-
UGH!! In safe mode...
It still says
---------------------------
Warning !!
---------------------------
ComboFix has detected the following real time scanner(s) to be active:
antivirus: McAfee VirusScan
antivirus: Microsoft Security Essentials
Antivirus and intrusion prevention programs are known to interfere
with ComboFix's running. This may lead to unpredictable results or
possible machine damage.
Please disable these scanners before clicking 'OK'.
---------------------------
OK
---------------------------
-
ok...update...
in Safe mode I finally got MSE to open and I have the real time protection turned off...however I cannot find ANYthing that I can shut down McAfee. Should I go into add & remove programs to try and find it that way?
-
-
I have actually read it a few times...I have done searches for McAfee ANYTHING and it comes up with nothing.
I am still unable to locate anything that indicates any sort of McAfee installed on my computer. There is no 'M' in my system tray, no McAfee in my Program Files and nothing on the Installed Programs. It is very frustrating.
-
Just go ahead and run CF in Safemode
-
ok...I found...not sure how...McAfee Spamkiller, but on the Bleepingcomputer link there is nothing that I have found in those forums on how to disable it thus far...
-
Just go ahead and run CF in Safemode
-
ok...here we go...
ComboFix 11-03-27.01 - Administrator 03/27/2011 19:52:36.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1571 [GMT -7:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: McAfee Personal Firewall Plus *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}
c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}\chrome.manifest
c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}\chrome\content\_cfg.js
c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}\chrome\content\overlay.xul
c:\documents and settings\Mommazon\Local Settings\Application Data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}\install.rdf
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoActivate.ico
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoHelp.ico
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\IcoUninstall.ico
c:\documents and settings\NetworkService\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe
c:\windows\system32\itlnfw32.dll
c:\windows\system32\itlpfw32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_ITLPERF
-------\Service_6to4
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-28 02:59 . 2011-03-28 02:59 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKsl7d2e889a.sys
2011-03-27 23:18 . 2011-03-27 23:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2011-03-27 22:52 . 2011-03-27 22:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2011-03-27 22:52 . 2011-03-27 22:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-03-25 17:21 . 2011-03-25 17:21 -------- d-----w- c:\program files\ERUNT
2011-03-25 04:49 . 2011-03-25 04:49 0 ----a-w- c:\windows\Bhogubetogumamum.bin
2011-03-25 00:44 . 2011-03-25 00:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-03-25 00:00 . 2011-03-25 00:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-03-25 00:00 . 2011-03-25 00:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-03-24 04:42 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-24 04:42 . 2011-03-24 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-24 04:42 . 2011-03-25 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-24 04:42 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 18:54 . 2011-03-23 18:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-03-23 18:54 . 2011-03-23 18:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-23 04:42 . 2011-03-23 04:42 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKslcf42d9c4.sys
2011-03-23 04:40 . 2011-03-23 04:40 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKsl085c156a.sys
2011-03-23 04:30 . 2011-03-23 04:30 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKsl46dd7b34.sys
2011-03-23 04:21 . 2011-03-23 04:21 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKslba6b11df.sys
2011-03-23 03:41 . 2011-03-23 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-22 15:11 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\mpengine.dll
2011-03-21 23:10 . 2011-03-21 23:10 -------- d-----w- c:\windows\Sun
2011-03-21 23:08 . 2011-02-03 04:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-21 23:08 . 2011-02-03 04:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-21 23:08 . 2011-02-03 02:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-16 03:46 . 2011-03-16 03:46 -------- d-----w- c:\program files\MSECache
2011-03-10 00:15 . 2011-03-22 02:42 -------- d-----w- c:\program files\Common Files\DAZ
2011-03-08 04:38 . 2011-03-08 04:38 -------- d-----w- c:\program files\Smith Micro
2011-03-08 01:39 . 2011-03-23 03:11 -------- d-----w- c:\documents and settings\Mommazon
2011-03-07 23:32 . 2011-03-07 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Poser
2011-03-07 23:28 . 2011-03-07 23:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Poser
2011-02-26 07:59 . 2007-12-07 10:08 86528 ----a-w- c:\windows\system32\E_FLBEGA.DLL
2011-02-26 07:59 . 2007-12-07 10:01 78848 ----a-w- c:\windows\system32\E_FD4BEGA.DLL
2011-02-26 07:59 . 2011-02-26 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2011-02-26 07:49 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-02-26 07:49 . 2008-04-13 19:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2011-02-26 07:44 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-02-26 07:44 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 23:58 . 2011-02-20 00:38 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2011-02-11 06:54 . 2010-05-15 00:13 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-05 01:48 . 2005-08-16 09:18 456192 ------w- c:\windows\system32\encdec.dll
2011-02-05 01:48 . 2005-08-16 09:18 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2005-08-16 09:37 2067456 ------w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2005-08-16 09:37 677888 ------w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2005-08-16 09:18 439296 ------w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2005-08-16 09:18 290048 ------w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2005-08-16 09:18 1854976 ------w- c:\windows\system32\win32k.sys
2010-12-29 17:39 . 2010-12-29 17:39 1700352 ------w- c:\windows\system32\gdiplus.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2005-05-15 332800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-09 16712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ------w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-04-15 13:06 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 00:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 00:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-13 00:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-04-15 12:58 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 22:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Smith Micro\\Poser 8\\Poser.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 MpKsl7d2e889a;MpKsl7d2e889a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EFC8332-93E6-4A1A-8C02-BC970A3B9FCD}\MpKsl7d2e889a.sys [3/27/2011 7:59 PM 28752]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/16/2005 2:18 AM 14336]
S1 MpKsl966d8728;MpKsl966d8728;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{223CF3A5-5AB7-492C-9D16-D5D9BC56E41B}\MpKsl966d8728.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{223CF3A5-5AB7-492C-9D16-D5D9BC56E41B}\MpKsl966d8728.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 11:05 AM 136176]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL7D2E889A
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
itlsvc REG_MULTI_SZ itlperf
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf7a2f20-3946-11e0-a099-001372b3e4c1}]
\Shell\AutoRun\command - "F:\WD SmartWare.exe" autoplay=true
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 18:05]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 18:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Mommazon\Application Data\Mozilla\Firefox\Profiles\nt6ta4nn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|https://mail.google.com/mail/?shva=1#inbox
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
Notify-itlntfy - itlnfw32.dll
MSConfigStartUp-BuildBU - c:\dell\bldbubg.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 19:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\TMP0000000356CAE2F891185EE8 524288 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2412)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-03-27 20:06:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-28 03:06
.
Pre-Run: 7,253,471,232 bytes free
Post-Run: 6,907,314,176 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - FAFC165F45F40479C4B79ED89DB28E76
-
Good Job,
One file I am concerned about
You need to enable windows to show all files and folders, instructions Here
Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
c:\windows\Bhogubetogumamum.bin <--
If the site is busy you can try this one
http://virusscan.jotti.org/en
You have Microsoft Security Essentials installed , we need to remove McAfee as having two AVs can seriously hamper system performance.
First see if you can uninstall it via Add Remove Programs in the Control Panel and then run there removal tool from either one of these sites
http://majorgeeks.com/McAfee_Consume...ool_d5420.html
http://service.mcafee.com/FAQDocument.aspx?id=TS100507
-
hmm...
I went to the VirusTotal site and submitted it twice and nothing happened either time...so I went to the Jotti site and it said the file was empty.
c:\windows\Bhogubetogumamum.bin
I'm trying to figure out the McAfee thing...there is nothing in the Installed programs list for me to uninstall the beast. I'm going to do the majorgeeks MCPR uninstall thing I guess and see if that can wipe out whatever it is. I did find the folder under program files called McAfee Spamkiller, but there isn't an option to uninstall (or even install for that matter).
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules