Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 33

Thread: Click.Giftload, Virtumonde and Antivirus Antispyware OH MY...

  1. #11
    Junior Member
    Join Date
    Mar 2011
    Location
    California
    Posts
    19

    Default

    UGH!! In safe mode...

    It still says
    ---------------------------
    Warning !!
    ---------------------------
    ComboFix has detected the following real time scanner(s) to be active:



    antivirus: McAfee VirusScan

    antivirus: Microsoft Security Essentials



    Antivirus and intrusion prevention programs are known to interfere

    with ComboFix's running. This may lead to unpredictable results or

    possible machine damage.



    Please disable these scanners before clicking 'OK'.
    ---------------------------
    OK
    ---------------------------

  2. #12
    Junior Member
    Join Date
    Mar 2011
    Location
    California
    Posts
    19

    Default

    ok...update...

    in Safe mode I finally got MSE to open and I have the real time protection turned off...however I cannot find ANYthing that I can shut down McAfee. Should I go into add & remove programs to try and find it that way?

  3. #13
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Read this link
    http://www.bleepingcomputer.com/forums/topic114351.html

    Then proceed with CF
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #14
    Junior Member
    Join Date
    Mar 2011
    Location
    California
    Posts
    19

    Default

    I have actually read it a few times...I have done searches for McAfee ANYTHING and it comes up with nothing.

    I am still unable to locate anything that indicates any sort of McAfee installed on my computer. There is no 'M' in my system tray, no McAfee in my Program Files and nothing on the Installed Programs. It is very frustrating.

  5. #15
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Just go ahead and run CF in Safemode
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #16
    Junior Member
    Join Date
    Mar 2011
    Location
    California
    Posts
    19

    Default

    ok...I found...not sure how...McAfee Spamkiller, but on the Bleepingcomputer link there is nothing that I have found in those forums on how to disable it thus far...

  7. #17
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Just go ahead and run CF in Safemode
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #18
    Junior Member
    Join Date
    Mar 2011
    Location
    California
    Posts
    19

    Default

    ok...here we go...

    ComboFix 11-03-27.01 - Administrator 03/27/2011 19:52:36.1.2 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1571 [GMT -7:00]
    Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
    AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: McAfee Personal Firewall Plus *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}
    c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}\chrome.manifest
    c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}\chrome\content\_cfg.js
    c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}\chrome\content\overlay.xul
    c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}\install.rdf
    c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011
    c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoActivate.ico
    c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoHelp.ico
    c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoUninstall.ico
    c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe
    c:\windows\system32\itlnfw32.dll
    c:\windows\system32\itlpfw32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_6TO4
    -------\Legacy_ITLPERF
    -------\Service_6to4
    -------\Service_itlperf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-28 02:59 . 2011-03-28 02:59 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKsl7d2e889a.sys
    2011-03-27 23:18 . 2011-03-27 23:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
    2011-03-27 22:52 . 2011-03-27 22:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
    2011-03-27 22:52 . 2011-03-27 22:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2011-03-25 17:21 . 2011-03-25 17:21 -------- d-----w- c:\program files\ERUNT
    2011-03-25 04:49 . 2011-03-25 04:49 0 ----a-w- c:\windows\Bhogubetogumamum.bin
    2011-03-25 00:44 . 2011-03-25 00:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-03-25 00:00 . 2011-03-25 00:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2011-03-25 00:00 . 2011-03-25 00:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-03-24 04:42 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-24 04:42 . 2011-03-24 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-03-24 04:42 . 2011-03-25 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-24 04:42 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-23 18:54 . 2011-03-23 18:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
    2011-03-23 18:54 . 2011-03-23 18:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-03-23 04:42 . 2011-03-23 04:42 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKslcf42d9c4.sys
    2011-03-23 04:40 . 2011-03-23 04:40 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKsl085c156a.sys
    2011-03-23 04:30 . 2011-03-23 04:30 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKsl46dd7b34.sys
    2011-03-23 04:21 . 2011-03-23 04:21 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKslba6b11df.sys
    2011-03-23 03:41 . 2011-03-23 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-03-22 15:11 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\mpengine.dll
    2011-03-21 23:10 . 2011-03-21 23:10 -------- d-----w- c:\windows\Sun
    2011-03-21 23:08 . 2011-02-03 04:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-21 23:08 . 2011-02-03 04:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-21 23:08 . 2011-02-03 02:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-16 03:46 . 2011-03-16 03:46 -------- d-----w- c:\program files\MSECache
    2011-03-10 00:15 . 2011-03-22 02:42 -------- d-----w- c:\program files\Common Files\DAZ
    2011-03-08 04:38 . 2011-03-08 04:38 -------- d-----w- c:\program files\Smith Micro
    2011-03-08 01:39 . 2011-03-23 03:11 -------- d-----w- c:\documents and settings\Mommazon
    2011-03-07 23:32 . 2011-03-07 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Poser
    2011-03-07 23:28 . 2011-03-07 23:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Poser
    2011-02-26 07:59 . 2007-12-07 10:08 86528 ----a-w- c:\windows\system32\E_FLBEGA.DLL
    2011-02-26 07:59 . 2007-12-07 10:01 78848 ----a-w- c:\windows\system32\E_FD4BEGA.DLL
    2011-02-26 07:59 . 2011-02-26 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
    2011-02-26 07:49 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-02-26 07:49 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
    2011-02-26 07:44 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-02-26 07:44 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-21 23:58 . 2011-02-20 00:38 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
    2011-02-11 06:54 . 2010-05-15 00:13 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-02-05 01:48 . 2005-08-16 09:18 456192 ------w- c:\windows\system32\encdec.dll
    2011-02-05 01:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
    2011-02-02 07:58 . 2005-08-16 09:37 2067456 ------w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2005-08-16 09:37 677888 ------w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2005-08-16 09:18 439296 ------w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2005-08-16 09:18 290048 ------w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2005-08-16 09:18 1854976 ------w- c:\windows\system32\win32k.sys
    2010-12-29 17:39 . 2010-12-29 17:39 1700352 ------w- c:\windows\system32\gdiplus.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7323648]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-09 16712]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    2005-09-08 10:20 122940 ------w- c:\windows\system32\DLA\DLACTRLW.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2006-04-15 13:06 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    2005-09-09 00:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2005-09-09 00:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2005-07-13 00:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2006-04-15 12:58 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2003-11-19 22:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Smith Micro\\Poser 8\\Poser.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1036:TCP"= 1036:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R1 MpKsl7d2e889a;MpKsl7d2e889a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKsl7d2e889a.sys [3/27/2011 7:59 PM 28752]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/16/2005 2:18 AM 14336]
    S1 MpKsl966d8728;MpKsl966d8728;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{223CF3A5-5AB7-492C-9D16-D5D9BC56E41B}\MpKsl966d8728.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{223CF3A5-5AB7-492C-9D16-D5D9BC56E41B}\MpKsl966d8728.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 11:05 AM 136176]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL7D2E889A
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    itlsvc REG_MULTI_SZ itlperf
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf7a2f20-3946-11e0-a099-001372b3e4c1}]
    \Shell\AutoRun\command - "F:\WD SmartWare.exe" autoplay=true
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 18:05]
    .
    2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 18:05]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
    Trusted Zone: musicmatch.com\online
    FF - ProfilePath - c:\documents and settings\Mommazon\Application Data\Mozilla\Firefox\Profiles\nt6ta4nn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|https://mail.google.com/mail/?shva=1#inbox
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-itlntfy - itlnfw32.dll
    MSConfigStartUp-BuildBU - c:\dell\bldbubg.exe
    MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
    AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-27 19:59
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\windows\TEMP\TMP0000000356CAE2F891185EE8 524288 bytes
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2412)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Essentials\MsMpEng.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PSIService.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\stsystra.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-27 20:06:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-28 03:06
    .
    Pre-Run: 7,253,471,232 bytes free
    Post-Run: 6,907,314,176 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - FAFC165F45F40479C4B79ED89DB28E76

  9. #19
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Job,

    One file I am concerned about



    You need to enable windows to show all files and folders, instructions Here

    Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

    c:\windows\Bhogubetogumamum.bin <--

    If the site is busy you can try this one
    http://virusscan.jotti.org/en





    You have Microsoft Security Essentials installed , we need to remove McAfee as having two AVs can seriously hamper system performance.

    First see if you can uninstall it via Add Remove Programs in the Control Panel and then run there removal tool from either one of these sites

    http://majorgeeks.com/McAfee_Consume...ool_d5420.html
    http://service.mcafee.com/FAQDocument.aspx?id=TS100507
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #20
    Junior Member
    Join Date
    Mar 2011
    Location
    California
    Posts
    19

    Default

    hmm...

    I went to the VirusTotal site and submitted it twice and nothing happened either time...so I went to the Jotti site and it said the file was empty.

    c:\windows\Bhogubetogumamum.bin

    I'm trying to figure out the McAfee thing...there is nothing in the Installed programs list for me to uninstall the beast. I'm going to do the majorgeeks MCPR uninstall thing I guess and see if that can wipe out whatever it is. I did find the folder under program files called McAfee Spamkiller, but there isn't an option to uninstall (or even install for that matter).

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •