[JonHig]

All done and dusted EF what now please? I cannot pay for any programmes at the moment as i am waiting for my new Card to come from the UK (that is dicey enough coming to the Philipinnes). so it will have to be a free one or a free trial, i am sorry about McAfee. They have always seemed to do a good job.

[evilfantasy]

Everything we ask you to install here will free so don't worry about that.

See if you can get ComboFix to your desktop and run it now that McAfee is gone.

[JonHig]

Thanks. Yes it is there so will try now.

[JonHig]

Dear dear what next? I got up a super long Log file and set up to post then IE refused access to the net. Well when i say refused, i could not get. I re booted and voila i am in. Shall i try again and re scan or what? I hope i shall be soon out of your hair as thay say!

[evilfantasy]

The log is saved in C:\combofix.txt

[JonHig]

The name is there but the File is empty, as old mother Hubbard might have said!

[JonHig]

OK found it and will ry to resend.

[JonHig]

ComboFix 09-04-28.02 - User 04/29/2009 2:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1207 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\System\Uninstall
c:\windows\system32\KBL.LOG
c:\windows\system32\x64
c:\windows\system32\X86
c:\windows\system32\X86\License.rtf
c:\windows\system32\X86\Readme.txt
c:\windows\system32\X86\setup.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.
2009-04-28 03:19 . 2009-04-28 03:19 -------- d-----w c:\program files\Trend Micro
2009-04-23 07:39 . 2009-04-23 07:52 -------- d-----w c:\program files\AllSnooker.Info
2009-04-16 11:43 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 11:43 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 11:43 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 11:41 . 2009-03-03 04:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-16 11:41 . 2009-03-03 02:28 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-16 11:41 . 2009-03-03 04:37 78336 ----a-w c:\windows\system32\ieencode.dll
2009-04-05 02:54 . 2009-04-05 02:54 -------- d-----w c:\programdata\Microgaming
2009-04-05 02:54 . 2009-04-05 02:54 -------- d-----w c:\users\All Users\Microgaming
2009-04-05 02:54 . 2009-04-05 02:54 -------- d-----w c:\programdata\MGS
2009-04-05 02:54 . 2009-04-05 02:54 -------- d-----w c:\users\All Users\MGS
2009-04-05 02:54 . 2009-04-05 02:54 -------- d-----w C:\MicroGaming
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-28 10:10 . 2008-09-04 02:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 05:38 . 2008-09-09 21:44 5972 ----a-w c:\users\User\AppData\Local\d3d9caps.dat
2009-04-17 05:13 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-12 04:51 . 2007-11-20 09:25 -------- d-----w c:\program files\Java
2009-04-06 14:32 . 2008-11-28 02:51 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2008-11-28 02:52 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 06:24 . 2008-11-16 01:49 -------- d-----w c:\program files\VS Revo Group
2009-03-24 02:44 . 2008-11-21 06:27 -------- d-----w c:\program files\PCPitstop
2009-03-17 03:38 . 2009-04-16 11:42 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 11:42 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 11:42 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-14 00:58 . 2009-03-14 00:58 0 ----a-w c:\windows\system32\REN6845.tmp
2009-03-14 00:58 . 2009-03-14 00:58 0 ----a-w c:\windows\system32\REN6844.tmp
2009-03-14 00:58 . 2009-03-14 00:58 0 ----a-w c:\windows\system32\REN6805.tmp
2009-03-09 04:19 . 2009-02-04 03:08 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-07 07:27 . 2008-07-02 13:53 -------- d-----w c:\program files\Yahoo!
2009-03-05 08:41 . 2008-06-10 02:46 -------- d-----w c:\program files\Conduit
2009-03-05 07:14 . 2009-03-05 07:04 -------- d-----w c:\program files\Hotspot Shield
2009-03-05 07:04 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-03-05 07:04 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-03-03 06:30 . 2009-03-03 06:17 -------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-03-03 04:46 . 2009-04-16 11:42 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 11:42 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 11:42 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 11:42 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 11:42 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 11:42 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 11:42 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 11:42 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 11:42 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 11:42 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-28 08:29 . 2008-12-02 12:02 -------- d-----w c:\program files\Microsoft SQL Server
2009-02-13 08:49 . 2009-04-16 11:42 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 11:42 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-11 09:28 . 2009-02-11 09:28 249856 ------w c:\windows\Setup1.exe
2009-02-11 09:28 . 2009-02-11 09:28 73216 ----a-w c:\windows\ST6UNST.EXE
2009-02-09 03:10 . 2009-03-11 07:59 2033152 ----a-w c:\windows\system32\win32k.sys
2008-12-09 04:50 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2005-01-13 16:47 . 2005-01-13 16:47 61440 ----a-w c:\program files\mdMod1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-02-06 13:47 1160544 ----a-w c:\program files\Search Settings\kb126\SearchSettings.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-10 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" [2007-09-13 222504]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-02-06 1036640]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-11 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{3E7611F8-8996-4D8F-9407-9E4E780AD628}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{ECEA1A2F-FB73-42CA-B0D3-235CFE68E2C3}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{7CE2F739-8FC2-4573-91C6-C8F3326B331F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{2672872F-6B74-4D8F-B902-FEF6DA9D2437}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{E3193146-C66B-4FC1-A4A2-22F00495FF44}"= UDP:1723:PPTP L2TP IPSec
"{9013E004-CA93-4651-8ED5-FBF584057E9B}"= UDP:47:PPTP L2TP IPSec
"{F1487DE3-76FA-4674-B970-7FEB57B25951}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2512D0B5-F148-4C1E-A97F-6CC0D99FD556}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4E8AAECD-794A-4EA7-A47F-C507F5241923}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{202E1D62-EA46-4B41-B2F7-66DC4D0296E9}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{9584969B-7D2D-4B7F-8918-9EBDE7A39644}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9D61101B-0EAD-419E-B7B5-D13C9EC1BCAA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{61E553BC-D6E5-4EE3-963E-E2ECE03990EC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{3612DE6D-A3BA-460B-B13F-A488B62CD9FC}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
.
Contents of the 'Scheduled Tasks' folder
2009-04-28 c:\windows\Tasks\User_Feed_Synchronization-{0DD70391-425F-450C-9822-8ECA8B45D9D0}.job
- c:\windows\system32\msfeedssync.exe [2008-09-06 07:33]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.betfair.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_om&c=81&bd=Presario &pf=laptop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 02:56
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-960212331-4114999470-3676663911-1000\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{E0289D67-E357-F47D-3DE3-D3ECF07CCC68}*]
"nacfflcejgjpmleofgbfledomhcd"=hex:6a,61,6d,65,66, 68,65,6e,62,6f,64,6b,70,61,
68,6f,70,69,62,6c,00,00
[HKEY_USERS\system\ControlSet001\Control\Class\{4D3 6E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\system\ControlSet001\Control\Class\{4D3 6E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\system\ControlSet003\Control\Class\{4D3 6E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\system\ControlSet003\Control\Class\{4D3 6E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-04-29 2:57
ComboFix-quarantined-files.txt 2009-04-29 01:57
Pre-Run: 67,792,936,960 bytes free
Post-Run: 67,577,737,216 bytes free
183 --- E O F --- 2009-04-28 00:56

[evilfantasy]

OK that looks OK. I need a new log now.

Please go to Start > Run and copy/paste the following, then press Enter:

Code:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

[JonHig]

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
AllSnooker.Info 1.5
Anonymizer Software
Atheros Driver Installation Program
AusLogics Disk Defrag
Business Contact Manager for Outlook 2007 SP1
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
DVD Suite
ESU for Microsoft Vista
Eusing Free Registry Cleaner
greyhoundtipster
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.30 E2
HP Total Care Advisor
HP Update
HP User Guides 0093
HP Wireless Assistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) TV Wizard
Java(TM) 6 Update 13
K-Lite Codec Pack 2.50 Full
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB954430)
NetWaiting
Nokia Connectivity Cable Driver
OpenOffice.org Installer 1.0
Power2Go
PowerDirector
QuickPlay SlingPlayer 0.4.4
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Revo Uninstaller 1.80
Search Settings 1.1
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Spelling Dictionaries Support For Adobe Reader 8
Touch Pad Driver
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
VideoLAN VLC media player 0.8.6i
Windows Live Messenger
Yahoo! Install Manager