Search Engine topics Redirecting to other places when I click on them

[Taahirah]

Hi,

My computer is infected with something and I am unsure of what it is. I use Google Chrome most of the time and at times I use Fire Fox. Internet Explorer is a last resort. What ever is on my computer has affected all 3 browsers on my computer that I have mentioned above.

I have McAfee virus program on my computer which I have ran several times and I am still having the problem. I downloaded Malwarebytes and scanned my computer with it several times and the issue is still there. I also downloaded Spybot and scanned my computer with it and still to no avail.

My system is: Windows XP Professional Version 2002 Service Pack 3

Your assistance with this issue would be much appreciated.

Thank you

[Maniac]

Hello Taahirah and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Please follow the instructions here and post both log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

[Taahirah]

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by DELL at 20:07:24 on 2012-04-26

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.199 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\vVX1000.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Athan\Athan.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\DELL\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Documents and Settings\DELL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DELL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DELL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DELL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DELL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DELL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DELL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DELL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DELL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\DELL\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page =

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

uWindow Title = Windows Internet Explorer provided by Yahoo!

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant =

mSearchAssistant =

uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120215105109.dll

BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [Google Update] "c:\documents and settings\dell\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [Media Finder] "c:\program files\media finder\MF.exe" /opentotray

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [VX1000] c:\windows\vVX1000.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Athan] c:\program files\athan\Athan.exe

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\dell\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: Download with &Media Finder - c:\program files\media finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxp://mylearning.ohdela.com/Reserved.ReportViewerWebControl.axd?ReportSession=1loayw55coq1xpzy5tidbg55&ControlID=e25288908e3d4012b58c8b7dedd4c419&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7D190EC0-6057-4461-B6B7-6CBD0E76029F} : DhcpNameServer = 24.93.41.127 24.93.41.128

TCP: Interfaces\{9F23138F-84E6-4F33-91B1-2A04B1562FAF} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{C270EDDE-0C21-492B-A883-2FB531D90E1A} : DhcpNameServer = 192.168.1.254

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: OpinionSquare - c:\program files\opinionsquare\opls.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\dell\application data\mozilla\firefox\profiles\47eogg9n.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\dell\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\dell\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\dell\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 3fd84811-2570-45a2-bec9-26db7c61af45

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464176]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-2 89792]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-1-17 214904]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-1-17 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-1-17 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-1-17 214904]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-1-17 166288]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-1-17 160608]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-1-17 150856]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-2 57600]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-2 180816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-2 59456]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-2 338176]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-2 83856]

S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]

S2 gupdate1c9e4a22d33200;Google Update Service (gupdate1c9e4a22d33200);c:\program files\google\update\GoogleUpdate.exe [2009-6-3 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253088]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-2 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-2 87656]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-22 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-22 40552]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]

S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

.

=============== Created Last 30 ================

.

2012-04-26 03:24:38 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-04-26 03:24:17 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-04-26 03:24:17 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2012-04-26 03:03:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-26 02:53:34 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-04-26 02:53:34 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-04-25 15:32:27 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-04-25 15:32:27 -------- d-----w- c:\windows\system32\wbem\Repository

2012-04-25 15:31:12 -------- d-----w- c:\program files\OpinionSquare

2012-04-25 15:28:10 -------- d-----w- c:\program files\Perfect Optimizer

2012-04-25 01:06:52 -------- d-----w- c:\documents and settings\dell\application data\Malwarebytes

2012-04-25 01:06:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-04-25 01:06:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-21 01:12:57 114688 --sha-r- c:\windows\system32\powercfga.dll

2012-04-14 19:12:12 -------- d-----w- c:\documents and settings\dell\local settings\application data\visi_coupon

2012-04-12 20:10:55 -------- d-----w- c:\documents and settings\dell\application data\Media Finder

2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2012-04-03 12:07:46 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

==================== Find3M ====================

.

2012-04-13 23:19:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec

2012-02-18 22:31:30 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-18 22:31:27 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 20:10:47.06 ===============

[Taahirah]

Hi,

For some reason I was not able to paste both files in one post so here's the second one:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/9/2008 3:00:10 AM

System Uptime: 4/26/2012 4:01:26 PM (4 hours ago)

.

Motherboard: Dell Inc. | | 0XD762

Processor: Intel® Pentium® M processor 1.73GHz | Microprocessor | 1729/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 42.138 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_104C&DEV_8038&SUBSYS_01821028&REV_00\4&2FA23535&0&0DF0

Manufacturer:

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_104C&DEV_8038&SUBSYS_01821028&REV_00\4&2FA23535&0&0DF0

Service:

.

==== System Restore Points ===================

.

RP1: 4/21/2012 6:22:08 AM - System Checkpoint

RP2: 4/24/2012 8:43:06 PM - System Checkpoint

RP3: 4/25/2012 11:26:51 AM - Restore Operation

.

==== Installed Programs ======================

.

4200

4200_Help

4200Tour

4200Trb

aaa

Acrobat.com

Adobe AIR

Adobe Connect Add-in

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

AiO_Scan

AIOMinimal

AiOSoftware

Apple Application Support

Apple Software Update

Athan Basic 4.2

Broadcom Gigabit Integrated Controller

C-Major Audio

Conexant D110 MDC V.92 Modem

Copy

CreativeProjects

Dell Wireless WLAN Card

Director

DocProc

Doxillion Document Converter

Fax

Google Chrome

Google Talk Plugin

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Image Zone 3.5

HP PSC & OfficeJet 3.5

HP Software Update

HPSystemDiagnostics

InstantShare

Intel® Graphics Media Accelerator Driver for Mobile

Intel® PROSet/Wireless Software

J2SE Runtime Environment 5.0 Update 17

Java Auto Updater

Java 6 Update 31

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee SecurityCenter

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft LifeCam

Microsoft Office XP Professional with FrontPage

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 6 Ultra Edition

OpinionSquare

Overland

PaltalkScene

PhotoGallery

PowerDVD

PrintScreen

QFolder

QuickProjects

QuickTime

Readme

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Reciter 2.0

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SkinsHP1

SkinsHP2

Skype™ 4.2

Spybot - Search & Destroy

swMSM

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB969497)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

Windows XP Service Pack 3

Yahoo! Install Manager

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

Yontoo Layers Runtime 1.10.01

.

==== Event Viewer Messages From Past Week ========

.

4/25/2012 12:04:50 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde

4/19/2012 7:31:44 PM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

.

==== End Of File ===========================

[Maniac]

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log file

[Taahirah]

I am having trouble with ResetTeaTimer.exe. When I click to download it a black screen comes up that says:

ERROR: The process "TeaTimer.exe" not found.

ERROR: The process "spybotsd.exe" not found.

SpyBot and Tea Timer must be closed!!

Press any key to continue . . .

Finished

Press any key to continue . . .

When I press any key to continue again the box just closes. I followed the instructions you gave me to disable Tea Timer. I am not sure what's going on. I am not able to download the program at all to my desktop. I found the ResetTeaTimer.exe under downloads on my computer and when I click on it the same message I pasted above comes up.

Thanks for your help,

Tracy

[Maniac]

Please open Start Menu => Run... and type:

cmd

Click on OK button.

Next type:

taskkill /IM TeaTimer.exe

Click on Enter button.

Try to re-run ResetTeaTimer.exe

[Taahirah]

I followed your instructions and this is the error message I got:

Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\DELL>taskkill /IM TeaTimer.exe

ERROR: The process "TeaTimer.exe" not found.

C:\Documents and Settings\DELL>

Yesterday I was not even able to download teatimer.exe on my computer. Therefore I was not even able to save it to my desktop. When the box opens for me to download it I clicked run and then a box opens for me to Winzip it and before I can click on anything it closes and another window pops up with the error message I sent to you yesterday which is:

ERROR: The process "TeaTimer.exe" not found.

ERROR: The process "spybotsd.exe" not found.

SpyBot and Tea Timer must be closed!!

Press any key to continue . . .

[Maniac]

Please temporarily uninstall SpyBot and proceed with next step.

[Taahirah]

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.02.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

DELL :: DELL-A494A70A0B [administrator]

5/2/2012 11:06:50 AM

mbam-log-2012-05-02 (11-06-50).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215545

Time elapsed: 33 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 12

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 8

C:\Program Files\Perfect Optimizer (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files\Perfect Optimizer\Backup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files\Perfect Optimizer\Backup\Application (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files\Perfect Optimizer\Backup\Registry (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files\Perfect Optimizer\Backup\Registry\FullBackup (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files\Perfect Optimizer\Backup\Service (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

C:\Program Files\Perfect Optimizer\Temp (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

Files Detected: 1

C:\Program Files\Perfect Optimizer\PerfectOptimizer.ini (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.

(end)

[Maniac]

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[Taahirah]

ComboFix 12-05-04.03 - DELL 05/04/2012 17:28:23.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.608 [GMT -4:00]

Running from: c:\documents and settings\DELL\My Documents\Downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Autorun.inf

c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\47eogg9n.default\searchplugins\bing-zugo.xml

c:\documents and settings\DELL\GoToAssistDownloadHelper.exe

c:\documents and settings\DELL\Local Settings\Application Data\{05EFBC70-BDA5-478E-84C8-9559378D300A}

c:\documents and settings\DELL\Local Settings\Application Data\{05EFBC70-BDA5-478E-84C8-9559378D300A}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{05EFBC70-BDA5-478E-84C8-9559378D300A}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{05EFBC70-BDA5-478E-84C8-9559378D300A}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{0B573ADD-E4A4-4766-8439-43261FAC0D3D}

c:\documents and settings\DELL\Local Settings\Application Data\{0B573ADD-E4A4-4766-8439-43261FAC0D3D}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{0B573ADD-E4A4-4766-8439-43261FAC0D3D}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{0B573ADD-E4A4-4766-8439-43261FAC0D3D}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{1094CE1F-3DFE-4292-9627-BF0D9C09BF03}

c:\documents and settings\DELL\Local Settings\Application Data\{1094CE1F-3DFE-4292-9627-BF0D9C09BF03}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{1094CE1F-3DFE-4292-9627-BF0D9C09BF03}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{1094CE1F-3DFE-4292-9627-BF0D9C09BF03}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{1F9B9027-8722-4E5C-956C-B87805549C14}

c:\documents and settings\DELL\Local Settings\Application Data\{1F9B9027-8722-4E5C-956C-B87805549C14}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{1F9B9027-8722-4E5C-956C-B87805549C14}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{1F9B9027-8722-4E5C-956C-B87805549C14}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{2FC0EEC4-D22D-40E5-9D1A-D8E643444DD1}

c:\documents and settings\DELL\Local Settings\Application Data\{2FC0EEC4-D22D-40E5-9D1A-D8E643444DD1}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{2FC0EEC4-D22D-40E5-9D1A-D8E643444DD1}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{2FC0EEC4-D22D-40E5-9D1A-D8E643444DD1}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{42620A32-4265-444B-8811-8435F5EB3F28}

c:\documents and settings\DELL\Local Settings\Application Data\{42620A32-4265-444B-8811-8435F5EB3F28}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{42620A32-4265-444B-8811-8435F5EB3F28}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{42620A32-4265-444B-8811-8435F5EB3F28}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{44A6F7E0-5887-4FF4-ABFA-1E24C2237081}

c:\documents and settings\DELL\Local Settings\Application Data\{44A6F7E0-5887-4FF4-ABFA-1E24C2237081}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{44A6F7E0-5887-4FF4-ABFA-1E24C2237081}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{44A6F7E0-5887-4FF4-ABFA-1E24C2237081}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{477BF6E7-8D42-4AA3-BA6D-DE7E34A7E40D}

c:\documents and settings\DELL\Local Settings\Application Data\{477BF6E7-8D42-4AA3-BA6D-DE7E34A7E40D}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{477BF6E7-8D42-4AA3-BA6D-DE7E34A7E40D}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{477BF6E7-8D42-4AA3-BA6D-DE7E34A7E40D}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{4F0DDF76-B5D4-4B83-8C74-F8E829CC0C9F}

c:\documents and settings\DELL\Local Settings\Application Data\{4F0DDF76-B5D4-4B83-8C74-F8E829CC0C9F}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{4F0DDF76-B5D4-4B83-8C74-F8E829CC0C9F}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{4F0DDF76-B5D4-4B83-8C74-F8E829CC0C9F}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{4F7D9D8D-15C1-46C1-82CD-47565F7E6D91}

c:\documents and settings\DELL\Local Settings\Application Data\{4F7D9D8D-15C1-46C1-82CD-47565F7E6D91}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{4F7D9D8D-15C1-46C1-82CD-47565F7E6D91}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{4F7D9D8D-15C1-46C1-82CD-47565F7E6D91}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{5D01542F-39F7-45A7-8A37-39007FA3C49E}

c:\documents and settings\DELL\Local Settings\Application Data\{5D01542F-39F7-45A7-8A37-39007FA3C49E}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{5D01542F-39F7-45A7-8A37-39007FA3C49E}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{5D01542F-39F7-45A7-8A37-39007FA3C49E}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{6D25A6A1-5EDA-47CC-A9E0-02E5199918F5}

c:\documents and settings\DELL\Local Settings\Application Data\{6D25A6A1-5EDA-47CC-A9E0-02E5199918F5}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{6D25A6A1-5EDA-47CC-A9E0-02E5199918F5}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{6D25A6A1-5EDA-47CC-A9E0-02E5199918F5}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{8CC01803-99F1-4CA4-9116-28B2AE55AE32}

c:\documents and settings\DELL\Local Settings\Application Data\{8CC01803-99F1-4CA4-9116-28B2AE55AE32}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{8CC01803-99F1-4CA4-9116-28B2AE55AE32}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{8CC01803-99F1-4CA4-9116-28B2AE55AE32}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{D330FC90-05E3-4091-A57B-1235FE82CCDD}

c:\documents and settings\DELL\Local Settings\Application Data\{D330FC90-05E3-4091-A57B-1235FE82CCDD}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{D330FC90-05E3-4091-A57B-1235FE82CCDD}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{D330FC90-05E3-4091-A57B-1235FE82CCDD}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{D73C29EA-4F16-4E61-B7E5-46B49DD5AEC2}

c:\documents and settings\DELL\Local Settings\Application Data\{D73C29EA-4F16-4E61-B7E5-46B49DD5AEC2}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{D73C29EA-4F16-4E61-B7E5-46B49DD5AEC2}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{D73C29EA-4F16-4E61-B7E5-46B49DD5AEC2}\install.rdf

c:\documents and settings\DELL\Local Settings\Application Data\{E6D24AD4-F9B1-4DF2-B512-14ED6FDE676A}

c:\documents and settings\DELL\Local Settings\Application Data\{E6D24AD4-F9B1-4DF2-B512-14ED6FDE676A}\chrome.manifest

c:\documents and settings\DELL\Local Settings\Application Data\{E6D24AD4-F9B1-4DF2-B512-14ED6FDE676A}\chrome\content\overlay.xul

c:\documents and settings\DELL\Local Settings\Application Data\{E6D24AD4-F9B1-4DF2-B512-14ED6FDE676A}\install.rdf

c:\documents and settings\DELL\WINDOWS

c:\program files\Search Toolbar

c:\program files\Search Toolbar\SearchToolbar.dll

c:\windows\iun6002.exe

c:\windows\p.exe

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\SET11E.tmp

c:\windows\system32\SET120.tmp

c:\windows\system32\SET12F.tmp

c:\windows\system32\SETF6.tmp

c:\windows\system32\SETFE.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))

.

.

2012-05-04 11:11 . 2012-05-04 11:11 -------- d-----w- c:\program files\Paltalk Messenger

2012-05-04 11:11 . 2012-05-04 11:11 -------- d-----w- c:\windows\Paltalk Messenger

2012-05-04 02:35 . 2012-05-04 02:35 -------- d-----w- c:\documents and settings\DELL\Local Settings\Application Data\APN

2012-04-28 03:10 . 2012-04-28 03:10 -------- d-----w- c:\documents and settings\DELL\Local Settings\Application Data\Opera

2012-04-28 03:09 . 2012-04-28 03:09 -------- d-----w- c:\program files\Opera

2012-04-27 22:04 . 2012-04-27 22:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-04-27 02:11 . 2012-03-20 17:06 29272 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll

2012-04-26 03:24 . 2012-04-26 03:24 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-04-26 03:24 . 2012-04-26 03:24 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-26 03:24 . 2012-04-26 03:24 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-04-26 02:53 . 2012-05-02 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-04-25 15:32 . 2012-04-25 15:32 -------- d-----w- c:\windows\system32\wbem\Repository

2012-04-25 01:06 . 2012-04-25 01:06 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes

2012-04-25 01:06 . 2012-04-25 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-04-25 01:06 . 2012-05-04 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-21 01:12 . 2012-04-21 01:12 114688 --sha-r- c:\windows\system32\powercfga.dll

2012-04-14 19:12 . 2012-04-14 19:12 -------- d-----w- c:\documents and settings\DELL\Local Settings\Application Data\visi_coupon

2012-04-14 18:43 . 2012-04-14 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2012-04-12 20:10 . 2012-04-12 20:16 -------- d-----w- c:\documents and settings\DELL\Application Data\Media Finder

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 23:19 . 2012-04-03 12:07 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-13 23:19 . 2011-05-18 10:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-20 17:11 . 2012-01-17 21:38 151880 ----a-w- c:\windows\system32\mfevtps.exe

2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-02-22 17:29 . 2012-01-17 22:04 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-02-22 17:29 . 2011-10-15 17:16 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-02-22 17:29 . 2011-10-15 17:16 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-02-22 17:29 . 2011-03-02 18:54 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2012-02-22 17:29 . 2011-03-02 18:54 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-02-22 17:29 . 2011-03-02 18:54 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2012-02-22 17:29 . 2011-03-02 18:54 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-02-22 17:29 . 2011-03-02 18:54 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-02-22 17:29 . 2011-03-02 18:54 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-02-22 17:29 . 2011-03-02 18:54 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-02-18 22:31 . 2012-02-18 22:31 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-18 22:31 . 2010-04-16 15:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-26 03:24 . 2012-02-13 18:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 19:01 . 2012-01-17 22:04 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-30 296056]

"Athan"="c:\program files\Athan\Athan.exe" [2011-11-20 1183744]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\DELL\Start Menu\Programs\Startup\

PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2012-3-29 7957768]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2012-3-29 7957768]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=

"c:\\Documents and Settings\\DELL\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/2/2011 2:54 PM 89792]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/17/2012 6:04 PM 214904]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/17/2012 6:04 PM 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/17/2012 6:04 PM 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/17/2012 6:05 PM 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/17/2012 5:38 PM 151880]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/2/2011 2:54 PM 57600]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/2/2011 2:54 PM 340920]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/2/2011 2:54 PM 83856]

S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]

S2 gupdate1c9e4a22d33200;Google Update Service (gupdate1c9e4a22d33200);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 7:21 PM 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 8:07 AM 253088]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/2/2011 2:54 PM 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/2/2011 2:54 PM 87656]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 11:24 PM 129976]

S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:19]

.

2012-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-05-04 c:\windows\Tasks\Aqrolpfeqm.job

- c:\windows\system32\powercfga.dll [2012-04-21 01:12]

.

2012-04-03 c:\windows\Tasks\doxillionShakeIcon.job

- c:\program files\NCH Software\Doxillion\doxillion.exe [2012-01-23 21:55]

.

2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 23:21]

.

2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 23:21]

.

2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1645522239-839522115-1003Core.job

- c:\documents and settings\DELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-29 16:18]

.

2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1645522239-839522115-1003UA.job

- c:\documents and settings\DELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-29 16:18]

.

2012-05-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-73586283-1645522239-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]

.

2012-05-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-1645522239-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]

.

2012-05-04 c:\windows\Tasks\User_Feed_Synchronization-{6B2FE0C8-8F46-42F1-9C7F-FA6B0E77CE50}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com/?l=dis&o=100000018&gct=hp

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant =

IE: Download with &Media Finder - c:\program files\Media Finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxp://mylearning.ohdela.com/Reserved.ReportViewerWebControl.axd?ReportSession=1loayw55coq1xpzy5tidbg55&ControlID=e25288908e3d4012b58c8b7dedd4c419&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab

FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\47eogg9n.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=100000018&gct=hp

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 3fd84811-2570-45a2-bec9-26db7c61af45

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe

AddRemove-Athan - c:\windows\iun6002.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-04 17:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1352)

c:\windows\System32\BCMLogon.dll

.

Completion time: 2012-05-04 17:50:00

ComboFix-quarantined-files.txt 2012-05-04 21:49

.

Pre-Run: 46,076,985,344 bytes free

Post-Run: 46,637,678,592 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - B16FD0D57FA1E5F36D0801F4993DC2D8

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=109214

Collect::[8]
c:\windows\system32\powercfga.dll
c:\windows\Tasks\Aqrolpfeqm.job

FireFox::
FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\47eogg9n.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=100000018&gct=hp
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 3fd84811-2570-45a2-bec9-26db7c61af45

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[Taahirah]

ComboFix 12-05-07.02 - DELL 05/07/2012 15:09:33.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.546 [GMT -4:00]

Running from: c:\documents and settings\DELL\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\DELL\Desktop\CFScript.txt.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Created a new restore point

.

file zipped: c:\windows\system32\powercfga.dll

file zipped: c:\windows\Tasks\Aqrolpfeqm.job

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\powercfga.dll

c:\windows\Tasks\Aqrolpfeqm.job

.

.

((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))

.

.

2012-05-05 15:43 . 2012-05-05 15:43 -------- d-----w- c:\documents and settings\DELL\Local Settings\Application Data\Amazon

2012-05-05 15:42 . 2012-05-05 15:42 -------- d-----w- c:\program files\Amazon

2012-05-05 02:19 . 2012-05-05 02:28 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-05-04 22:14 . 2012-05-07 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-04 22:11 . 2012-05-04 22:12 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-05-04 02:35 . 2012-05-04 02:35 -------- d-----w- c:\documents and settings\DELL\Local Settings\Application Data\APN

2012-04-28 03:10 . 2012-04-28 03:10 -------- d-----w- c:\documents and settings\DELL\Local Settings\Application Data\Opera

2012-04-28 03:09 . 2012-04-28 03:09 -------- d-----w- c:\program files\Opera

2012-04-27 22:04 . 2012-04-27 22:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-04-27 02:11 . 2012-03-20 17:06 29272 ----a-w- c:\program files\Mozilla Firefox\ScriptFF.dll

2012-04-26 03:24 . 2012-04-26 03:24 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-04-26 03:24 . 2012-04-26 03:24 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-26 03:24 . 2012-04-26 03:24 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-04-26 02:53 . 2012-05-06 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-04-25 15:32 . 2012-04-25 15:32 -------- d-----w- c:\windows\system32\wbem\Repository

2012-04-25 01:06 . 2012-04-25 01:06 -------- d-----w- c:\documents and settings\DELL\Application Data\Malwarebytes

2012-04-25 01:06 . 2012-04-25 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-04-14 19:12 . 2012-04-14 19:12 -------- d-----w- c:\documents and settings\DELL\Local Settings\Application Data\visi_coupon

2012-04-14 18:43 . 2012-04-14 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2012-04-12 20:10 . 2012-04-12 20:16 -------- d-----w- c:\documents and settings\DELL\Application Data\Media Finder

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 02:28 . 2012-04-03 12:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 02:28 . 2011-05-18 10:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-20 17:11 . 2012-01-17 21:38 151880 ----a-w- c:\windows\system32\mfevtps.exe

2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-02-22 17:29 . 2012-01-17 22:04 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-02-22 17:29 . 2011-10-15 17:16 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-02-22 17:29 . 2011-10-15 17:16 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-02-22 17:29 . 2011-03-02 18:54 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2012-02-22 17:29 . 2011-03-02 18:54 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-02-22 17:29 . 2011-03-02 18:54 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2012-02-22 17:29 . 2011-03-02 18:54 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-02-22 17:29 . 2011-03-02 18:54 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-02-22 17:29 . 2011-03-02 18:54 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-02-22 17:29 . 2011-03-02 18:54 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-02-18 22:31 . 2012-02-18 22:31 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-18 22:31 . 2010-04-16 15:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-26 03:24 . 2012-02-13 18:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 19:01 . 2012-01-17 22:04 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-04_21.37.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-05-07 19:22 . 2012-05-07 19:22 16384 c:\windows\Temp\Perflib_Perfdata_45c.dat

- 2008-06-09 07:37 . 2012-05-04 20:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-06-09 07:37 . 2012-05-07 15:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2012-05-05 14:43 . 2012-05-07 15:58 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-06-09 07:37 . 2012-05-04 20:54 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2012-05-05 02:28 . 2012-05-05 02:28 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe

+ 2012-05-05 01:19 . 2012-05-05 01:19 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

+ 2012-05-05 01:19 . 2012-05-05 01:19 424096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll

+ 2012-04-03 12:07 . 2012-05-05 02:28 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

- 2009-10-16 11:35 . 2012-05-04 20:54 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat

+ 2009-10-16 11:35 . 2012-05-07 15:58 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat

+ 2012-05-04 22:16 . 2012-05-04 22:16 341504 c:\windows\Installer\b8bb4.msi

+ 2012-05-05 02:28 . 2012-05-05 02:28 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-30 296056]

"Athan"="c:\program files\Athan\Athan.exe" [2011-11-20 1183744]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Documents and Settings\\DELL\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/2/2011 2:54 PM 89792]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/17/2012 6:04 PM 214904]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/17/2012 6:04 PM 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/17/2012 6:04 PM 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/17/2012 6:05 PM 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/17/2012 5:38 PM 151880]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/2/2011 2:54 PM 57600]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/2/2011 2:54 PM 340920]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/2/2011 2:54 PM 83856]

S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]

S2 gupdate1c9e4a22d33200;Google Update Service (gupdate1c9e4a22d33200);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 7:21 PM 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 8:07 AM 257696]

S3 CFcatchme;CFcatchme;\??\c:\docume~1\DELL\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\DELL\LOCALS~1\Temp\CFcatchme.sys [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/2/2011 2:54 PM 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/2/2011 2:54 PM 87656]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 11:24 PM 129976]

S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:28]

.

2012-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-04-03 c:\windows\Tasks\doxillionShakeIcon.job

- c:\program files\NCH Software\Doxillion\doxillion.exe [2012-01-23 21:55]

.

2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 23:21]

.

2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 23:21]

.

2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1645522239-839522115-1003Core.job

- c:\documents and settings\DELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-29 16:18]

.

2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1645522239-839522115-1003UA.job

- c:\documents and settings\DELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-29 16:18]

.

2012-05-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-73586283-1645522239-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]

.

2012-05-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-1645522239-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]

.

2012-05-07 c:\windows\Tasks\User_Feed_Synchronization-{6B2FE0C8-8F46-42F1-9C7F-FA6B0E77CE50}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant =

IE: Download with &Media Finder - c:\program files\Media Finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxp://mylearning.ohdela.com/Reserved.ReportViewerWebControl.axd?ReportSession=1loayw55coq1xpzy5tidbg55&ControlID=e25288908e3d4012b58c8b7dedd4c419&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab

FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\47eogg9n.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-07 15:23

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1352)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(2440)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2012-05-07 15:31:58 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-07 19:31

ComboFix2.txt 2012-05-04 21:50

.

Pre-Run: 46,362,038,272 bytes free

Post-Run: 46,355,992,576 bytes free

.

- - End Of File - - 775297FED1BA3D166E85FC0192E05CD9

Upload was successful

[Maniac]

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[Taahirah]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=aed0d0b6716dc145b67ff24e104da851

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2012-05-08 04:18:52

# local_time=2012-05-08 12:18:52 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5121 16777189 100 75 75049 36874575 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=63654

# found=15

# cleaned=15

# scan_time=2820

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) BD126F736993B966A376C4A4B99843C8 C

C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 5DDB11EA4AE68DC90C4D3EB427C290D3 C

C:\Qoobox\Quarantine\C\Autorun.inf.vir INF/Autorun virus (deleted - quarantined) 74208B07648133F9890B916E92E764BE C

C:\System Volume Information\_restore{0B672211-DF62-48A4-A813-9116A905CD21}\RP1\A0001145.exe a variant of Win32/Adware.RK application (cleaned by deleting - quarantined) 5887BB44F3B1B77F7E5F4E78DE1B1FBC C

C:\System Volume Information\_restore{0B672211-DF62-48A4-A813-9116A905CD21}\RP1\A0001151.dll probably a variant of Win32/Adware.RK application (cleaned by deleting - quarantined) 36B33BDD9EAD58FCF58206A397247BCB C

C:\System Volume Information\_restore{0B672211-DF62-48A4-A813-9116A905CD21}\RP1\A0001152.exe a variant of Win32/Adware.RK.AE application (cleaned by deleting - quarantined) D41B27F8011372D1EF90DF150335B59D C

C:\System Volume Information\_restore{0B672211-DF62-48A4-A813-9116A905CD21}\RP2\A0001708.DLL a variant of Win32/FunWeb.AA application (cleaned by deleting - quarantined) 6CE6E0C0B247B335FCC1DB8FB178837C C

C:\System Volume Information\_restore{0B672211-DF62-48A4-A813-9116A905CD21}\RP2\A0001709.DLL a variant of Win32/FunWeb.AA application (cleaned by deleting - quarantined) 6CE6E0C0B247B335FCC1DB8FB178837C C

C:\System Volume Information\_restore{0B672211-DF62-48A4-A813-9116A905CD21}\RP2\A0001710.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) E8806FDB79FC38246588EEF512EC4048 C

C:\System Volume Information\_restore{0B672211-DF62-48A4-A813-9116A905CD21}\RP2\A0001711.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 4CE56B9268805E5612B2EE5F5884BED5 C

C:\System Volume Information\_restore{0B672211-DF62-48A4-A813-9116A905CD21}\RP3\A0005253.exe a variant of Win32/Adware.RK application (cleaned by deleting - quarantined) 5887BB44F3B1B77F7E5F4E78DE1B1FBC C

C:\System Volume Information\_restore{0B672211-DF62-48A4-A813-9116A905CD21}\RP3\A0005259.exe a variant of Win32/Adware.RK.AE application (cleaned by deleting - quarantined) D41B27F8011372D1EF90DF150335B59D C

C:\System Volume Information\_restore{0B672211-DF62-48A4-A813-9116A905CD21}\RP5\A0007024.inf INF/Autorun virus (deleted - quarantined) 74208B07648133F9890B916E92E764BE C

C:\System Volume Information\_restore{0B672211-DF62-48A4-A813-9116A905CD21}\RP5\A0007042.dll Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 5DDB11EA4AE68DC90C4D3EB427C290D3 C

C:\System Volume Information\_restore{0B672211-DF62-48A4-A813-9116A905CD21}\RP6\A0007585.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) BD126F736993B966A376C4A4B99843C8 C

[Maniac]

Good!

How are things now?

[Taahirah]

So far so good. Thank you so much for your help I really appreciate!

[Maniac]

Glad I could help!

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Please manually delete DDS and ResetTeaTimer.

Next, uninstall ESET Online Scanner.

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!