Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my computer clean?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Dfixr1

Dfixr1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 12 October 2010 - 04:49 AM

I have been trying to fix my computer using the microsoft malware removal tool, uninstalling my old virus scanner (panda cloud) , installing mcaffee virus scan, using spybot, and running combofix. Spybot found some trojans and took care of those. However, I don't think my problems are cleared up completely. McAffee is disabled seconds after turning it on, and I can't overcome that problem, also other services and programs etc become disabled somehow. Here is the combofix log. Please help, and advise me what to do next to repair.

ComboFix 10-10-09.06 - ADMIN 10/11/2010 5:42.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.715 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ADMIN\Application Data\Microsoft\stor.cfg
c:\documents and settings\ADMIN\Application Data\Microsoft\svchost.exe
c:\documents and settings\ADMIN\Application Data\Microsoft\Windows\shell.exe
c:\documents and settings\ADMIN\pizda_ntload.dll
c:\windows\Downloaded Program Files\IDropPTB.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))))
.

2010-10-09 14:10 . 2010-10-09 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-09 14:10 . 2010-10-09 14:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-09 13:05 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-09 12:44 . 2010-01-05 22:04 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2010-10-09 12:43 . 2010-01-05 22:04 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-09 12:43 . 2010-01-05 22:04 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-10-09 12:43 . 2010-01-05 22:04 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-09 12:43 . 2010-01-05 22:04 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-09 12:43 . 2010-01-05 22:04 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-09 12:43 . 2010-01-05 22:04 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-09 12:43 . 2010-01-05 22:04 312584 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-09 12:43 . 2010-01-05 22:04 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-09 12:43 . 2010-10-09 12:44 -------- d-----w- c:\program files\Common Files\Mcafee
2010-10-09 12:43 . 2010-10-09 12:44 -------- d-----w- c:\program files\McAfee
2010-10-09 12:42 . 2010-10-09 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-09-29 01:52 . 2010-09-29 01:52 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Foxit Software
2010-09-21 09:53 . 2010-09-21 09:53 -------- d-----w- c:\program files\Cute CD DVD Burner
2010-09-18 10:51 . 2010-09-18 10:51 -------- d-----w- c:\program files\Fanbase
2010-09-18 10:51 . 2010-09-18 10:51 -------- d-----w- c:\program files\Times Reader
2010-09-17 09:36 . 2010-09-17 09:36 -------- d-----w- c:\documents and settings\ADMIN\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-09-17 09:35 . 2010-09-17 09:35 -------- d-----w- c:\program files\TweetDeck
2010-09-17 09:35 . 2010-09-17 09:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-17 09:26 . 2010-09-17 09:26 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 18:14 . 2009-11-24 18:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 17:10 . 2009-11-28 17:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2010-01-05 22:04 . 2010-10-09 12:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ADMIN\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ADMIN\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ADMIN\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe" [2010-09-18 232912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-04 1179952]

c:\documents and settings\Guest1\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\ADMIN\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\ADMIN\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TaskZip.lnk - c:\program files\TaskZip\TaskZip.exe [2010-6-27 475136]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Documents and Settings\\ADMIN\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [8/21/2010 5:26 AM 911680]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/9/2010 8:43 AM 82952]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/9/2010 8:43 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [10/9/2010 8:44 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [10/9/2010 8:43 AM 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/9/2010 8:43 AM 312584]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/9/2010 8:43 AM 88480]
S0 cerc6;cerc6; [x]
S2 0080991286628273mcinstcleanup;McAfee Application Installer Cleanup (0080991286628273);c:\docume~1\ADMIN\LOCALS~1\Temp\008099~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMIN\LOCALS~1\Temp\008099~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [8/21/2010 5:27 AM 2480048]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/15/2010 7:12 AM 136176]
S2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [7/15/2009 9:52 PM 70016]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/9/2010 8:43 AM 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/9/2010 8:43 AM 271480]
S2 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/9/2010 8:43 AM 271480]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [8/21/2010 5:27 AM 160704]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/9/2010 8:43 AM 55456]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMIN\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMIN\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/9/2010 8:43 AM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/9/2010 8:43 AM 83496]
.
Contents of the 'Scheduled Tasks' folder

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 11:12]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 11:12]

2010-09-30 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-02-06 03:46]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Documents%20and%20Settings/ADMIN/My%20Documents/Downloads/home1.htm
uInternet Settings,ProxyServer = http=127.0.0.1:50370
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lgmjmgln.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage - file:///C:/Documents%20and%20Settings/ADMIN/My%20Documents/Downloads/home1.htm
FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.1.0&locale=en-US&sl=ub&q=
FF - component: c:\documents and settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\lgmjmgln.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\ADMIN\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\ADMIN\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-IDTSysTrayApp - (no file)


.
Completion time: 2010-10-11 05:48:19
ComboFix-quarantined-files.txt 2010-10-11 09:48

Pre-Run: 17,554,690,048 bytes free
Post-Run: 17,885,007,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 59E94DB3262923B91E3DC836EA35A8A2

Attached Files

  • Attached File  log.txt   13.54KB   0 downloads


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:48 AM

Posted 12 October 2010 - 11:57 AM

Hello Dfixr1 ,



I know you just installed it, but uninstall everything McAfee, and disable everything else. It is horrible about interfering with clean up attempts, especially regarding ComboFix. I would also like for you to uninstall ComboFix and get a new and updated copy, then have a run with it. To uninstall ComboFix, please click start>run> and type, or copy and paste : ComboFix /Uninstall hit ok.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:48 AM

Posted 18 October 2010 - 10:26 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users