Print Spooler service is not running

Hi! We had a redirect virus on our computer.We downloaded the malwarebytes antimalware software and it found the bug and we deleted it. But upon doing so , the printer is now disabled and I keep getting the error "print spooler service is not running". The printer is no longer listed under printers and faxes so I removed all teh HP software associated with the printer and unplugged it, hoping to simply reinstall but when I try to add a printer it gives me the print spooler error. I found some fixes on your forum that you suggested to another user, but none of them are working for me. Any suggestions?

Update..., I put in my HP 2200 installation disk to see what it would do and it started reinstalling the printer, then it failed saying that it has not passed windows logo testing?? So i stopped the installation and was going to search the HP website for an updated driver for my printer but now it appears the redirect virus is back! Could it be attached to something involved with the printer?

Hi mom and welcome to GeekPolice! What´s for dinner this evening

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:

• Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  
• Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  
• I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  
• Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

Time to use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

Hello there Gabe and thank you in advance for your help! Dinner was baked fish and buttered noodles, haha, too bad you weren't there, it was delicious So, like you I also have a life, husband,a job, a class and clinicals I'm trying to get through, and 1 more child than you!! So finally after getting off work this morning and getting kids on the bus I ran the combo fix but then it was taking forever so I had to go get a filling at the dentist and get some sleep! I did get back on and get it finished up tonight though!
Here is the log file it gave me. Hope you can figure something out from all of this mumbo jumbo. Just for extra info, my printer is still disconnected because it would not let me finish the install. The internet, however, seems to be working fine though. Thanks again!

ComboFix 11-09-09.03 - Owner 09/09/2011 11:58:51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.673 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Adobe\sp.DLL
c:\documents and settings\Jimmy\Local Settings\Application Data\{48EDBAFB-F5E7-4878-BECD-AE1843EC7403}
c:\documents and settings\Jimmy\Local Settings\Application Data\{48EDBAFB-F5E7-4878-BECD-AE1843EC7403}\chrome.manifest
c:\documents and settings\Jimmy\Local Settings\Application Data\{48EDBAFB-F5E7-4878-BECD-AE1843EC7403}\chrome\content\overlay.xul
c:\documents and settings\Jimmy\Local Settings\Application Data\{48EDBAFB-F5E7-4878-BECD-AE1843EC7403}\install.rdf
c:\documents and settings\Jimmy\Local Settings\Application Data\{684036DC-62E0-43D2-9456-75E8B19BEAC9}
c:\documents and settings\Jimmy\Local Settings\Application Data\{684036DC-62E0-43D2-9456-75E8B19BEAC9}\chrome.manifest
c:\documents and settings\Jimmy\Local Settings\Application Data\{684036DC-62E0-43D2-9456-75E8B19BEAC9}\chrome\content\_cfg.js
c:\documents and settings\Jimmy\Local Settings\Application Data\{684036DC-62E0-43D2-9456-75E8B19BEAC9}\chrome\content\overlay.xul
c:\documents and settings\Jimmy\Local Settings\Application Data\{684036DC-62E0-43D2-9456-75E8B19BEAC9}\install.rdf
c:\documents and settings\Jimmy\Local Settings\Application Data\{9209CB99-BEEF-43FE-B1F0-661AEB793E21}
c:\documents and settings\Jimmy\Local Settings\Application Data\{9209CB99-BEEF-43FE-B1F0-661AEB793E21}\chrome.manifest
c:\documents and settings\Jimmy\Local Settings\Application Data\{9209CB99-BEEF-43FE-B1F0-661AEB793E21}\chrome\content\overlay.xul
c:\documents and settings\Jimmy\Local Settings\Application Data\{9209CB99-BEEF-43FE-B1F0-661AEB793E21}\install.rdf
c:\documents and settings\Jimmy\Local Settings\Application Data\{939851FF-8BC9-41C4-94E1-CFB7BC35B932}
c:\documents and settings\Jimmy\Local Settings\Application Data\{939851FF-8BC9-41C4-94E1-CFB7BC35B932}\chrome.manifest
c:\documents and settings\Jimmy\Local Settings\Application Data\{939851FF-8BC9-41C4-94E1-CFB7BC35B932}\chrome\content\overlay.xul
c:\documents and settings\Jimmy\Local Settings\Application Data\{939851FF-8BC9-41C4-94E1-CFB7BC35B932}\install.rdf
c:\documents and settings\Jimmy\Local Settings\Application Data\{D2DEEE18-A59B-4FC3-B32B-DD021139FA45}
c:\documents and settings\Jimmy\Local Settings\Application Data\{D2DEEE18-A59B-4FC3-B32B-DD021139FA45}\chrome.manifest
c:\documents and settings\Jimmy\Local Settings\Application Data\{D2DEEE18-A59B-4FC3-B32B-DD021139FA45}\chrome\content\overlay.xul
c:\documents and settings\Jimmy\Local Settings\Application Data\{D2DEEE18-A59B-4FC3-B32B-DD021139FA45}\install.rdf
c:\documents and settings\Jimmy\Local Settings\Application Data\{FA7FDFCC-5134-4322-8811-2E6DA2391EFA}
c:\documents and settings\Jimmy\Local Settings\Application Data\{FA7FDFCC-5134-4322-8811-2E6DA2391EFA}\chrome.manifest
c:\documents and settings\Jimmy\Local Settings\Application Data\{FA7FDFCC-5134-4322-8811-2E6DA2391EFA}\chrome\content\overlay.xul
c:\documents and settings\Jimmy\Local Settings\Application Data\{FA7FDFCC-5134-4322-8811-2E6DA2391EFA}\install.rdf
c:\documents and settings\Owner\Application Data\Adobe\plugs
c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc1105587640.txt
c:\documents and settings\Owner\Application Data\Adobe\plugs\mmc8.exe
c:\documents and settings\Owner\Application Data\Adobe\shed
c:\documents and settings\Owner\Application Data\Adobe\shed\thr1.chm
c:\documents and settings\Owner\Local Settings\Application Data\{D1E2B5C8-88CC-4761-AD6A-FB1EBFBADDAB}
c:\documents and settings\Owner\Local Settings\Application Data\{D1E2B5C8-88CC-4761-AD6A-FB1EBFBADDAB}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{D1E2B5C8-88CC-4761-AD6A-FB1EBFBADDAB}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{D1E2B5C8-88CC-4761-AD6A-FB1EBFBADDAB}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{D1E2B5C8-88CC-4761-AD6A-FB1EBFBADDAB}\install.rdf
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\program files\messenger\msmsgsin.exe
c:\windows\dgpr32c.dll
c:\windows\imujojulowuni.dll
c:\windows\tsoc.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-09 12:21 . 2011-09-09 12:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2011-09-09 12:21 . 2011-09-09 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-09-08 03:18 . 2007-10-30 09:25 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2011-09-08 03:18 . 2007-10-30 09:25 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-09-08 03:18 . 2007-10-30 09:11 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2011-09-08 03:18 . 2007-10-30 09:11 303104 ----a-r- c:\windows\system32\hpovst15.dll
2011-09-08 03:18 . 2007-10-30 09:11 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2011-09-08 03:14 . 2011-09-08 03:15 -------- d-----w- c:\program files\Yahoo!
2011-09-08 03:08 . 2011-09-08 03:08 -------- d-----w- c:\program files\Hewlett-Packard
2011-09-08 01:17 . 2011-09-08 01:17 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2011-09-08 01:17 . 2011-09-08 01:17 -------- d-----w- c:\program files\Norton PC Checkup
2011-09-08 01:15 . 2011-09-08 01:15 -------- d-----w- c:\program files\NortonInstaller
2011-09-07 20:00 . 2011-09-07 20:00 -------- d-----w- c:\documents and settings\Jimmy\Application Data\PC Cleaners
2011-09-07 03:18 . 2011-09-08 01:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Tific
2011-09-07 03:18 . 2011-09-07 03:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Tific
2011-09-07 03:15 . 2011-09-08 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-09-07 02:07 . 2011-09-07 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2011-09-07 02:06 . 2011-09-07 02:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PC_Drivers_Headquarters
2011-09-07 02:06 . 2011-09-07 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Boost
2011-09-07 02:03 . 2011-09-07 02:03 -------- d-----w- c:\program files\DriverBoost
2011-09-06 22:43 . 2011-09-06 22:43 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Cleaners
2011-09-06 22:43 . 2011-09-06 22:42 5356304 ----a-w- c:\windows\uninst.exe
2011-09-06 22:43 . 2011-09-07 21:32 -------- d-----w- c:\program files\PC Cleaners
2011-09-06 22:43 . 2011-09-06 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2011-09-06 22:37 . 2011-09-06 22:37 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2011-09-06 13:37 . 2011-09-06 13:37 -------- d-----w- c:\documents and settings\Jimmy\Application Data\Malwarebytes
2011-09-05 23:48 . 2011-09-09 15:59 0 ----a-w- c:\windows\Asaqocixafesu.bin
2011-09-04 17:30 . 2011-09-07 04:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-09-04 01:42 . 2011-09-04 01:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-31 23:08 . 2011-08-31 23:09 -------- d-----w- c:\program files\Graboid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-07 20:01 . 2010-07-15 00:04 0 ----a-w- c:\documents and settings\Jimmy\Local Settings\Application Data\Asaqocixafesu.bin
2011-09-03 10:17 . 2003-03-20 21:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-18 14:48 . 2011-07-18 14:48 664 ----a-w- c:\documents and settings\Jimmy\Local Settings\Application Data\d3d9caps.tmp
2011-07-15 13:29 . 2003-07-16 20:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2003-07-16 20:37 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2010-02-13 23:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2003-07-16 20:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-29 01:40 . 2011-03-29 23:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2010-02-16 21:59 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-07-13 1312384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\documents and settings\Molly Lolly\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2010-2-10 114688]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27944:TCP"= 27944:TCP:spport
"20305:TCP"= 20305:TCP:spport
"25542:TCP"= 25542:TCP:spport
"28026:TCP"= 28026:TCP:spport
"23375:TCP"= 23375:TCP:spport
"4757:TCP"= 4757:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/13/2010 11:42 PM 89368]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2/13/2010 11:43 PM 54776]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/16/2003 4:47 PM 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/4/2011 5:01 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/4/2011 5:01 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/4/2011 5:01 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/13/2010 11:42 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [2/13/2010 11:42 PM 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2/5/2010 10:14 PM 229688]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [9/7/2011 9:17 PM 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [9/7/2011 9:17 PM 126392]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/13/2010 11:42 PM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/13/2010 11:42 PM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 11:42 PM 83688]
S2 0076431315517058mcinstcleanup;McAfee Application Installer Cleanup (0076431315517058);c:\windows\TEMP\007643~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\007643~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 11:42 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/13/2010 11:42 PM 85984]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 4:47 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-09-10 c:\windows\Tasks\User_Feed_Synchronization-{349C2E00-97AD-4327-821F-739752CABBDC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=4g97l7ejs8hhc
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\b1zyya61.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
HKCU-Run-Kfapadode - c:\windows\dgpr32c.dll
HKLM-Run-Cxasidu - c:\windows\imujojulowuni.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-09 21:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP0802N/P rev.TK300-08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8630931B
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1120)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\progra~1\MICROS~2\Office12\OUTLOOK.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-09-09 22:18:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-10 02:17
.
Pre-Run: 41,391,960,064 bytes free
Post-Run: 44,254,986,240 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3839762AFE3D00AB48EF45429656E90A

4 children lol. I´m afraid combofix can´t do anything about that, even though sometimes you will wish it could

• Please create a new text file in Notepad with the following contents:
  

  Code:

  KILLALL::
File::
c:\documents and settings\Jimmy\Local Settings\Application Data\Asaqocixafesu.bin
c:\windows\Asaqocixafesu.bin

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27944:TCP"=-
"20305:TCP"=-
"25542:TCP"=-
"28026:TCP"=-
"23375:TCP"=-
"4757:TCP"=-
"5000:UDP"=-

  
  
• Save that file as CFScript.txt on your desktop
  
• Drag and drop the CFScript.txt onto the ComboFix icon, as shown in the animation below.
  
  
• If done correctly, ComboFix will start and perform specific instructions
  
• In doing so, ComboFix may request a reboot
  
• Please post the contents of Combofix.txt in your next reply

====================

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:

• If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  
• Click OK to either and let MBAM proceed with the disinfection process.
  
• If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

• Double click aswMBR.exe to run the tool
  
• Click the Scan button to start the scan
  
• Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  
• Once the scan finishes click Save log to save the log to your desktop
  
• Copy and paste the contents of this log (aswMBR.txt) into your next reply.

Here is the Combofix log file...I am going to send each one to you separately because I am afraid I won't be able to find them once I click out of them !! haha

ComboFix 11-09-10.03 - Owner 09/10/2011 17:30:20.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.422 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\documents and settings\Jimmy\Local Settings\Application Data\Asaqocixafesu.bin"
"c:\windows\Asaqocixafesu.bin"
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-09 12:21 . 2011-09-09 12:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2011-09-09 12:21 . 2011-09-09 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-09-08 03:18 . 2007-10-30 09:25 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2011-09-08 03:18 . 2007-10-30 09:25 309760 ----a-r- c:\windows\system32\difxapi.dll
2011-09-08 03:18 . 2007-10-30 09:11 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2011-09-08 03:18 . 2007-10-30 09:11 303104 ----a-r- c:\windows\system32\hpovst15.dll
2011-09-08 03:18 . 2007-10-30 09:11 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2011-09-08 03:14 . 2011-09-08 03:15 -------- d-----w- c:\program files\Yahoo!
2011-09-08 03:08 . 2011-09-08 03:08 -------- d-----w- c:\program files\Hewlett-Packard
2011-09-08 01:17 . 2011-09-08 01:17 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2011-09-08 01:17 . 2011-09-08 01:17 -------- d-----w- c:\program files\Norton PC Checkup
2011-09-08 01:15 . 2011-09-08 01:15 -------- d-----w- c:\program files\NortonInstaller
2011-09-07 20:00 . 2011-09-07 20:00 -------- d-----w- c:\documents and settings\Jimmy\Application Data\PC Cleaners
2011-09-07 03:18 . 2011-09-08 01:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Tific
2011-09-07 03:18 . 2011-09-07 03:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Tific
2011-09-07 03:15 . 2011-09-08 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-09-07 02:07 . 2011-09-07 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2011-09-07 02:06 . 2011-09-07 02:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PC_Drivers_Headquarters
2011-09-07 02:06 . 2011-09-07 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Boost
2011-09-07 02:03 . 2011-09-07 02:03 -------- d-----w- c:\program files\DriverBoost
2011-09-06 22:43 . 2011-09-06 22:43 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Cleaners
2011-09-06 22:43 . 2011-09-06 22:42 5356304 ----a-w- c:\windows\uninst.exe
2011-09-06 22:43 . 2011-09-07 21:32 -------- d-----w- c:\program files\PC Cleaners
2011-09-06 22:43 . 2011-09-06 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2011-09-06 22:37 . 2011-09-06 22:37 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2011-09-06 13:37 . 2011-09-06 13:37 -------- d-----w- c:\documents and settings\Jimmy\Application Data\Malwarebytes
2011-09-05 23:48 . 2011-09-09 15:59 0 ----a-w- c:\windows\Asaqocixafesu.bin
2011-09-04 17:30 . 2011-09-07 04:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-09-04 01:42 . 2011-09-04 01:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-31 23:08 . 2011-08-31 23:09 -------- d-----w- c:\program files\Graboid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-07 20:01 . 2010-07-15 00:04 0 ----a-w- c:\documents and settings\Jimmy\Local Settings\Application Data\Asaqocixafesu.bin
2011-09-03 10:17 . 2003-03-20 21:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-18 14:48 . 2011-07-18 14:48 664 ----a-w- c:\documents and settings\Jimmy\Local Settings\Application Data\d3d9caps.tmp
2011-07-15 13:29 . 2003-07-16 20:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2003-07-16 20:37 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2010-02-13 23:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2003-07-16 20:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-29 01:40 . 2011-03-29 23:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2010-02-16 21:59 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-10_01.25.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-10 22:33 . 2011-09-10 22:33 16384 c:\windows\Temp\Perflib_Perfdata_40c.dat
+ 2011-09-10 22:33 . 2011-09-10 22:33 16384 c:\windows\Temp\Perflib_Perfdata_2d4.dat
+ 2011-09-10 17:00 . 2011-09-10 17:00 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat
+ 2011-09-10 22:34 . 2011-09-10 22:34 16384 c:\windows\Temp\Perflib_Perfdata_280.dat
+ 2010-02-13 23:59 . 2011-09-10 21:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-02-13 23:59 . 2011-09-10 00:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-09-10 05:03 . 2011-09-10 21:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-02-06 02:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-07-13 1312384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\documents and settings\Molly Lolly\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2010-2-10 114688]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2/13/2010 11:42 PM 89368]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2/13/2010 11:43 PM 54776]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/16/2003 4:47 PM 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/4/2011 5:01 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/4/2011 5:01 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/4/2011 5:01 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [2/13/2010 11:42 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [2/13/2010 11:42 PM 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2/5/2010 10:14 PM 229688]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [9/7/2011 9:17 PM 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [9/7/2011 9:17 PM 126392]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2/13/2010 11:42 PM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2/13/2010 11:42 PM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 11:42 PM 83688]
S2 0076431315517058mcinstcleanup;McAfee Application Installer Cleanup (0076431315517058);c:\windows\TEMP\007643~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\007643~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2/13/2010 11:42 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2/13/2010 11:42 PM 85984]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 4:47 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-09-10 c:\windows\Tasks\User_Feed_Synchronization-{349C2E00-97AD-4327-821F-739752CABBDC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=4g97l7ejs8hhc
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\b1zyya61.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-10 18:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1116)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3768)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-09-10 18:57:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-10 22:57
ComboFix2.txt 2011-09-10 02:18
.
Pre-Run: 43,778,510,848 bytes free
Post-Run: 44,089,237,504 bytes free
.
- - End Of File - - 09CE76C0F5DB628F4E476CA08128EF0B

Hello again Gabe, I already had the malwarebytes anitmalware installed so I just needed to update it. There was one item found and I removed it and here is the log file.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/10/2011 8:00:54 PM
mbam-log-2011-09-10 (20-00-54).txt

Scan type: Quick scan
Objects scanned: 210661
Time elapsed: 13 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi again, here is the final log file.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-10 20:06:32
-----------------------------
20:06:32.068 OS Version: Windows 5.1.2600 Service Pack 3
20:06:32.068 Number of processors: 1 586 0x401
20:06:32.068 ComputerName: PATTY-8W9SK39KS UserName: Owner
20:06:34.068 Initialize success
20:07:47.183 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:07:47.199 Disk 0 Vendor: SAMSUNG_SP0802N/P TK300-08 Size: 76293MB BusType: 3
20:07:47.199 Device \Driver\atapi -> DriverStartIo 8630631b
20:07:47.215 Disk 0 MBR read successfully
20:07:47.215 Disk 0 MBR scan
20:07:47.215 Disk 0 TDL4@MBR code has been found
20:07:47.215 Disk 0 Windows XP default MBR code found via API
20:07:47.215 Disk 0 MBR hidden
20:07:47.215 Disk 0 MBR [TDL4] **ROOTKIT**
20:07:47.230 Disk 0 trace - called modules:
20:07:47.230 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x863064d0]<<
20:07:47.230 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86350ab8]
20:07:47.230 3 CLASSPNP.SYS[f74d6fd7] -> nt!IofCallDriver -> [0x862b14c0]
20:07:47.230 \Driver\atapi[0x863cbf38] -> IRP_MJ_CREATE -> 0x863064d0
20:07:47.746 Scan finished successfully
20:08:40.516 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat"
20:08:40.516 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-10 20:50:38
-----------------------------
20:50:38.152 OS Version: Windows 5.1.2600 Service Pack 3
20:50:38.152 Number of processors: 1 586 0x401
20:50:38.152 ComputerName: PATTY-8W9SK39KS UserName: Owner
20:50:39.793 Initialize success
20:50:48.497 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:50:48.497 Disk 0 Vendor: SAMSUNG_SP0802N/P TK300-08 Size: 76293MB BusType: 3
20:50:48.513 Disk 0 MBR read successfully
20:50:48.513 Disk 0 MBR scan
20:50:48.513 Disk 0 Windows XP default MBR code
20:50:48.529 Disk 0 scanning sectors +156232125
20:50:48.623 Disk 0 scanning C:\WINDOWS\system32\drivers
20:51:09.658 Service scanning
20:51:12.393 Modules scanning
20:51:28.771 Disk 0 trace - called modules:
20:51:28.786 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
20:51:28.786 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8639fab8]
20:51:28.786 3 CLASSPNP.SYS[f74d6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86372b00]
20:51:28.786 Scan finished successfully
20:51:35.272 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat"
20:51:35.288 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt"

Thank you again

Do I see correctly that you did not only run an aswMBR scan, but you also ran the FixMBR command with it?

That is fine, because that is what i would have told you to do

The good news is we kicked off the redirect infection now. There is still one file that we need to delete, but you can do that simply with windows explorer, probably:
c:\documents and settings\Jimmy\Local Settings\Application Data\Asaqocixafesu.bin
This file probably will not resist being deleted, now that all his malware file buddies are gone.


The bad news is that probably your printer still is not working. Since I´m not an expert in this, I´m going to use my friend Google. Can you try and print something? What error message pops up? Google that error message and see what solutions are suggested by the www.

I think I actually ran the scan twice and the first time I did click to Fix MBR but just because it sounded like the right thing to do...I was guessing!

Well, it appears now that the virus is gone, whatever was hanging up the printer is also gone because it installed very simply!! My husband will be SO happy Can you tell me how I should go about deleting this last remaining file?

You can delete this file by simly using Windows explorer, find the file Asaqocixafesu.bin in the folder c:\documents and settings\Jimmy\Local Settings\Application Data and delete it.

You can also do it with the below instructions:

Create a textfile (with e.g. Notepad) with the following contents:

del "c:\documents and settings\Jimmy\Local Settings\Application Data\Asaqocixafesu.bin"
pause

• Save it as "fix.bat" (include the quotes) on your desktop.
  
• Double click it to run. A black DOS windows will open and hopefully show no error message
  
• Press any key to close this DOS windows
  
• If this went well, delete fix.bat

====================

You have an old version installed of Adobe Reader. This old version has security issues.
I recommend that you uninstall Adobe Reader through Start > Control Panel > Add or Remove Programs.
After that you should install a PDF reader that is more secure.
Please note that Adobe Reader has a history of security issues and is a prime target for malware writers due to its popularity. You might want to consider installing a non-Adobe PDF reader. Your choice!

• Adobe Reader 10.0. The last and most safest version of Adobe Reader.
  
• SumatraPDF. Very small and very light PDF viewer.
  
• PDF XChange. Also available in 64-bit version if you have a 64-bit OS. Can be installed as portable.

====================

You should verify that you have the latest version of Java installed. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.

• Go to Start > Control Panel
  
• Double-click on Add or Remove Programs
  
• Look for entries that say Java, Java RunTime Environment or J2SE.
  
• Uninstall all of them that are not named Java (TM) 6 Update 27

If the version you had installed was not Java (TM) 6 Update 27, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 27).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.