DayDreams

Hi, Lately, or actually for a while my computer has, at random times started using a lot of memory to run "wuauclt.exe" after a google search I discovered this was a normal windows update feature that scans for the updates. Only thing is I have my scan set to do it once a week on Sunday's at around 3am. Thus I was wondering why it was doing it during the week at random times. Also worth mentioning is that at random times (not sure if it is related) a blank program will pop up in the button start menu bar, but it wont have any text and remains for only two seconds before disappearing. Sorry if that's to vague. Malware bytes scans come up clean everytime. I searched to see if I had any extra programs that were un-needed also named "wuauclt.exe" My search got these *attached* results. Don't know if any of those are not necessary. The reason I ask for help is that it is annoying to have the computer totally freeze up for a while because it is running this update process. Thanks, Day MB Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4897 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/20/2010 9:18:51 PM mbam-log-2010-10-20 (21-18-51).txt Scan type: Quick scan Objects scanned: 204255 Time elapsed: 8 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) untitled.bmp

Svchost wuauclt

Nope, Everything seems to be fine only did it that one time. BTW: at random times these two processes go crazy and lag the computer. It only lasts for about 5min at most.

Before moving on to the step you just gave me I wanted to inform you that just now my computer randomly turned off without me doing anything. I was the only user logged in and the only programs I had opened were Google Chome open to Gamefaqs.com and Microsoft Word

Ok, I deleted those files. Is that everything?

I decided to scan tonight and watch a movie while it ran. Here are all 4 of the requested logs. Attach.txt DDS.txt ESET.txt log.txt

Ok, this is making me angry. 2 days ago I ran the combofix, and I have the log. Then I tried to run ESET scanner 2 times, but both times I left it running and I came back and my sister had closed the log. I'm going to run it again tonight and dds tomorrow. I wanted to post because I might have gotten another virus. My computer has never said this before: We can deal with that ^^ if needed after you review the logs I shall hopefully have soon.

All 3 logs you requested are below and combofix seemed to run smoothly. I was also wondering what kind of virus the mywebsearch was and what it was doing? log.txt DDS.txt Attach.txt

Here is the scan results, and I'm really mad about it too. Just this past week I noticed my little 7 year old brother had somehow managed to get this mywebsearch thing on his internet explorer. I knew it was bad news, and I've told him countless times not to go to flash game sites because they will often give you viruses. Kind of makes me mad, but here you go. C:\Documents and Settings\Benjamin\My Documents\Downloads\CursorManiaSetup2.3.67.1.ZCman000 (1).exe a variant of Win32/Toolbar.MyWebSearch.K application C:\Documents and Settings\Benjamin\My Documents\Downloads\CursorManiaSetup2.3.67.1.ZCman000.exe a variant of Win32/Toolbar.MyWebSearch.K application C:\Documents and Settings\Laura\My Documents\Downloads\CursorManiaSetup2.3.67.1.ZCman000.exe a variant of Win32/Toolbar.MyWebSearch.K application C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL Win32/Adware.FunWeb application C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL Win32/Adware.FunWeb application C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL Win32/Toolbar.MyWebSearch.G application C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Win32/Toolbar.MyWebSearch.B application C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Win32/Adware.FunWeb application C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL Win32/Toolbar.MyWebSearch.G application C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL Win32/Toolbar.MyWebSearch.D application C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE Win32/Adware.FunWeb application C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL Win32/Toolbar.MyWebSearch.H application C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL Win32/Toolbar.MyWebSearch.I application C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Win32/Toolbar.MyWebSearch.J application C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE Win32/Toolbar.MyWebSearch.I application C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Win32/Toolbar.MyWebSearch.J application C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1717\A0269307.sys:1 a variant of Win32/Sirefef.A trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1723\A0269936.sys:1 a variant of Win32/Sirefef.A trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1724\A0270934.sys:1 a variant of Win32/Sirefef.A trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1726\A0271931.sys:1 a variant of Win32/Sirefef.A trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1731\A0272214.sys:1 a variant of Win32/Sirefef.A trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1732\A0272269.sys:1 a variant of Win32/Sirefef.A trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1735\A0272313.sys:1 a variant of Win32/Sirefef.A trojan C:\WINDOWS\SYSTEM32\f3PSSavr.scr Win32/Toolbar.MyWebSearch application C:\WINDOWS\SYSTEM32\vybeg.bak1 Win32/Adware.Virtumonde.NEO application C:\WINDOWS\SYSTEM32\vybeg.bak2 Win32/Adware.Virtumonde.NEO application C:\WINDOWS\SYSTEM32\vybeg.ini Win32/Adware.Virtumonde.NEO application C:\WINDOWS\SYSTEM32\vybeg.ini2 Win32/Adware.Virtumonde.NEO application C:\WINDOWS\SYSTEM32\vybeg.tmp Win32/Adware.Virtumonde.NEO application Operating memory multiple threats

Hey, after downloading the Java that you linked to the website still says get a version of Java over 1.5, even when on internet explorer

sorry for not getting back to you. Hopefully I'll get it tomorrow because today I have a poster project to do for my English class

Following your instructions forced me to download IE8 which I had previously un-installed due to redirection virus. After trying to run the scan on IE8 I got this message... After seeing if IE8 still got redirected I went to google and typed in "gamestop". It brought up the page could not be found. Which leads me to believe that there is something screwed up with my IE8 (did I mention I hate it).

I got the dds logs, but Kaspersky did this... (apparently I need Safari??) Attach: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 4/20/2005 10:50:11 AM System Uptime: 5/23/2010 8:42:57 AM (5 hours ago) Motherboard: Dell Inc. | | 0R7935 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 71 GiB total, 47.408 GiB free. D: is CDROM (CDFS) E: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1716: 5/22/2010 6:06:38 PM - System Checkpoint RP1717: 5/23/2010 3:00:21 AM - Software Distribution Service 3.0 RP1718: 5/23/2010 8:58:25 AM - Removed Java 2 Runtime Environment, SE v1.4.2_03 RP1719: 5/23/2010 8:59:31 AM - Removed Java SE Development Kit 6 Update 12 RP1720: 5/23/2010 1:05:02 PM - Removed Java 6 Update 7 RP1721: 5/23/2010 1:05:47 PM - Removed Macromedia Flash Player ==== Installed Programs ====================== 23_24_2500Tour 2400 2400_2500Help 2400_2500trb Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 9.3.2 Adobe Shockwave Player 11.5 Adobe Stock Photos 1.0 AiO_Scan AiOSoftware Amazon Kindle For PC v1.1 AoA Audio Extractor 1.0 Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.2.6 Backyard Skateboarding Bonjour Broadcom Management Programs BufferChm Cheat Engine 5.5 Comcast High-Speed Internet Install Wizard Conexant D110 MDC V.9x Modem Copy CreataCard Gold 3 CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CueTour Dell Driver Reset Tool Dell System Restore Deployment Manager Destinations Director DocProc DocumentViewer FarmVilleBot 1.3.3.1 FarmVilleBot 2.0 Fax GdiplusUpgrade Google Chrome Google Update Helper Google Updater HijackThis 1.99.1 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Diagnostic Assistant HP Image Zone 4.2 HP PSC & OfficeJet 4.2 HP Software Update HPSystemDiagnostics HyperCam 2 InstantShare Intel® Graphics Media Accelerator Driver InterActual Player Internet Explorer Default Page iTunes Java Auto Updater Java DB 10.4.1.3 Java 6 Update 20 Learn2 Player (Uninstall Only) Line Rider Logitech Audio Echo Cancellation Component Malwarebytes' Anti-Malware ManyCam 2.4 (remove only) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Access 2002 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Digital Image Library 9 - Blocker Microsoft Digital Image Standard 2006 Microsoft Digital Image Standard 2006 Editor Microsoft Digital Image Standard 2006 Library Microsoft IntelliPoint 5.3 Microsoft IntelliType Pro 5.3 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Office Professional Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) MVision My Way Search Assistant My Web Search (Cursor Mania) Octoshape Streaming Services OGA Notifier 2.0.0048.0 overland PCFriendly PhoTags Express PhotoGallery PrintScreen ProductContext QFolder QuickProjects QuickTime Readme Scan Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980232) SkinsHP1 Spelling Dictionaries Support For Adobe Reader 9 Spyware Doctor 7.0 System Requirements Lab TrayApp Tweak UI Uninstall Dual Mode Camera Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB969497) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB 2.0 Wireless LAN Card Utility Viewpoint Media Player WebFldrs XP WebReg Windows Defender Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 WinRAR archiver WM Converter 2.0 XML Paper Specification Shared Components Pack 1.0 Xvid 1.1.3 final uninstall Yahtzee YouTube Downloader 2.5.4 ==== Event Viewer Messages From Past Week ======== 5/23/2010 8:43:52 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 5/22/2010 8:16:34 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 5/22/2010 8:16:34 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 5/22/2010 6:04:46 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file '{29F8DDC1- .. C3C1298FF}' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 5/22/2010 11:51:00 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/22/2010 11:50:56 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 5/20/2010 2:43:11 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/20/2010 2:43:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect. 5/20/2010 2:43:00 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 5/19/2010 6:35:49 AM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified. 5/19/2010 6:35:49 AM, error: Service Control Manager [7000] - The DP1112 service failed to start due to the following error: The system cannot find the file specified. ==== End Of File =========================== DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Benjamin at 13:18:47.93 on Sun 05/23/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.509.228 [GMT -4:00] AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Documents and Settings\Benjamin\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZCman000&ptb=U7wka2VELyPIW3C0pWIOFQ uWindow Title = Windows Internet Explorer provided by Comcast mStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL mWinlogon: Userinit=c:\windows\system32\Userinit.exe BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.0.0.1213 StartupFolder: c:\docume~1\benjamin\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe uPolicies-system: EnableProfileQuota = 1 (0x1) IE: &Search - http://edits.mywebsearch.com/toolbaredits/...mp;n=2010052309 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: facebook.com\www DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll Hosts: 192.168.1.100 HP0015604A1BAC ============= SERVICES / DRIVERS =============== R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2006-10-10 30820] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-23 207280] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] S2 DP1112;DP1112;\??\c:\windows\system32\drivers\dp.sys --> c:\windows\system32\drivers\DP.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-23 133104] S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2010-5-23 28762] S3 68190f73-0883-459e-818e-79bc83ccb4c8;68190f73-0883-459e-818e-79bc83ccb4c8;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-22 34248] S3 pnicml;pnicml;\??\c:\docume~1\laura\locals~1\temp\pnicml.sys --> c:\docume~1\laura\locals~1\temp\pnicml.sys [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-23 358600] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-11-23 1141200] S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2005-4-11 57344] =============== Created Last 30 ================ 2010-05-23 13:08:25 32768 -c--a-w- c:\windows\system32\f3PSSavr.scr 2010-05-23 13:08:25 0 dc----w- c:\program files\FunWebProducts 2010-05-23 13:08:24 0 dc----w- c:\program files\MyWebSearch 2010-05-20 01:10:37 0 dc----w- c:\program files\Amazon 2010-05-09 18:56:15 0 dc----w- c:\program files\common files\Symantec Shared 2010-05-09 14:43:26 0 dc----w- c:\program files\Norton Security Scan 2010-05-09 14:43:26 0 dc----w- c:\docume~1\alluse~1\applic~1\Symantec 2010-05-09 14:43:26 0 dc----w- c:\docume~1\alluse~1\applic~1\Norton 2010-05-09 14:43:23 0 dc----w- c:\docume~1\alluse~1\applic~1\NortonInstaller ==================== Find3M ==================== 2010-05-12 15:21:16 221568 -c----w- c:\windows\system32\MpSigStub.exe 2010-04-12 21:29:19 411368 -c--a-w- c:\windows\system32\deployJava1.dll 2010-04-10 15:48:27 104174 -c--a-w- c:\windows\hpoins04.dat 2010-03-30 04:46:30 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-30 04:45:52 20824 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-03-13 13:35:24 69 -c--a-w- c:\documents and settings\benjamin\jagex_runescape_preferences2.dat 2010-03-13 13:32:50 41 -c--a-w- c:\documents and settings\benjamin\jagex_runescape_preferences.dat 2010-03-10 06:15:52 420352 -c--a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 -c--a-w- c:\windows\system32\wininet.dll 2008-05-30 18:52:16 56 -csh--r- c:\windows\system32\2B5BCE7350.sys 2008-05-30 18:52:17 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys 2006-08-01 11:29:00 1074401 -csha-w- c:\windows\system32\vybeg.bak1 2006-08-01 20:47:51 1153967 -csha-w- c:\windows\system32\vybeg.bak2 2006-08-02 00:56:53 1153755 -csha-w- c:\windows\system32\vybeg.ini2 2009-06-11 15:28:25 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-05-18 18:24:27 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090519\index.dat ============= FINISH: 13:19:32.11 ===============

Before I follow your instructions I wanted to let you know that when I woke up (5min ago) the computer was off so I turned it on and upon logging in it showed the green shield (Which I assume means all the updates were downloaded automatically) and also this... I wouldn't worry too much about this because I was the one that made a few changes to it about 2 months ago because some wierd things were running in startup and I stopped them...

Apart from the log I just posted I wanted to let you know that I got back on my computer to watch some MW2 gameplay and I noticed the yellow shield (update) at the bottom right. Upon clicking it I discovered 39 new updates were needed. I was wondering if those had been blocked by the virus or ??