Bluetree

Greetings, SuperAnitspyware scan listed Trojan Agent/Gen-KRPYTIK. Attached is a Hijack this log. Thanks, Tommy hijackthis_Apr_29_2010.txt

Greetings sjpritch25, Thank you so very much for your assistance with cleaning my computer. I will work on the items you listed as post cleaning activities. So, where do I send your Christmas present? Regards, Tommy

Greetings sjpritch25, Nothing noticeable wrong with the way my PC is performing. The lastest Malwarebytes and McAfee virus scans show to be free of stuff. Regards, Tommy

Greetings sjpritch25, Kaspersky Online Scanner 7.0 Scan statistics Objects scanned: 100473 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 04:31:55 Scan beginning Scanning in progress (97%) Select the area for scanning in the Scan section of the left window part. Last start: 09.58.2009 21:10:812 Status: completed successfully Version: 7.0.26.13 Database date: 04.03.2009 04:10:00 Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600) SettingsScan computer for the presence of these threats: Viruses, worms, Trojans, rootkits Spyware, adware, dialers and other riskware Scan compound objects (not applicable for single files selected individually): Archives E-mail databases Regards, Tommy

Greetings sjpritch25, Working on it. I will post results when I have them. Regards, Tommy

Greetings sjpritch25, Here's the results: Junction v1.05 - Windows junction creator and reparse point viewer Copyright © 2000-2007 Mark Russinovich Systems Internals - http://www.sysinternals.com Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process. Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process. Failed to open \\?\c:\\System Volume Information: Access is denied. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... \\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 .\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e \\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\2.1.72.22__540d4816ead86321: JUNCTION Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.7 2.22_x-ww_a742e49 Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.7 2.22_x-ww_a742e49 \\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\2.1.72.22__540d4816ead86321: JUNCTION Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.22 _x-ww_c5eae641 Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.22 _x-ww_c5eae641 .. ... ... ... ... ... ... ... .ECHO is off. Regards, Tommy

Greetings sjpritch25, There seems to still be two items. First when I try to do something in MSCONFIG is gives me "An Access Denied Error...." message. Second after updating my MacAfee Virus last night and scanning again, the following file was detected as Generic PWS.y!zy Trojan. C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C9M7KX6B\lexus[1].exe I have had my PC disconnected from the internet from the time the infection started until last night, which is why COMBO Fix was unable to install the Recovery Console. I also updated MALWAREBYTES and reran a Quick Scan but nothing was flagged. Thank you for your assistance!! Regards, Tommy

Greetings sjpritch25, Thank you for taking the time to assist me. I do appreciate so very much. I ran both the COMBO FIX and HIJACKTHIS and attached the logs. I did not have the recovery console install at the time COMBO FIX ran, so I let it do as much without it as it could. I only ran it once. After it finished I ran HIJACKTHIS. FYI, the actual date of the infection was on August 24 and thus outside of the 30 day window for COMBO Fix on new files created. Again, thank you for your time!! Regards, Tommy ComboFix 09-10-11.01 - me 10/11/2009 23:27.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.266 [GMT -5:00] Running from: c:\documents and settings\me\Desktop\Combo-Fix.exe AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG c:\windows\Installer\170bb8.msp c:\windows\Installer\1eda70.msp c:\windows\Installer\73fd5.msp c:\windows\system32\drivers\etc\lmhosts c:\windows\system32\drivers\fad.sys . ((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-09 02:56 . 2009-09-09 12:38 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-26 13:26 . 2009-09-07 18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-10 19:54 . 2009-09-09 02:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 19:53 . 2009-09-09 02:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-09 12:38 . 2009-09-09 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-09-09 12:38 . 2009-09-09 12:38 -------- d-----w- c:\documents and settings\me\Application Data\SUPERAntiSpyware.com 2009-09-09 12:36 . 2009-09-07 17:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-07 18:13 . 2009-09-07 18:13 -------- d-----w- c:\documents and settings\me\Application Data\Malwarebytes 2009-09-07 18:13 . 2009-09-07 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-07 17:58 . 2009-09-07 17:57 -------- d-----w- c:\program files\Wise Registry Cleaner 2009-08-25 07:53 . 2003-07-24 15:03 -------- d-----w- c:\program files\Personal Communications 2009-08-05 09:11 . 2002-08-29 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-23 02:29 . 2007-03-21 01:28 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-07-17 18:55 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\atl.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767] "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-06-20 3901288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-09-19 294912] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-12-31 77824] "Mirabilis ICQ"="c:\progra~1\ICQ\ICQNet.exe" [2003-10-14 38984] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-01-13 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-01-13 114688] "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672] "Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire\Corel Photo Downloader.exe" [2006-08-04 462336] "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032] "BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-06-20 3901288] c:\documents and settings\me\Start Menu\Programs\Startup\ Monitor My eRooms.lnk - c:\program files\eRoom 6\ERClient.exe [2004-5-16 65586] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] VPN Dialer (OnStartup).lnk - c:\windows\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED.exe [2003-11-19 12288] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [09/04/2009 2:50 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [09/04/2009 2:49 PM 74480] R2 CVPNDRV;Cisco Systems Inc. IPSec Driver;c:\windows\SYSTEM32\DRIVERS\CVPNDrv.sys [09/03/2002 3:48 PM 263751] R2 pcscoax;3270 Coax Driver;c:\windows\SYSTEM32\DRIVERS\pcscoax.sys [07/24/2003 10:03 AM 30208] R3 pdlnampa;PDLC Adapter -- MultiProtocol Adapter;c:\windows\SYSTEM32\DRIVERS\pdlnampa.sys [07/24/2003 10:03 AM 88800] R3 pdlnatnm;Twinax Adapter Namakan;c:\windows\SYSTEM32\DRIVERS\pdlnatnm.sys [07/24/2003 10:03 AM 64512] R3 pdlnatsn;Twinax Adapter Snow;c:\windows\SYSTEM32\DRIVERS\pdlnatsn.sys [07/24/2003 10:03 AM 68608] R3 pdlnawac;PDLC Adapter -- WACType;c:\windows\SYSTEM32\DRIVERS\pdlnawac.sys [07/24/2003 10:03 AM 69296] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [09/04/2009 2:50 PM 7408] S3 Step;Cisco Systems VPN Adapter;c:\windows\SYSTEM32\DRIVERS\step.sys [07/24/2003 10:22 AM 75696] S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [06/05/2003 8:14 PM 15576] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}] rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\CChat25.inf,PerUserAdd.NT . Contents of the 'Scheduled Tasks' folder 2009-05-25 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-25 15:53] 2009-08-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-25 15:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ca.com/us/securityadvisor/virusinfo/signaturefiles/detail.aspx?cid=49737 mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyServer = ftp=internetpln.eds.com:81;gopher=internetpln.eds.com:81;http=dygdo11.sys.eds.co m:8010;https=dygdo11.sys.eds.com:8010 uInternet Settings,ProxyOverride = *.eds.com;207.37.65.19, *.hp.com uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm IE: {{9239E4EC-C9A6-11D2-A844-00C04F68D538} Trusted Zone: 0.0.0.0 Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: microsoft.com\v4.windowsupdate Trusted Zone: turbotax.com Trusted Zone: windowsupdate.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: EDS Host Link - hxxp://www.netconnect.eds.com/HostLink/NonPluginVersion/AuthApplet2000.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxps://int1.coe.eds.com/eRoomSetup/client.cab DPF: {785F7664-AD0E-4CBA-8F28-F6C485A9E648} - hxxps://usplspcig001.txpln.us.eds.com/pci/ebctrl.cab DPF: {E876D003-BCDE-11D3-9131-000094B61529} - hxxp://collaborate3.coe.eds.com/eroomsetup/client.cab . - - - - ORPHANS REMOVED - - - - HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-11 23:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????X:??????x???????X???????????????P???? ?w? ?w)??p????????(???q????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(940) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2009-10-12 23:46 ComboFix-quarantined-files.txt 2009-10-12 04:45 Pre-Run: 10,762,502,144 bytes free Post-Run: 11,260,383,232 bytes free 168 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:07:52 AM, on 10/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\ICQ\ICQ.exe C:\Program Files\Personal Communications\PCS_AGNT.EXE C:\Program Files\eRoom 6\ERClient.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\drivers\ldlcserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\McAfee\MPF\MPFSrv.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ca.com/us/securityadvisor/virus....aspx?cid=49737 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=internetpln.eds.com:81;gopher=internetpln.eds.com:81;http=dygdo11.sys.eds.co m:8010;https=dygdo11.sys.eds.com:8010 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eds.com;207.37.65.19, *.hp.com ;<local> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ME\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\prefs.js) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user') O4 - Startup: Monitor My eRooms.lnk = C:\Program Files\eRoom 6\ERClient.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VPN Dialer (OnStartup).lnk = ? O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: *.0.0.0.0 O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: EDS Host Link - http://www.netconnect.eds.com/HostLink/Non...hApplet2000.cab O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms33 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...72/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229436700390 O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - https://int1.coe.eds.com/eRoomSetup/client.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229436682906 O16 - DPF: {785F7664-AD0E-4CBA-8F28-F6C485A9E648} (Web Class) - https://usplspcig001.txpln.us.eds.com/pci/ebctrl.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instantservice.com/jars/customerxsigned35.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} (ERPageAddin Class) - http://collaborate3.coe.eds.com/eroomsetup/client.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...381/mcfscan.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: LocalSystem (ldlcserv) - Unknown owner - C:\WINDOWS\System32\drivers\ldlcserv.exe O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe Combo_Fix_log.txt

Hi, I was attempting to go to webmail.juno.com to logon to my email. Web page never loaded but rdl8B.tmp.exe did. McAfee Firewall notified me the rdl8B program was blocked from accessing the internet. I ran McAfee virus scan and it said it got rid of the bug but when I rebooted the bug was back. Bug has disabled SAFE BOOT MODE and SYSTEM RESTORE. I have ran MALWAREBYTES and SUPERANTISPYware and they and McAfee all now show a clean system after deleting various file, REG Keys, etc.. My questions are: 1) Is my system really clean now? 2) How do I get SAFE BOOT MODE and SYSTEM RESTORE enabled again? SAFE BOOT MODE failue error message: STOP: 0x0000007B (0xf8A4E528,0x0000034,0x00000000,0x00000000) MALWAREBYTES and SUPERANTISPYware logs from various runs: Malwarebytes' Anti-Malware 1.35 Database version: 1904 Windows 5.1.2600 Service Pack 2 09/07/2009 1:33:16 PM mbam-log-2009-09-07 (13-33-16).txt Scan type: Quick Scan Objects scanned: 84749 Time elapsed: 9 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 1 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\SYSTEM32\lowsec (Spyware.StolenData) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\~.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\lowsec\local.ds (Spyware.StolenData) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\lowsec\user.ds (Spyware.StolenData) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\logon.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\SYSTEM32\sdra64.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.40 Database version: 2551 Windows 5.1.2600 Service Pack 2 09/08/2009 9:55:41 PM mbam-log-2009-09-08 (21-55-41).txt Scan type: Quick Scan Objects scanned: 111060 Time elapsed: 17 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 2 09/26/2009 12:58:13 AM mbam-log-2009-09-26 (00-58-13).txt Scan type: Full Scan (C:\|) Objects scanned: 216261 Time elapsed: 3 hour(s), 44 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000190.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000191.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.41 Database version: 2916 Windows 5.1.2600 Service Pack 2 10/09/2009 4:08:48 AM mbam-log-2009-10-09 (04-08-46).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 219786 Time elapsed: 3 hour(s), 18 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/09/2009 at 09:01 AM Application Version : 4.28.1010 Core Rules Database Version : 4085 Trace Rules Database Version: 1978 Scan type : Complete Scan Total Scan Time : 01:20:44 Memory items scanned : 593 Memory threats detected : 0 Registry items scanned : 6809 Registry threats detected : 2 File items scanned : 55983 File threats detected : 81 Rootkit.Agent/Gen-Rustock[KBI] HKLM\system\controlset001\services\kbiwkmxwkkmbim C:\WINDOWS\SYSTEM32\DRIVERS\KBIWKMOYMETNOM.SYS HKLM\system\controlset002\services\kbiwkmxwkkmbim Adware.Tracking Cookie C:\Documents and Settings\me\Cookies\me@statse.webtrendslive[1].txt .atwola.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .at.atwola.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .specificclick.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .specificclick.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .specificclick.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .specificclick.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .specificclick.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .specificclick.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .specificclick.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .specificclick.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .specificclick.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .interclick.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .interclick.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .realmedia.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .realmedia.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .realmedia.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .realmedia.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .realmedia.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .atdmt.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .atdmt.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .advertising.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .advertising.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .advertising.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .advertising.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .advertising.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .bs.serving-sys.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .serving-sys.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] ar.atwola.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .revsci.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .imrworldwide.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .hitbox.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .ehg-verizonbusiness.hitbox.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .iacas.adbureau.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .iacas.adbureau.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .iacas.adbureau.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .iacas.adbureau.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .iacas.adbureau.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .iacas.adbureau.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .zedo.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .zedo.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .zedo.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .adopt.euroclick.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .adrevolver.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .bravenet.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .edge.ru4.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .edge.ru4.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .apmebf.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .kontera.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .kontera.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .adbrite.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .adbrite.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .adbrite.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .adbrite.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .tribalfusion.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] sitestat.mayoclinic.com [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .2o7.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .2o7.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .2o7.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .2o7.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .2o7.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .2o7.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .2o7.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .2o7.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] .2o7.net [ C:\Documents and Settings\me\Application Data\Mozilla\Profiles\default\2gxp6qjf.slt\cookies.txt ] C:\Documents and Settings\me\Cookies\me@revsci[1].txt SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/25/2009 at 08:59 PM Application Version : 4.28.1010 Core Rules Database Version : 4085 Trace Rules Database Version: 1978 Scan type : Complete Scan Total Scan Time : 03:11:51 Memory items scanned : 631 Memory threats detected : 0 Registry items scanned : 6810 Registry threats detected : 0 File items scanned : 75493 File threats detected : 1 Adware.Vundo/Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3\A0000190.DLL SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/25/2009 at 01:45 PM Application Version : 4.28.1010 Core Rules Database Version : 4085 Trace Rules Database Version: 1978 Scan type : Complete Scan Total Scan Time : 02:42:28 Memory items scanned : 582 Memory threats detected : 0 Registry items scanned : 6808 Registry threats detected : 0 File items scanned : 75467 File threats detected : 5 Rootkit.Agent/Gen-KBI C:\WINDOWS\SYSTEM32\KBIWKMNQFJKVTR.DLL C:\WINDOWS\SYSTEM32\KBIWKMWURQHTMM.DLL C:\WINDOWS\SYSTEM32\KBIWKMPFNDFPUJ.DAT Trojan.Agent/Gen C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8DARKL23\DARKSIDE[1].EXE C:\WINDOWS\TEMP\RDL8B.TMP.TEXE SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/26/2009 at 12:39 PM Application Version : 4.28.1010 Core Rules Database Version : 4123 Trace Rules Database Version: 1978 Scan type : Complete Scan Total Scan Time : 01:45:55 Memory items scanned : 228 Memory threats detected : 0 Registry items scanned : 6837 Registry threats detected : 0 File items scanned : 75548 File threats detected : 0