Jump to content

sparky741

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

0 Neutral
  1. OK! Done, done, and done. Computer has been running great, pop up and redirect free I even noticed some things load much faster since the MVPS hosts file is in place. Thank you again for all your help.
  2. OK, latest MBAM log here: Malwarebytes' Anti-Malware 1.44 Database version: 3552 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/12/2010 11:31:09 PM mbam-log-2010-01-12 (23-31-09).txt Scan type: Quick Scan Objects scanned: 130492 Time elapsed: 6 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hopefully, that is it. What exactly was that infected file do you think?
  3. Yes! That seemed to do the trick. No more search redirects and no more pop-ups. Although I forgot to put the instruction after the command to have it generate a log file, I believe it found 1 file infected. It wasn't atapi.sys, it was something like navrm.sys? I feel much relieved now, but I guess I'm looking for any further suggestions to make sure my computer is clean. I happened to find a website that has a nice vulnerability scanner that alerts you to outdated software at http://secunia.com/software_inspector, which I ran and took care of anything that needed to be updated. Thank you again for your assistance, SpySentinel. Any last things you would like me to do before we wrap things up?
  4. Oh, one more thing I forgot to add this morning, the pop-ups I am getting are going to a websitesurvey.com. I have read posts of other people with the same problem as being the result of an infected atapi.sys file. Some of them had the issue resolved by running TDSSKiller. Should I do the same?
  5. GooredFix ran and here is the log: GooredFix by jpshortstuff (08.01.10.1) Log created at 10:54 on 10/01/2010 (user) Firefox version 3.5.7 (en-US) ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [07:44 29/03/2008] {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [15:17 20/12/2008] {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [03:19 01/07/2009] {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [23:51 04/08/2009] {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [22:20 03/11/2009] C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\2kcybcpx.default\extensions\ {07b2a769-ed19-4483-87ce-c643914c81bb} [22:33 12/12/2009] {20a82645-c095-46ed-80e3-08825760534b} [05:11 10/11/2009] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [05:24 22/08/2009] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [15:17 20/12/2008] -=E.O.F=-
  6. OK, here is the log: exeHelper by Raktor Build 20091220 Run at 22:55:21 on 01/07/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished--
  7. Alright, I ran Combofix, but it did not seem to produce the log. I did not find a c:\combofix.txt file after it supposedly finished. I let it run and walked away from the computer so I did not see what all happened as it did the scan. I don't know how much it will matter as the redirects and pop-ups are still here, so if Combofix did remove them, they came right back. What should we try next?
  8. OK, got the old version of Adobe Reader off and installed latest version. Search engine redirects and pop-ups are still here. What should we try next?
  9. OK, ran OTL with the above fix. Here is the log. All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls deleted successfully. File pInit_DLLs: C:\WINDOWS\system32\kbdsock.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\tiromafek deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b950c87c-80b2-4140-bda5-25c7397d91e5}\ deleted successfully. File c:\windows\system32\kokihove.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\gahurihor not found. File c:\windows\system32\kokihove.dll not found. ========== FILES ========== File\Folder C:\WINDOWS\system32\kbdsock.dll not found. File\Folder c:\windows\system32\kokihove.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Krissy ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Makayla ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 3584 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: user ->Temp folder emptied: 100494590 bytes ->Temporary Internet Files folder emptied: 252962 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 29314555 bytes ->Apple Safari cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 1323886 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1000 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 21131616 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 146.00 mb OTL by OldTimer - Version 3.1.20.1 log created on 01022010_213826 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ======================================================== Tried to uninstall Acrobat 8.1.2, but it gave me an error. It says "Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient access to that key, or contact your support personnel." What does that mean? Looks like something is preventing Adobe from being removed. Suggestions?
  10. and the info file... info.txt logfile of random's system information tool 1.06 2010-01-02 00:32:39 ======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\mrun32.isu -->MsiExec.exe /I{3075C5C3-0807-4924-AF8F-FF27052C12AE} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B27CF766-C0B4-4591-9E7C-832CD1CE7466}\Setup.exe" -uninst -f"" -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 42 Bit Scanner-->C:\PROGRA~1\42BITS~1\UNWISE.EXE C:\PROGRA~1\42BITS~1\INSTALL.LOG Acoustica CD/DVD Label Maker-->C:\Program Files\Acoustica CD Label Maker\cdlabel.exe UNINSTALL Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log AIM 6.0-->C:\Program Files\AIM6\uninst.exe AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07} AOL Instant Messenger-->C:\Program Files\Netscape\Communicator\Program\AIM\uninstll.exe -LOG= C:\Program Files\Netscape\Communicator\Program\AIM\install.log -OEM= Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9 ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe" ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7} Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Barbie Girls-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{16B18999-56D7-4E8F-A40C-385E68A6D0CD} Barbie Video Phone-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Kiddesign\Barbie Video Phone\DeIsL1.isu" -c"C:\Program Files\Kiddesign\Barbie Video Phone\_ISREG32.DLL" Bejeweled 2 Deluxe-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log" Bejeweled Twist
  11. And the others... Logfile of random's system information tool 1.06 (written by random/random) Run by user at 2010-01-02 01:06:33 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 94 GB (62%) free of 153 GB Total RAM: 2046 MB (63% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:06:34 AM, on 1/2/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Galleon\bin\Wrapper.exe C:\WINDOWS\system32\java.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\libusbd-nt.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Photodex\ProShow\ScsiAccess.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\HPHipm11.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\user\My Documents\RSIT\RSIT.exe E:\user.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O1 - Hosts: ::1 localhost O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [startUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ekscksmy] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\wldvul\bnaksysguard.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [startUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...w.viewpoint.com O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://msn.worldwinner.com/games/v47/share...GamesLoader.cab O16 - DPF: {26AFD6EF-C017-4063-B2B1-E515DE98A1B7} - http://download.kodak.com/digital/software...2_1/install.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620...meInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121528966730 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124135944485 O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/bejew...eweledtwist.cab O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://ak.g.gametap.com/static/cab_headles...pWebUpdater.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/user/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v10.cab O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - http://preview.ksweitzer.photosite.com/~si...oadBox_live.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab? O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: tiromafek - {b950c87c-80b2-4140-bda5-25c7397d91e5} - c:\windows\system32\kokihove.dll (file missing) O22 - SharedTaskScheduler: gahurihor - {b950c87c-80b2-4140-bda5-25c7397d91e5} - c:\windows\system32\kokihove.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Galleon - Unknown owner - C:\Program Files\Galleon\bin\Wrapper.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow\ScsiAccess.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 13487 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\HP Usg Daily.job C:\WINDOWS\tasks\HP Usg Login.job C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job C:\WINDOWS\tasks\Tune-up Application Start.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864] "JMB36X Configure"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-10-30 1953792] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416] "HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2006-01-06 348160] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2003-03-23 151597] "AsusStartupHelp"=C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe [2006-11-14 363008] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe [2003-10-06 684032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe [2007-03-14 24576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\calc] C:\WINDOWS\system32\calc.dll,_IWMPEvents@0 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe [2001-11-21 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1132011651\ee\AOLHostManager.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe [2002-06-13 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau] C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [2004-11-22 1126400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe [2005-05-04 100056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2003-03-23 151597] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA] C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe [2005-03-28 28616] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AdSubtract.lnk] C:\PROGRA~1\ADSUBT~1\adsub.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BitWare Print Monitor.lnk] C:\BITWARE\NT\bwprnmon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk] C:\PROGRA~1\BRODER~1\PRINTM~1\PMremind.exe [2001-02-23 323584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MI1933~1\Office\OSA9.EXE [2000-01-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ALG"=3 "C-DillaCdaC11BA"=2 "SymWSC"=2 "SNDSrvc"=3 "Norton Ghost"=2 "iPod Service"=3 C:\Documents and Settings\All Users\Start Menu\Programs\Startup Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\system32\kbdsock.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2007-12-20 122880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\System32\upnpui.dll [2008-04-13 239616] tiromafek - {b950c87c-80b2-4140-bda5-25c7397d91e5} - c:\windows\system32\kokihove.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] gahurihor - {b950c87c-80b2-4140-bda5-25c7397d91e5} - c:\windows\system32\kokihove.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableProfileQuota"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoSetActiveDesktop"=0 "NoActiveDesktopChanges"=0 "NoDriveAutoRun"=55924053 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoSetActiveDesktop"= "NoActiveDesktopChanges"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Juno\bin\juno.exe"="C:\Program Files\Juno\bin\juno.exe:*:Enabled:Juno" "C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe"="C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe:*:Enabled:AOL Instant Messenger" "C:\Program Files\Galleon\bin\galleon.exe"="C:\Program Files\Galleon\bin\galleon.exe:*:Enabled:Galleon" "C:\Program Files\Galleon\bin\gui.exe"="C:\Program Files\Galleon\bin\gui.exe:*:Enabled:Galleon" "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax" "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Galleon\bin\Wrapper.exe"="C:\Program Files\Galleon\bin\Wrapper.exe:*:Enabled:Galleon" "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server" "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server" "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui" "C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2010-01-02 00:32:28 ----D---- C:\rsit 2009-12-31 00:52:03 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt 2009-12-31 00:51:49 ----D---- C:\_OTL 2009-12-28 19:46:02 ----D---- C:\Documents and Settings\user\Application Data\Windows Search 2009-12-28 18:50:07 ----D---- C:\WINDOWS\system32\NtmsData 2009-12-27 18:19:57 ----SD---- C:\ComboFix 2009-12-25 08:22:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2009-12-25 03:17:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2009-12-25 03:16:54 ----D---- C:\Program Files\Microsoft Sync Framework 2009-12-25 03:14:40 ----D---- C:\Program Files\Microsoft 2009-12-25 03:14:20 ----D---- C:\Program Files\Windows Live SkyDrive 2009-12-25 03:10:05 ----D---- C:\Program Files\Common Files\Windows Live 2009-12-20 23:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-12-20 23:15:24 ----D---- C:\Program Files\QuickTime 2009-12-09 02:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-09 02:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-09 02:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-09 02:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-09 02:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2009-12-05 00:28:06 ----D---- C:\Documents and Settings\user\Application Data\InfraRecorder 2009-12-05 00:27:56 ----D---- C:\Program Files\InfraRecorder ======List of files/folders modified in the last 1 months====== 2010-01-02 00:59:58 ----D---- C:\WINDOWS\Temp 2010-01-02 00:52:23 ----D---- C:\Program Files\Mozilla Firefox 2010-01-02 00:31:46 ----SD---- C:\WINDOWS\Tasks 2010-01-02 00:27:44 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-02 00:15:27 ----D---- C:\WINDOWS\system32 2010-01-01 23:52:57 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-01 22:53:05 ----D---- C:\WINDOWS\Prefetch 2010-01-01 20:43:23 ----D---- C:\WINDOWS 2010-01-01 20:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$ 2010-01-01 20:41:46 ----D---- C:\WINDOWS\system32\drivers 2010-01-01 20:40:24 ----RD---- C:\Program Files 2010-01-01 20:13:29 ----D---- C:\Program Files\Common Files\Adobe 2010-01-01 20:13:29 ----D---- C:\Program Files\Adobe 2010-01-01 20:12:41 ----SHD---- C:\WINDOWS\Installer 2010-01-01 20:12:09 ----D---- C:\Program Files\Common Files\Motorola Shared 2010-01-01 20:11:10 ----D---- C:\Program Files\Motorola Phone Tools 2010-01-01 20:08:57 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-01 20:08:47 ----HD---- C:\WINDOWS\inf 2010-01-01 20:08:47 ----HD---- C:\Program Files\InstallShield Installation Information 2010-01-01 20:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$ 2010-01-01 19:58:27 ----SHD---- C:\System Volume Information 2010-01-01 19:58:27 ----D---- C:\WINDOWS\system32\Restore 2010-01-01 19:53:23 ----A---- C:\WINDOWS\win.ini 2009-12-31 19:27:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-31 16:34:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-31 00:51:57 ----D---- C:\Program Files\Common Files 2009-12-31 00:45:38 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint 2009-12-30 02:49:00 ----D---- C:\Temp 2009-12-29 17:49:28 ----D---- C:\Program Files\GetRight 2009-12-28 19:46:03 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft 2009-12-27 18:20:06 ----D---- C:\WINDOWS\ERDNT 2009-12-25 21:53:42 ----D---- C:\sysclean 2009-12-25 06:18:10 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-25 03:21:42 ----D---- C:\WINDOWS\AppPatch 2009-12-25 03:17:15 ----D---- C:\Program Files\Windows Live 2009-12-25 03:16:55 ----D---- C:\WINDOWS\WinSxS 2009-12-25 03:16:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-12-25 03:14:26 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-12-20 23:18:11 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-12-20 23:18:10 ----D---- C:\Program Files\iTunes 2009-12-20 23:17:28 ----D---- C:\Program Files\iPod 2009-12-20 23:17:25 ----D---- C:\Program Files\Common Files\Apple 2009-12-20 23:07:33 ----D---- C:\Program Files\Safari 2009-12-09 20:48:45 ----D---- C:\WINDOWS\Debug 2009-12-09 07:42:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-09 02:20:25 ----D---- C:\Program Files\Internet Explorer 2009-12-09 02:20:18 ----D---- C:\WINDOWS\ie8updates 2009-12-06 18:33:07 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$ 2009-12-05 00:07:20 ----D---- C:\Program Files\CDBurnerXP ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-20 2843136] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-06-02 99856] R3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2006-01-06 50896] R3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2006-01-06 16112] R3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2006-01-06 50276] R3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2006-01-06 18928] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272] R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016] R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [] S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808] S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-10-06 25930] S3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248] S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-10-06 30662] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168] S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2008-04-03 22768] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-20 512000] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-02-19 233472] R2 Galleon;Galleon; C:\Program Files\Galleon\bin\Wrapper.exe [2008-11-10 204800] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-27 1028432] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-08-22 73728] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096] R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShow\ScsiAccess.exe [2008-03-23 181312] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736] R3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2006-01-06 77824] S2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [] S4 Norton Ghost;Norton Ghost; C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe [2004-11-22 1273856] S4 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552] S4 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544] -----------------EOF-----------------
  12. Spoke too soon. Just as I thought everything was squeaky clean, I had another infection occur as I was ordering a pizza online McAfee went nuts and one of those imposter virus scanners appeared. I was able to kill the process, something like is2010.exe, and run MBAM immediately. Log is below. FWIW, I also ran a SuperAntiSpyware scan too and it removed a couple items. Afterward, I ran the the TFC and RSIT you suggested above. How do these things keep coming back? Malwarebytes' Anti-Malware 1.43 Database version: 3471 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/1/2010 8:40:24 PM mbam-log-2010-01-01 (20-40-24).txt Scan type: Quick Scan Objects scanned: 129233 Time elapsed: 6 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 1 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 18 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\kbdsock.dll (Spyware.Passwords) -> Delete on reboot. Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ekscksmy (Trojan.FakeAlert.N) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully. Files Infected: C:\ovqac.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mshlps.dll (Spyware.Passwords) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kbdsock.dll (Spyware.Passwords) -> Delete on reboot. C:\WINDOWS\system32\hszrf8t3e2.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winhelper86.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winlogon86.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\3718715338.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\5fdef45d.exe (Spyware.Passwords) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\h2regdd.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\win16.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully. C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\dfgdgdfgrgdgfdrdfs.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. And SuperAntiSpyware: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/02/2010 at 00:14 AM Application Version : 4.29.1002 Core Rules Database Version : 4438 Trace Rules Database Version: 2263 Scan type : Quick Scan Total Scan Time : 00:21:59 Memory items scanned : 563 Memory threats detected : 0 Registry items scanned : 690 Registry threats detected : 0 File items scanned : 23003 File threats detected : 72 Adware.Tracking Cookie C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.pointroll[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.pointroll[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[3].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[3].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[4].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.adfrontiers[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@bridge2.admarketplace[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@overture[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[5].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[4].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@overture[3].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[6].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[5].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@admarketplace[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@2o7[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@2o7[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@redorbit[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@click.fastpartner[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@burstnet[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@atlas.entrepreneur[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@insightexpressai[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@bs.serving-sys[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.redorbit[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[3].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[4].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@realmedia[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@t.lynxtrack[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@content.yieldmanager[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@content.yieldmanager[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@content.yieldmanager[3].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[6].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[5].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@fastclick[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[5].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@revsci[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[6].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[3].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[4].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@tacoda[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@tribalfusion[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@www.burstnet[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@at.atwola[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@serving-sys[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@network.realmedia[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickpayz5.91462.blueseek[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickpayz7.91462.blueseek[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickpayz2.91462.blueseek[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickpayz1.91462.blueseek[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@imrworldwide[3].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@collective-media[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@imrworldwide[4].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickpayz9.91462.blueseek[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickpayz7.91462.blueseek[3].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.mtvnservices[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@advertising[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.mtvnservices[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickthrough.kanoodle[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@imrworldwide[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@pointroll[3].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@pointroll[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@collective-media[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickthrough.kanoodle[1].txt Rogue.Agent/Gen-Nullo[DLL] C:\WINDOWS\SYSTEM32\DIMCES.DLL C:\WINDOWS\SYSTEM32\RTCSSES.DLL Rogue.Agent/Gen-Nullo[EXE] C:\WINDOWS\SYSTEM32\MAWUWAHA.EXE
  13. OK, ran fix and it looks as though the Google redirects have been fixed. I will re-post if the random pop-ups still happen, but it looks as if I am good to go! Do you need me to run any other scans of any kind to verify that I am in the clear? Thank you again for your help
  14. OK, Kaspersky report is ready: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, December 31, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, December 31, 2009 22:11:15 Records in database: 3420436 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan statistics: Objects scanned: 126234 Threats found: 2 Infected objects found: 1 Suspicious objects found: 8 Scan duration: 02:07:52 File name / Threat / Threats count C:\Documents and Settings\user\Application Data\Identities\{C91BDC6B-583B-4853-92CE-A39536F4C71E}\Microsoft\Outlook Express\2002.dbx Infected: Email-Worm.Win32.Magistr.a 1 C:\Documents and Settings\user\Application Data\Identities\{C91BDC6B-583B-4853-92CE-A39536F4C71E}\Microsoft\Outlook Express\2005.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 3 C:\Documents and Settings\user\Application Data\Identities\{C91BDC6B-583B-4853-92CE-A39536F4C71E}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\My Real Box\Inbox\339E41D8-0000000B.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\2005\01CE06AA-00000353.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\2005\0D463A68-00000352.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\2005\7F0B3A05-0000036D.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1 Selected area has been scanned.
  15. Thank you! Happy New Year to you too. MBAM downloaded the updates and Quick Scan was run and came up clean. Here is the log: Malwarebytes' Anti-Malware 1.43 Database version: 3465 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/31/2009 4:41:41 PM mbam-log-2009-12-31 (16-41-41).txt Scan type: Quick Scan Objects scanned: 129311 Time elapsed: 6 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Kaspersky scan is running and results will be posted when it is finished.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.