Jump to content

lpales

Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by lpales

  1. Got 'er all cleaned up. Thanks again - and I'm serious about the blessings - and have a great day.
  2. Things are a LOT better. Google functions (yea!!!) and it's much faster. What can I do to help keep my computer clean (aside from grounding the kids indefinitely)? Spyware Doctor is my main program, but I also run Malwarebytes, CC Cleaner and Windows OneCare on a weekly basis. I try to keep things clean but I'm obviously missing something.
  3. Looks like the logs didn't post. I'm going to upload them again. mbam_log_2010_10_18__16_57_22_.txt KasReport.txt
  4. No, thank YOU for sticking with it! I sure hope you get some sort of payment for all the time you put in. If not, then I sure hope God blesses you in many ways. Here are the logs:
  5. ComboFix worked as "Laura.com". It did tell me that Spyware Doctor was running even though I disabled it so I totally shut it down. It also found a rootkit issue and forced a re-boot. Here's the log. log.txt
  6. OK, I found it but there were 3 files total with today's date. I think I may have run it twice when I was searching for the log file but I'm not sure why there are 3 files. TDSSKiller.2.4.4.0_17.10.2010_22.09.07_log.txt TDSSKiller.2.4.4.0_17.10.2010_22.11.30_log.txt TDSSKiller.2.4.4.0_17.10.2010_22.13.29_log.txt
  7. I can't find the log file. It did detect one issue but where did it save the file? Sorry for my ignorance.
  8. None of those processes was running. Combofix does not run in Safe Mode. Same thing - it starts up but then is immediately shut down.
  9. I uninstalled Emsisoft. It was a trial version and I didn't realize that after the trial expired that it would continue to run. Sorry about that. I downloaded Combofix and clicked on "Run". It starts (the hourglass starts spinning) but then immediately stops.
  10. I ran GMER in Safe Mode and only checked "Sections" and "C". Not much came up and the scan only took a few minutes. I saved the results to a file called "Gmer.log". It was so fast that I decided to run it again with everything except IAT/EAT, Drives, Show All and Files selected. I saved that log as "GMER_full.log". Both are attached. GMER_full.log Gmer.log
  11. Rootkit Unhooker will not run in Safe Mode. I ran GMER but it ran for over 8 hours and was still running. I tried to stop it and save it at that point (because I needed to get on my computer) but it totally locked up my machine. I rebooted and tried running it again with the "Files" box unchecked. I thought that might speed things up a bit but it, too, ran again for a few hours and locked everything up when I tried to stop it and save it. How long should GMER take? Should I let it go all night long, or will it run faster in Safe Mode? I'm not going to run it again until I hear back from you. Thanks so much.
  12. Thanks for responding. I ran DDS and attached the logs. However, I was unable to run RKUnhooker.exe and received the following error message: "02 Error loading data file". Prior to your response I also re-ran Emsisoft and I've also attached the new quarantine log. The DDS log is: DDS (Ver_10-10-10.03) - NTFSx86 Run by Laura at 13:30:15.70 on Wed 10/13/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3324.2111 [GMT -5:00] AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: Emsisoft Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255} ============== Running Processes =============== C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\STacSV.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k bthsvcs C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Virtual-Protect\MyFolder2.5\mfservice.exe C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\PSIService.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\TFEngine\TFService.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Clearly Superior Technologies\Superior-X Button Control\Superior-XButtonControl.exe C:\WINDOWS\system32\taskswitch.exe C:\PROGRA~1\Discover\SOAN\DISCOV~1.EXE C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\dcmsvc\dcmsvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\OBroker.exe C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe C:\Program Files\Virtual-Protect\MyFolder2.5\mfmanager.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Laura\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = https://my.screenname.aol.com/_cqr/login/lo...c&locale=us mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Secure Online Account Numbers Helper: {435eaa86-d32b-484f-869c-53745fcb1642} - c:\program files\discover\soan\DiscoverSOANHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: DiscoverSOANBrowserHelper Class: {8db3d69d-da5e-4165-b781-72a761790672} - c:\program files\discover\soan\DiscoverSOANBHO.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Secure Online Account Numbers: {a8c7c2ca-6dfd-4e16-8458-592361564d38} - c:\program files\discover\soan\DiscoverSOANToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe" mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe" mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [superior-X Button Control] c:\program files\clearly superior technologies\superior-x button control\Superior-XButtonControl.exe /notportable mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [secure Online Account Numbers] c:\progra~1\discover\soan\DISCOV~1.EXE /dontopenmycards mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe mRun: [ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [LoadMSvcmm] "c:\program files\blockbuster\blockbustermovielink\Movielink User.exe" mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe" mRun: [mfmanager] c:\program files\virtual-protect\myfolder2.5\mfmanager.exe mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup StartupFolder: c:\docume~1\laura\startm~1\programs\startup\warner~1.lnk - c:\program files\warner bros. digital copy manager\Warner Bros. Digital Copy Manager.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\laura\applic~1\mozilla\firefox\profiles\strk25st.default\ FF - prefs.js: browser.startup.homepage - hxxps://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com〈=en&locale=us&authLev=0&siteState=ver%3a4%7crt%3aSTANDARD%7cat%3aSNS%7cld%3awebmail.aol.com%7crp%3asuite.aspx%7cuv%3aAIM%7clc%3aen-us%7cmt%3aAIM%7csnt%3aScreenName%7csid%3a41388eac-5976-4e9f-9240-55f4149174f2&offerId=newmail-en-us-v2&seamless=novl&xchk=false FF - component: c:\program files\discover\soan\components\SlimOrbAddonDiscoverSOAN.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\laura\application data\mozilla\plugins\npatgpc.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-11 218592] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-6-12 51984] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-6-12 59664] R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2010-10-10 41928] R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2010-10-10 11776] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-6-11 233136] R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-10-10 2909536] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-9-12 54760] R2 mfservice;mfservice;c:\program files\virtual-protect\myfolder2.5\mfservice.exe [2010-8-13 90624] R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-31 366840] R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-31 1142224] R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-10-10 72808] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-11-21 238736] R3 mfkrnl2;mfkrnl2;c:\program files\virtual-protect\myfolder2.5\mfkrnl.sys [2010-8-13 109056] R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-6-11 63360] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-6-12 33552] R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?] S1 paeqxmin;paeqxmin;\??\c:\windows\system32\drivers\paeqxmin.sys --> c:\windows\system32\drivers\paeqxmin.sys [?] S2 BroadCamService;BroadCam Video Streaming Server; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2010-10-13 00:57:16 59664 ----a-w- c:\windows\system32\drivers\tsk28.tmp 2010-10-13 00:18:28 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 00:18:27 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 00:17:17 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-10-11 11:56:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-11 11:56:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-11 11:56:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-10 15:28:13 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2010-10-07 20:06:08 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2010-10-07 09:41:21 -------- d-----w- c:\docume~1\laura\locals~1\applic~1\PCHealth 2010-10-02 19:54:54 -------- d-----w- c:\docume~1\laura\locals~1\applic~1\mfmanager 2010-10-02 19:54:42 -------- d-----w- c:\program files\Virtual-Protect 2010-10-02 19:53:50 1614336 ----a-w- c:\program files\MyFolder Setup 2.5.7.0.msi 2010-10-01 18:38:55 98816 ----a-w- c:\windows\sed.exe 2010-10-01 18:38:55 77312 ----a-w- c:\windows\MBR.exe 2010-10-01 18:38:55 161792 ----a-w- c:\windows\SWREG.exe 2010-10-01 18:38:29 -------- d-s---w- C:\ComboFix 2010-09-21 22:23:55 -------- d-----r- c:\program files\Skype 2010-09-18 17:23:26 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll 2010-09-16 09:43:06 -------- d---a-w- c:\program files\Avioero ==================== Find3M ==================== 2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-08 22:11:43 1420 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-26 22:45:49 767928 ----a-w- c:\windows\BDTSupport.dll 2010-07-16 12:05:55 1288192 ----a-w- c:\windows\system32\ole32.dll ============= FINISH: 13:35:58.90 =============== The new Emsisoft quarantine log follows: Emsisoft Anti-Malware - Version 5.0 Last update: 10/13/2010 2:57:20 AM Scan settings: Scan type: Deep Scan Objects: Memory, Traces, Cookies, C:\ Scan archives: On Heuristics: Off ADS Scan: On Scan start: 10/13/2010 4:51:55 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286930971796001 detected: Trace.TrackingCookie.aol.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931007468000 detected: Trace.TrackingCookie.doubleclick.net!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931498343000 detected: Trace.TrackingCookie.enhance.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931498453000 detected: Trace.TrackingCookie.enhance.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931501968000 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931501968001 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931531656000 detected: Trace.TrackingCookie.aol.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931540031009 detected: Trace.TrackingCookie.aol.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931540031010 detected: Trace.TrackingCookie.aol.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544109001 detected: Trace.TrackingCookie.ar.atwola.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544703000 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544703001 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544703002 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544906003 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544906005 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544906006 detected: Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931545703002 detected: Trace.TrackingCookie.aol.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286947634515000 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286947634703000 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286947634703001 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286947638546003 detected: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286947679843000 detected: Trace.TrackingCookie.tribalfusion.com!A2 C:\WINDOWS\Temp\TMP10B.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP1A4.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP1AA.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP23B.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP242.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP246.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP248.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP24C.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP24E.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP250.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP252.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP254.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP256.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP258.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP25A.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP25E.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP261.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP262.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP266.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP268.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP26A.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP26C.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP26F.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2AA.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2BE.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2C0.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2C5.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2C7.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP2CA.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2CD.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2D4.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2D5.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2D9.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2DB.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2DE.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2DF.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2E1.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP2E3.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2E5.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP2E7.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP2EB.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2F0.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2F8.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2FB.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2FC.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP300.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP302.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP304.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP307.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP309.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP30D.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP30F.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP311.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP316.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP319.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP31A.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP31E.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP320.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP322.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP327.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP329.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP32D.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP32F.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP331.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP335.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP336.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP338.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP33C.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP33E.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP340.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP344.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP348.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP349.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP34D.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP350.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP352.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP354.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP356.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP358.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP35A.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP35C.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP360.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP363.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP368.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP4E.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP52.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP54.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP56.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP59.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP5A.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP5D.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP5E.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP60.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP62.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMP67.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP68.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP6A.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP73.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP7C.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP81.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPD9.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPDA.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPDF.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPE1.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPE3.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPE5.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPE7.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMPE9.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPEB.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMPED.tmp detected: Trojan.Crypt!IK C:\WINDOWS\Temp\TMPF2.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPF4.tmp detected: Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPFD.tmp detected: Virus.Win32.Enistery!IK Scanned Files: 312267 Traces: 697481 Cookies: 208 Processes: 72 Found Files: 113 Traces: 0 Cookies: 22 Processes: 0 Registry keys: 0 Scan end: 10/13/2010 9:52:56 AM Scan time: 5:01:01 C:\WINDOWS\Temp\TMP1A4.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP23B.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP254.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP258.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP25A.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP268.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP26A.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP26C.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP2C7.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP2E1.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP2E5.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP2E7.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP309.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP30F.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP311.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP331.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP336.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP338.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP356.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP35A.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP35C.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP5A.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP5E.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP60.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP62.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMPE7.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMPEB.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMPED.tmp Quarantined Trojan.Crypt!IK C:\WINDOWS\Temp\TMP10B.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP1AA.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP242.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP246.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP248.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP24C.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP24E.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP250.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP252.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP256.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP25E.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP261.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP262.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP266.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP26F.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2AA.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2BE.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2C0.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2C5.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2CA.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2CD.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2D4.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2D5.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2D9.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2DB.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2DE.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2DF.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2E3.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2EB.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2F0.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2F8.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2FB.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP2FC.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP300.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP302.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP304.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP307.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP30D.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP316.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP319.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP31A.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP31E.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP320.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP322.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP327.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP329.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP32D.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP32F.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP335.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP33C.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP33E.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP340.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP344.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP348.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP349.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP34D.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP350.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP352.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP354.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP358.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP360.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP363.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP368.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP4E.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP52.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP54.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP56.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP59.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP5D.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP67.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP68.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP6A.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP73.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP7C.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMP81.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPD9.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPDA.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPDF.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPE1.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPE3.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPE5.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPE9.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPF2.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPF4.tmp Quarantined Virus.Win32.Enistery!IK C:\WINDOWS\Temp\TMPFD.tmp Quarantined Virus.Win32.Enistery!IK C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286947679843000 Quarantined Trace.TrackingCookie.tribalfusion.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544703000 Quarantined Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544703001 Quarantined Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544703002 Quarantined Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544906003 Quarantined Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544906005 Quarantined Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544906006 Quarantined Trace.TrackingCookie.casalemedia.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931544109001 Quarantined Trace.TrackingCookie.ar.atwola.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931501968000 Quarantined Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931501968001 Quarantined Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286947634515000 Quarantined Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286947634703000 Quarantined Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286947634703001 Quarantined Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286947638546003 Quarantined Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931498343000 Quarantined Trace.TrackingCookie.enhance.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931498453000 Quarantined Trace.TrackingCookie.enhance.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931007468000 Quarantined Trace.TrackingCookie.doubleclick.net!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286930971796001 Quarantined Trace.TrackingCookie.aol.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931531656000 Quarantined Trace.TrackingCookie.aol.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931540031009 Quarantined Trace.TrackingCookie.aol.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931540031010 Quarantined Trace.TrackingCookie.aol.com!A2 C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286931545703002 Quarantined Trace.TrackingCookie.aol.com!A2 Quarantined Files: 113 Traces: 0 Cookies: 22 Thanks again for your help, LauraAttach.txt Attach.txt
  13. I've got a Google redirect virus. Initially I couldn't run Malwarebytes. I renamed the executable file "winlogin.exe" and did a complete scan. Malwarebytes didn't detect anything. I've also run numerous other programs but Emsisoft Anti-Malware is the only thing that found anything malicious. Here's the quarantine log from Emsisoft: Emsisoft Anti-Malware - Version 5.0 quarantine log Date Source Event Behavior/Infection 10/12/2010 7:43:20 PM C:\WINDOWS\Temp\TMP2E9.tmp Moved To Quarantine Virus.Win32.Enistery!IK 10/12/2010 7:43:19 PM C:\WINDOWS\Temp\TMP174.tmp Moved To Quarantine Trojan.Crypt!IK 10/12/2010 7:43:18 PM C:\WINDOWS\Temp\TMP170.tmp Moved To Quarantine Trojan.Crypt!IK 10/12/2010 7:49:04 AM C:\Documents and Settings\Laura\Cookies\laura@doubleclick[2].txt Moved To Quarantine Trace.TrackingCookie.doubleclick!A2 10/12/2010 7:49:03 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286880125593001 Moved To Quarantine Trace.TrackingCookie.ar.atwola.com!A2 10/12/2010 7:49:02 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286880214875000 Moved To Quarantine Trace.TrackingCookie.ad.yieldmanager.com!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286194331093008 Removed From Quarantine Trace.TrackingCookie.aol.com!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286194333515002 Removed From Quarantine Trace.TrackingCookie.aol.com!A2 10/12/2010 5:48:39 AM c:\program files\RegistryFix7 Removed From Quarantine Trace.Directory.RegistryFix 7 .1!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286628083250003 Removed From Quarantine Trace.TrackingCookie.media!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Cookies\laura@specificclick[2].txt Removed From Quarantine Trace.TrackingCookie.specificclick!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286230408515000 Removed From Quarantine Trace.TrackingCookie.optimize.indieclick.com!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286462778953000 Removed From Quarantine Trace.TrackingCookie.www.adfusion.com!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851406006 Removed From Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851187002 Removed From Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851406005 Removed From Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709849937008 Removed From Quarantine Trace.TrackingCookie.ar.atwola.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286195710734000 Removed From Quarantine Trace.TrackingCookie.doubleclick.net!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286445401984001 Removed From Quarantine Trace.TrackingCookie.aol.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286628083250000 Removed From Quarantine Trace.TrackingCookie.media!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286664192500001 Removed From Quarantine Trace.TrackingCookie.ads.pubmatic.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286194331093009 Removed From Quarantine Trace.TrackingCookie.aol.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286371022921000 Removed From Quarantine Trace.TrackingCookie.googleads.g.doubleclick.net!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851406003 Removed From Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851187001 Removed From Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286570459140001 Removed From Quarantine Trace.TrackingCookie.eas.apm.emediate.eu!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851187000 Removed From Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\6.0\39\6fca95e7-6ed17acd Removed From Quarantine JAVA.Agent!IK 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286155775484000 Removed From Quarantine Trace.TrackingCookie.aol.com!A2 10/12/2010 5:48:02 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286155774281001 Removed From Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM c:\program files\RegistryFix7 Moved To Quarantine Trace.Directory.RegistryFix 7 .1!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Cookies\laura@specificclick[2].txt Moved To Quarantine Trace.TrackingCookie.specificclick!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286445401984001 Moved To Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286194333515002 Moved To Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286194331093009 Moved To Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286194331093008 Moved To Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286155775484000 Moved To Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286155774281001 Moved To Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286195710734000 Moved To Quarantine Trace.TrackingCookie.doubleclick.net!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286230408515000 Moved To Quarantine Trace.TrackingCookie.optimize.indieclick.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286371022921000 Moved To Quarantine Trace.TrackingCookie.googleads.g.doubleclick.net!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286462778953000 Moved To Quarantine Trace.TrackingCookie.www.adfusion.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286570459140001 Moved To Quarantine Trace.TrackingCookie.eas.apm.emediate.eu!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286628083250003 Moved To Quarantine Trace.TrackingCookie.media!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286628083250000 Moved To Quarantine Trace.TrackingCookie.media!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286664192500001 Moved To Quarantine Trace.TrackingCookie.ads.pubmatic.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709849937008 Moved To Quarantine Trace.TrackingCookie.ar.atwola.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851406006 Moved To Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851406005 Moved To Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851406003 Moved To Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851187002 Moved To Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851187001 Moved To Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851187000 Moved To Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\6.0\39\6fca95e7-6ed17acd Moved To Quarantine JAVA.Agent!IK I also ran HiJack This and here's the report: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:59:47 PM, on 10/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\STacSV.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Virtual-Protect\MyFolder2.5\mfservice.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Clearly Superior Technologies\Superior-X Button Control\Superior-XButtonControl.exe C:\WINDOWS\system32\taskswitch.exe C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Discover\SOAN\DISCOV~1.EXE C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\dcmsvc\dcmsvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\OBroker.exe C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Virtual-Protect\MyFolder2.5\mfmanager.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spyware Doctor\TFEngine\TFService.exe C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\HP\Digital Imaging\bin\hpqusgl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/lo...c&locale=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pctools.com/mrc/fix_homepage/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Secure Online Account Numbers Helper - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files\Discover\SOAN\DiscoverSOANHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\Program Files\Discover\SOAN\DiscoverSOANBHO.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Secure Online Account Numbers - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files\Discover\SOAN\DiscoverSOANToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [superior-X Button Control] C:\Program Files\Clearly Superior Technologies\Superior-X Button Control\Superior-XButtonControl.exe /notportable O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [secure Online Account Numbers] C:\PROGRA~1\Discover\SOAN\DISCOV~1.EXE /dontopenmycards O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [mfmanager] C:\Program Files\Virtual-Protect\MyFolder2.5\mfmanager.exe O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BroadCam Video Streaming Server (BroadCamService) - Apple Inc. - (no file) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: mfservice - Unknown owner - C:\Program Files\Virtual-Protect\MyFolder2.5\mfservice.exe O23 - Service: Movielink Core Service - Blockbuster - C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- End of file - 16410 bytes After all of this I still have the redirect virus. I sure would appreciate any help. Thanks so much for your time, Laura
  14. I've got a Google redirect virus. Initially I couldn't run Malwarebytes. I renamed the executable file "winlogin.exe" and did a complete scan. Malwarebytes didn't detect anything. I've also run numerous other programs but Emsisoft Anti-Malware is the only thing that found anything malicious. Here's the quarantine log from Emsisoft: Emsisoft Anti-Malware - Version 5.0 quarantine log Date Source Event Behavior/Infection 10/12/2010 7:43:20 PM C:\WINDOWS\Temp\TMP2E9.tmp Moved To Quarantine Virus.Win32.Enistery!IK 10/12/2010 7:43:19 PM C:\WINDOWS\Temp\TMP174.tmp Moved To Quarantine Trojan.Crypt!IK 10/12/2010 7:43:18 PM C:\WINDOWS\Temp\TMP170.tmp Moved To Quarantine Trojan.Crypt!IK 10/12/2010 7:49:04 AM C:\Documents and Settings\Laura\Cookies\laura@doubleclick[2].txt Moved To Quarantine Trace.TrackingCookie.doubleclick!A2 10/12/2010 7:49:03 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286880125593001 Moved To Quarantine Trace.TrackingCookie.ar.atwola.com!A2 10/12/2010 7:49:02 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286880214875000 Moved To Quarantine Trace.TrackingCookie.ad.yieldmanager.com!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286194331093008 Removed From Quarantine Trace.TrackingCookie.aol.com!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286194333515002 Removed From Quarantine Trace.TrackingCookie.aol.com!A2 10/12/2010 5:48:39 AM c:\program files\RegistryFix7 Removed From Quarantine Trace.Directory.RegistryFix 7 .1!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286628083250003 Removed From Quarantine Trace.TrackingCookie.media!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Cookies\laura@specificclick[2].txt Removed From Quarantine Trace.TrackingCookie.specificclick!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286230408515000 Removed From Quarantine Trace.TrackingCookie.optimize.indieclick.com!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286462778953000 Removed From Quarantine Trace.TrackingCookie.www.adfusion.com!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851406006 Removed From Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/12/2010 5:48:39 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851187002 Removed From Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851406005 Removed From Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709849937008 Removed From Quarantine Trace.TrackingCookie.ar.atwola.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286195710734000 Removed From Quarantine Trace.TrackingCookie.doubleclick.net!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286445401984001 Removed From Quarantine Trace.TrackingCookie.aol.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286628083250000 Removed From Quarantine Trace.TrackingCookie.media!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286664192500001 Removed From Quarantine Trace.TrackingCookie.ads.pubmatic.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286194331093009 Removed From Quarantine Trace.TrackingCookie.aol.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286371022921000 Removed From Quarantine Trace.TrackingCookie.googleads.g.doubleclick.net!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851406003 Removed From Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851187001 Removed From Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286570459140001 Removed From Quarantine Trace.TrackingCookie.eas.apm.emediate.eu!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851187000 Removed From Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\6.0\39\6fca95e7-6ed17acd Removed From Quarantine JAVA.Agent!IK 10/12/2010 5:48:35 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286155775484000 Removed From Quarantine Trace.TrackingCookie.aol.com!A2 10/12/2010 5:48:02 AM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286155774281001 Removed From Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM c:\program files\RegistryFix7 Moved To Quarantine Trace.Directory.RegistryFix 7 .1!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Cookies\laura@specificclick[2].txt Moved To Quarantine Trace.TrackingCookie.specificclick!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286445401984001 Moved To Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286194333515002 Moved To Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286194331093009 Moved To Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286194331093008 Moved To Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286155775484000 Moved To Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286155774281001 Moved To Quarantine Trace.TrackingCookie.aol.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286195710734000 Moved To Quarantine Trace.TrackingCookie.doubleclick.net!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286230408515000 Moved To Quarantine Trace.TrackingCookie.optimize.indieclick.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286371022921000 Moved To Quarantine Trace.TrackingCookie.googleads.g.doubleclick.net!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286462778953000 Moved To Quarantine Trace.TrackingCookie.www.adfusion.com!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286570459140001 Moved To Quarantine Trace.TrackingCookie.eas.apm.emediate.eu!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286628083250003 Moved To Quarantine Trace.TrackingCookie.media!A2 10/10/2010 12:07:03 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286628083250000 Moved To Quarantine Trace.TrackingCookie.media!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286664192500001 Moved To Quarantine Trace.TrackingCookie.ads.pubmatic.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709849937008 Moved To Quarantine Trace.TrackingCookie.ar.atwola.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851406006 Moved To Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851406005 Moved To Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851406003 Moved To Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851187002 Moved To Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851187001 Moved To Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Mozilla\Firefox\Profiles\strk25st.default\cookies.sqlite:1286709851187000 Moved To Quarantine Trace.TrackingCookie.casalemedia.com!A2 10/10/2010 12:07:02 PM C:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\6.0\39\6fca95e7-6ed17acd Moved To Quarantine JAVA.Agent!IK I also ran HiJack This and here's the report: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:59:47 PM, on 10/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\STacSV.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Virtual-Protect\MyFolder2.5\mfservice.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Clearly Superior Technologies\Superior-X Button Control\Superior-XButtonControl.exe C:\WINDOWS\system32\taskswitch.exe C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Discover\SOAN\DISCOV~1.EXE C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\dcmsvc\dcmsvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\OBroker.exe C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Virtual-Protect\MyFolder2.5\mfmanager.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spyware Doctor\TFEngine\TFService.exe C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\HP\Digital Imaging\bin\hpqusgl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/login/lo...c&locale=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pctools.com/mrc/fix_homepage/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Secure Online Account Numbers Helper - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files\Discover\SOAN\DiscoverSOANHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\Program Files\Discover\SOAN\DiscoverSOANBHO.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Secure Online Account Numbers - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files\Discover\SOAN\DiscoverSOANToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [superior-X Button Control] C:\Program Files\Clearly Superior Technologies\Superior-X Button Control\Superior-XButtonControl.exe /notportable O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [secure Online Account Numbers] C:\PROGRA~1\Discover\SOAN\DISCOV~1.EXE /dontopenmycards O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [mfmanager] C:\Program Files\Virtual-Protect\MyFolder2.5\mfmanager.exe O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BroadCam Video Streaming Server (BroadCamService) - Apple Inc. - (no file) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: mfservice - Unknown owner - C:\Program Files\Virtual-Protect\MyFolder2.5\mfservice.exe O23 - Service: Movielink Core Service - Blockbuster - C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- End of file - 16410 bytes After all of this I still have the redirect virus. I sure would appreciate any help. Thanks so much for your time, Laura
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.