJNetworkScanUtility"=c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"snpstd"=c:\windows\vsnpstd.exe
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LifeView MVP\\LIFEVIEWMVP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [13/10/2011 9:45 PM 64048]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [13/10/2011 9:41 PM 89624]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [13/10/2011 9:46 PM 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [13/10/2011 9:41 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [13/10/2011 9:41 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [13/10/2011 9:41 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [13/10/2011 9:42 PM 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [13/10/2011 9:25 PM 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [13/04/2010 8:11 PM 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [13/10/2011 9:41 PM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [13/10/2011 9:41 PM 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [13/10/2011 9:41 PM 83688]
S1 M9207;LifeView M9207 USB Digital TV BOX;c:\windows\system32\drivers\M9207BDA.sys [25/01/2007 10:54 PM 43264]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/06/2010 4:02 PM 135664]
S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [12/12/2007 1:18 PM 81152]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [12/12/2007 1:18 PM 87040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21/06/2010 4:02 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [13/10/2011 9:41 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [13/10/2011 9:41 PM 87808]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:04]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 05:32]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 05:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: colesonline.com.au\www
TCP: DhcpNameServer = 10.0.0.138
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Kerry and Matt\Application Data\Mozilla\Firefox\Profiles\vcr1mlqh.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-19 22:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1568)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(820)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\vssvc.exe
c:\program files\Apoint\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-10-19 22:21:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-19 11:51
ComboFix2.txt 2011-10-14 05:30
ComboFix3.txt 2011-10-07 22:57
.
Pre-Run: 7,653,560,320 bytes free
Post-Run: 7,492,468,736 bytes free
.
- - End Of File - - 4FA27C9DC46B264F81194E49D92E5D8D

 

[Bobbye]

Sorry for delay:

No, neither Java nor the Adobe Reader need to be on Startup. Both also have auto-updates which I discourage. You have the JavaQuickStart Service (jqs) running. I suggest disabling the Service and Stop it.

I don't know why some security misses some entries. could be the way they are configured, could be from a file attachment you opened from email. And it could be because the malware writers are pretty good at disguising the bad stuff!

Security needs to be layered to work best: Antivirus, Firewall, 2 or more antimalware programs> those that keep out and those that find.
=================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
Folder::
c:\documents and settings\Kerry and Matt\UserData
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
========================================
Let's run HijackThis and I can have you check the processes to stop and use as a guide:
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Edit: H:\autorun.inf>> this drive needs to be disinfected.