Jump to content

partner37.mydomainadvisor - Infected, help pls!


Recommended Posts

Post Merged

We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped.

Please be patient, someone will assist you as soon as possible.

Hi,

My PC's been infected with this malware for about a month now, I think. I didn't realize it was a problem at first, until I got fed up of being persistently routed to the partner37.mydomainadvisor page everytime I want to open a link or go to another webpage. Google search alerted me to the fact that it was a malware.

Other than being directed to the page I don't want, there are times when everything would seem to slow down for about half a minute while loading new pages. My Internet speed is supposed to be pretty fast. But my brother, who logs in on another account, says he has not experienced anything of the sort.

I've run the MBAM Quick scan and pasted the results below. Would really appreciate some assistance. ;)

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.13.09

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Kay :: EDDIE [administrator]

Protection: Enabled

7/14/2012 1:36:09 AM

mbam-log-2012-07-14 (10-24-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 293750

Time elapsed: 1 hour(s), 10 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 120

HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> No action taken.

HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> No action taken.

HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken.

HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> No action taken.

HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> No action taken.

HKCR\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> No action taken.

HKCR\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> No action taken.

HKCR\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.HbGuru (Adware.ShopperReports) -> No action taken.

HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.

HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> No action taken.

HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> No action taken.

HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.

HKCR\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> No action taken.

HKCR\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> No action taken.

HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> No action taken.

HKCR\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> No action taken.

HKCR\ClickPotatoLiteAX.info (Adware.ClickPotato) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> No action taken.

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> No action taken.

HKCR\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> No action taken.

HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.HbAx.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.HbAx (Adware.ShopperReports) -> No action taken.

HKCR\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> No action taken.

HKCR\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> No action taken.

HKCR\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> No action taken.

HKCR\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> No action taken.

HKCR\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> No action taken.

HKCR\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> No action taken.

HKCR\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.Dwnldr (Adware.ShopperReports) -> No action taken.

HKCR\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.Scopes.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.Scopes (Adware.ShopperReports) -> No action taken.

HKCR\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> No action taken.

HKCR\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> No action taken.

HKCR\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> No action taken.

HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> No action taken.

HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> No action taken.

HKCR\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.Stock (Adware.ShopperReports) -> No action taken.

HKCR\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> No action taken.

HKCR\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.AsyncReporter (Adware.ShopperReports) -> No action taken.

HKCR\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.ReportData.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.ReportData (Adware.ShopperReports) -> No action taken.

HKCR\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> No action taken.

HKCR\Typelib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> No action taken.

HKCR\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> No action taken.

HKCR\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> No action taken.

HKCR\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> No action taken.

HKCR\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> No action taken.

HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> No action taken.

HKCR\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> No action taken.

HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> No action taken.

HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> No action taken.

HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> No action taken.

HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> No action taken.

HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> No action taken.

HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> No action taken.

HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> No action taken.

HKCR\ShopperReports.HbInfoBand (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.IEButton (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.IEButton.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.IEButtonA (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.RprtCtrl (Adware.ShopperReports) -> No action taken.

HKCR\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> No action taken.

HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> No action taken.

HKCR\AppID\CmndFF.DLL (Adware.ClickPotato) -> No action taken.

HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> No action taken.

HKCR\AppID\mozillaps.dll (Adware.ClickPotato) -> No action taken.

HKCR\AppID\Pltfrm.DLL (Adware.ClickPotato) -> No action taken.

HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> No action taken.

HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> No action taken.

HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> No action taken.

HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> No action taken.

HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse (Adware.QuestBrowse) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> No action taken.

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTBROWSE_SERVICE (Adware.QuestBrowse) -> No action taken.

HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_RECYCLED_SERVICES (Worm.AutoRun) -> No action taken.

Registry Values Detected: 5

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.1.22.0 (Adware.HotBar) -> Data: -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E879047EB6765D5B34AA93 (Malware.Trace) -> Data: -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\WINDOWS\system32\regedit.exe -> No action taken.

HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Data: C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions -> No action taken.

HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions -> No action taken.

Registry Data Items Detected: 2

HKLM\System\CurrentControlSet\Services\BITS|ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

HKLM\System\CurrentControlSet\Services\wuauserv|ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Folders Detected: 44

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA (Adware.ClickPotato) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ClickPotatoLite (Adware.ClickPotato) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3 (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\res1 (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3 (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\res2 (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3 (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\res2 (Adware.ShopperReports) -> No action taken.

C:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> No action taken.

C:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> No action taken.

C:\Program Files\ClickPotatoLite\bin\10.0.659.0 (Adware.ClickPotato) -> No action taken.

C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox (Adware.ClickPotato) -> No action taken.

C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) -> No action taken.

C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) -> No action taken.

C:\Program Files\ShopperReports3 (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0 (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> No action taken.

C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

C:\Program Files\QuestBrwSearch (Adware.QuestBrowse) -> No action taken.

C:\Documents and Settings\All Users\Application Data\QuestBrwSearch (Adware.QuestBrowse) -> No action taken.

Files Detected: 60

C:\Program Files\ShopperReports3\bin\3.1.22.0\Pltfrm.dll (Adware.ShopperReports) -> No action taken.

C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll (PUP.Codec.PR) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\mozillaps.dll (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\CmndFF.dll (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\BRNstIE.dll (Adware.ShopperReports) -> No action taken.

D:\My Documents\Downloads\XvidSetup.exe (Adware.Hotbar) -> No action taken.

D:\My Documents\Downloads\Codec-C.exe (Affiliate.Downloader) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\wiaserva.log (Malware.Trace) -> No action taken.

C:\Documents and Settings\Kay\Application Data\wiaserva.log (Malware.Trace) -> No action taken.

C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> No action taken.

C:\Documents and Settings\Glenn\Start Menu\Programs\Startup\Recycled.vbs (Worm.AutoRun) -> No action taken.

C:\Documents and Settings\Kay\Start Menu\Programs\Startup\Recycled.vbs (Worm.AutoRun) -> No action taken.

C:\Documents and Settings\Kay\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

C:\WINDOWS\calc32.log (Malware.Trace) -> No action taken.

C:\WINDOWS\Help\nvwcipess.hlp (Malware.Trace) -> No action taken.

C:\WINDOWS\sndvols.log (Malware.Trace) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat (Adware.ClickPotato) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> No action taken.

C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\link.ico (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll (Adware.ShopperReports) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> No action taken.

C:\Program Files\QuestBrwSearch\uninstall.exe (Adware.QuestBrowse) -> No action taken.

(end)

**EDIT** I'll paste the logs after removal done here.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.13.09

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Kay :: EDDIE [administrator]

Protection: Enabled

7/14/2012 1:36:09 AM

mbam-log-2012-07-14 (01-36-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 293750

Time elapsed: 1 hour(s), 10 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 120

HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.

HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> No action taken.

HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> No action taken.

HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.

HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> No action taken.

HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> No action taken.

HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> No action taken.

HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> No action taken.

HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> No action taken.

HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Quarantined and deleted successfully.

HKCR\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\Typelib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTBROWSE_SERVICE (Adware.QuestBrowse) -> Quarantined and deleted successfully.

HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_RECYCLED_SERVICES (Worm.AutoRun) -> Quarantined and deleted successfully.

Registry Values Detected: 5

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.1.22.0 (Adware.HotBar) -> Data: -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E879047EB6765D5B34AA93 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\WINDOWS\system32\regedit.exe -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Data: C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions -> Quarantined and deleted successfully.

Registry Data Items Detected: 2

HKLM\System\CurrentControlSet\Services\BITS|ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Delete on reboot.

HKLM\System\CurrentControlSet\Services\wuauserv|ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Delete on reboot.

Folders Detected: 44

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files\ClickPotatoLite\bin\10.0.659.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

C:\Program Files\QuestBrwSearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\QuestBrwSearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Files Detected: 60

C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll (PUP.Codec.PR) -> No action taken.

C:\Program Files\ShopperReports3\bin\3.1.22.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

D:\My Documents\Downloads\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

D:\My Documents\Downloads\Codec-C.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Start Menu\Programs\Startup\Recycled.vbs (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Start Menu\Programs\Startup\Recycled.vbs (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\calc32.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\Help\nvwcipess.hlp (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\sndvols.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eddie.ABC-LG75V7NUY72\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Glenn\Application Data\ShopperReports3\IE\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\Kay\Application Data\ShopperReports3\IE\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\InfoPane.xul (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.

C:\Program Files\QuestBrwSearch\uninstall.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Hello Syeki! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow our instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hi Maniac,

Thanks for the reply! I downloaded DDS.src, and when I tried to run it, a screen pops up requesting the disabling of any script blockers. Thing is, I'm not quite sure how to go about this. Still, after a short while, the DDS and Attach logs appeared, so I guess it ran fine?

Also, since I'm on the trial version of MBAM, after I ran the Quick Scan, the partner37.mydomainadviser site has not appeared (its appearances were sporadic in the first place, so this is not confirmed). Is it due to the MBAM software constantly preventing this, or is it because it's really been removed? My concern is that after the MBAM trial has expired, things will go straight back to square one.

Logs pasted below, DDS then Attach. :)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Kay at 11:51:04 on 2012-07-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.775 [GMT 8:00]

.

AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\WINDOWS\System32\igfxsrvc.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Steam\Steam.exe

C:\Documents and Settings\Kay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Blaze Media Pro\NMSAccess32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Kay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Documents and Settings\Kay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Kay\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.my/

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - c:\program files\premiumplay codec-c\Premiumplay Codec-C.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll

BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:\program files\blekkotb_031\blekkotb_019X.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:\program files\blekkotb_031\blekkotb_019X.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [Google Update] "c:\documents and settings\kay\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

mRun: [8169Diag] c:\program files\realtek\diagnostics utility\8169Diag.exe /hw

mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [securDisc] c:\program files\nero\nero 7\incd\NBHGui.exe

mRun: [inCD] c:\program files\nero\nero 7\incd\InCD.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"

mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe

dPolicies-explorer: StartMenuLogOff = 1 (0x1)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Enqueue in Star Downloader - c:\progra~1\stardo~1\sdieenq.htm

IE: Leech with Star Downloader - c:\progra~1\stardo~1\leechie.htm

IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{EC7AFFEB-2CB4-4C0A-9D38-3732EC6A5552} : DhcpNameServer = 192.168.0.1

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll, c:\progra~1\kasper~1\kasper~1\kloehk.dll

.

============= SERVICES / DRIVERS ===============

.

R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-10 132184]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-10 11352]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-8-10 475736]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2009-7-29 33824]

R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-7-2 352976]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-25 54752]

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-5-21 8960]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-14 655944]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-20 24652]

R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-5-21 11264]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-8 32856]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-3 19472]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-14 22344]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-5-21 845184]

S1 f2e30cee;f2e30cee;c:\windows\system32\drivers\f2e30cee.sys [2009-9-19 0]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-22 250056]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\glenn\locals~1\temp\hqv67.tmp --> c:\docume~1\glenn\locals~1\temp\HQV67.tmp [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]

S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\docume~1\glenn\locals~1\temp\rar$ex05.937\moonlight engine 1105.1\ilvmoney1105.sys --> c:\docume~1\glenn\locals~1\temp\rar$ex05.937\moonlight engine 1105.1\IlvMoney1105.sys [?]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2010-4-2 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-4-2 79104]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-5-21 16640]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 tcpip helper;tcpip helper;\??\c:\program files\garena plus\x86\tcpiphlp.sys --> c:\program files\garena plus\x86\tcpiphlp.sys [?]

S3 XDva277;XDva277;\??\c:\windows\system32\xdva277.sys --> c:\windows\system32\XDva277.sys [?]

.

=============== Created Last 30 ================

.

2012-07-13 17:21:53 -------- d-----w- c:\documents and settings\kay\application data\Malwarebytes

2012-07-13 17:21:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-07-13 17:21:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-13 17:21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-18 12:12:10 -------- d-----w- c:\documents and settings\kay\application data\blekkotb_019

2012-06-17 05:08:15 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars

2012-06-17 05:08:08 -------- d-----w- c:\program files\blekkotb_031

2012-06-17 05:08:08 -------- d-----w- c:\documents and settings\kay\application data\blekkotb_031

2012-06-17 05:07:50 -------- d-----w- c:\documents and settings\kay\local settings\application data\blekkotb_031

2012-06-17 05:07:37 -------- d-----w- c:\program files\Alarm Clock

.

==================== Find3M ====================

.

2012-07-15 03:52:41 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-13 12:00:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-13 12:00:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-05 08:39:06 1206910976 ----a-w- c:\program files\LoL_Install_0901.exe

.

============= FINISH: 11:55:36.17 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/25/2009 6:43:06 AM

System Uptime: 7/15/2012 11:34:53 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5KPL-AM

Processor: Intel Pentium III Xeon processor | Socket 775 | 2499/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 146 GiB total, 72.391 GiB free.

D: is FIXED (NTFS) - 152 GiB total, 29.469 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&2C575ACB&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP623: 4/16/2012 6:11:20 PM - System Checkpoint

RP624: 4/17/2012 9:49:25 PM - System Checkpoint

RP625: 4/19/2012 12:27:15 AM - System Checkpoint

RP626: 4/20/2012 11:26:39 PM - System Checkpoint

RP627: 4/22/2012 4:41:08 PM - System Checkpoint

RP628: 4/23/2012 7:57:00 PM - System Checkpoint

RP629: 4/25/2012 1:26:45 PM - System Checkpoint

RP630: 4/27/2012 2:23:10 PM - System Checkpoint

RP631: 4/28/2012 5:21:39 PM - System Checkpoint

RP632: 4/29/2012 7:59:39 PM - System Checkpoint

RP633: 5/1/2012 4:44:25 PM - System Checkpoint

RP634: 5/2/2012 7:42:02 PM - System Checkpoint

RP635: 5/4/2012 2:06:11 PM - System Checkpoint

RP636: 5/6/2012 3:10:19 PM - System Checkpoint

RP637: 5/7/2012 6:05:44 PM - System Checkpoint

RP638: 5/9/2012 7:35:13 PM - System Checkpoint

RP639: 5/10/2012 10:01:39 PM - System Checkpoint

RP640: 5/12/2012 1:19:34 PM - System Checkpoint

RP641: 5/13/2012 1:58:12 PM - System Checkpoint

RP642: 5/14/2012 10:01:40 PM - System Checkpoint

RP643: 5/16/2012 7:21:19 PM - System Checkpoint

RP644: 5/17/2012 7:38:26 PM - System Checkpoint

RP645: 5/18/2012 7:40:38 PM - System Checkpoint

RP646: 5/19/2012 10:29:03 PM - System Checkpoint

RP647: 5/21/2012 5:27:26 PM - System Checkpoint

RP648: 5/23/2012 5:00:22 PM - System Checkpoint

RP649: 5/24/2012 7:28:51 PM - System Checkpoint

RP650: 5/25/2012 9:43:12 PM - System Checkpoint

RP651: 5/26/2012 6:08:40 PM - Restore Operation

RP652: 5/26/2012 6:46:59 PM - Restore Operation

RP653: 5/27/2012 7:09:29 PM - System Checkpoint

RP654: 5/29/2012 10:04:21 PM - System Checkpoint

RP655: 5/30/2012 11:29:23 PM - System Checkpoint

RP656: 6/1/2012 2:45:54 PM - System Checkpoint

RP657: 6/2/2012 3:51:25 PM - System Checkpoint

RP658: 6/3/2012 3:52:13 PM - System Checkpoint

RP659: 6/5/2012 12:01:59 AM - System Checkpoint

RP660: 6/6/2012 8:16:02 PM - System Checkpoint

RP661: 6/7/2012 8:45:27 PM - System Checkpoint

RP662: 6/8/2012 10:20:29 PM - System Checkpoint

RP663: 6/10/2012 2:42:48 PM - System Checkpoint

RP664: 6/11/2012 8:10:42 PM - System Checkpoint

RP665: 6/13/2012 9:00:35 PM - System Checkpoint

RP666: 6/15/2012 2:19:29 AM - System Checkpoint

RP667: 6/16/2012 11:13:03 AM - System Checkpoint

RP668: 6/17/2012 11:47:45 AM - System Checkpoint

RP669: 6/18/2012 8:37:20 PM - System Checkpoint

RP670: 6/19/2012 9:18:42 PM - System Checkpoint

RP671: 6/20/2012 10:11:52 PM - System Checkpoint

RP672: 6/23/2012 5:17:51 PM - System Checkpoint

RP673: 6/24/2012 6:31:47 PM - System Checkpoint

RP674: 6/25/2012 7:57:09 PM - System Checkpoint

RP675: 6/26/2012 9:53:32 PM - System Checkpoint

RP676: 6/27/2012 11:05:39 PM - System Checkpoint

RP677: 6/29/2012 6:21:12 PM - System Checkpoint

RP678: 7/1/2012 1:42:25 PM - System Checkpoint

RP679: 7/3/2012 8:05:08 PM - System Checkpoint

RP680: 7/6/2012 11:47:49 AM - System Checkpoint

RP681: 7/7/2012 12:59:35 PM - System Checkpoint

RP682: 7/8/2012 5:45:23 PM - System Checkpoint

RP683: 7/10/2012 9:30:35 PM - System Checkpoint

RP684: 7/12/2012 2:54:42 PM - System Checkpoint

RP685: 7/13/2012 11:38:34 PM - System Checkpoint

RP686: 7/14/2012 11:39:16 PM - System Checkpoint

.

==== Installed Programs ======================

.

1310

1310_Help

1310Tour

1310Trb

32 Bit HP CIO Components Installer

7-Zip 4.65

Adobe AIR

Adobe Community Help

Adobe Content Viewer

Adobe Download Assistant

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe InDesign CS5.5

Adobe Photoshop 7.0

Adobe Photoshop CS

Adobe Reader 9.3.2

Adobe Shockwave Player 11.5

AIM 7

AiO_Scan

AiOSoftware

Alarm Clock v1.0

Anti-phishing Domain Advisor

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUSUpdate

AVI Player

BitTorrent

Blaze Media Pro

blekko search bar

Bonjour

BufferChm

Compatibility Pack for the 2007 Office system

Convert Doc

Copy

Destinations

DeviceDiscovery

Diagnostics Utility

DivX Setup

DJ_AIO_06_F2400_SW_Min

Download Updater (AOL LLC)

Easy Audio Cutter V2.1

F2400

Fax

FLV Player 2.0 (build 25)

Garena Plus

Google Chrome

Google SketchUp 7

Google Talk (remove only)

GPBaseService2

Half-Life 2: Demo

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

HP Customer Participation Program 13.0

HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6

HP Imaging Device Functions 13.0

HP Print Projects 1.0

HP PSC & OfficeJet 4.2

HP Smart Web Printing 4.5

HP Software Update

HP Solution Center 13.0

HP Update

hpPrintProjects

HPProductAssistant

HPSSupply

hpWLPGInstaller

Intel® Graphics Media Accelerator Driver

IrfanView (remove only)

iTunes

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

Kaspersky Internet Security 2011

Malwarebytes Anti-Malware version 1.62.0.1300

MapleStory

MapleStorySEA

MarketResearch

Media Player Classic - Home Cinema 1.6.0.4014

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office Live Add-in 1.3

Microsoft Office XP Professional with FrontPage

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MP3 Cutter 1.8

MSVCRT

MSXML 4.0 SP2 (KB954430)

Nero 7 Essentials

neroxml

NET Installation Assistance for VB6 App (Runtime Only)

OGA Notifier 1.7.0105.35.0

Orbit Downloader

Overland

PC Probe II

PDF Settings CS5

Plants vs. Zombies Demo

Platform

Portal

Premiumplay Codec-C

ProductContext

QuickTime

RadLight OptimFROG DirectShow Filter (remove only)

Readme

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Recovery for Photoshop

Resize Multiple Image Files Software 7.0

Scan

Security Update for CAPICOM (KB931906)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Segoe UI

Shop for HP Supplies

SmartWebPrinting

SolutionCenter

Status

Steam

Tablet

Toolbox

Topaz DeNoise 5

TrayApp

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB969497)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.6195

VIA Platform Device Manager

Viewpoint Media Player

VLC media player 1.1.11

WavePad Sound Editor

WebFldrs XP

WebReg

Winamp

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format Runtime

WinRAR archiver

Xvid 1.2.1 final uninstall

Yahoo! Toolbar

Zultrax P2P

.

==== Event Viewer Messages From Past Week ========

.

7/14/2012 11:03:58 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

7/12/2012 6:14:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

7/12/2012 6:14:55 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/11/2012 6:15:51 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.

7/11/2012 6:15:51 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

7/11/2012 6:13:42 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Link to post
Share on other sites

Also, since I'm on the trial version of MBAM, after I ran the Quick Scan, the partner37.mydomainadviser site has not appeared (its appearances were sporadic in the first place, so this is not confirmed).

Ignore this part, it's still very much alive.

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

BitTorrent

blekko search bar

Premiumplay Codec-C

Viewpoint Media Player

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.17.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Kay :: EDDIE [administrator]

Protection: Enabled

7/17/2012 2:38:58 PM

mbam-log-2012-07-17 (14-38-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 294207

Time elapsed: 1 hour(s), 17 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 2

HKLM\System\CurrentControlSet\Services\BITS|ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Delete on reboot.

HKLM\System\CurrentControlSet\Services\wuauserv|ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Delete on reboot.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-17 16:26:08

-----------------------------

16:26:08.703 OS Version: Windows 5.1.2600 Service Pack 3

16:26:08.703 Number of processors: 2 586 0x170A

16:26:08.703 ComputerName: EDDIE UserName: Kay

16:26:09.093 Initialize success

16:26:28.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6

16:26:28.312 Disk 0 Vendor: ST3320418AS CC34 Size: 305245MB BusType: 3

16:26:28.328 Disk 0 MBR read successfully

16:26:28.328 Disk 0 MBR scan

16:26:28.328 Disk 0 Windows XP default MBR code

16:26:28.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63

16:26:28.328 Disk 0 Partition - 00 0F Extended LBA 155237 MB offset 307194930

16:26:28.343 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 155237 MB offset 307194993

16:26:28.343 Disk 0 scanning sectors +625121280

16:26:28.421 Disk 0 scanning C:\WINDOWS\system32\drivers

16:26:33.765 Service scanning

16:26:36.187 Service GarenaPEngine C:\DOCUME~1\Glenn\LOCALS~1\Temp\HQV67.tmp **LOCKED** 5

16:26:37.562 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5

16:26:37.562 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5

16:26:37.625 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5

16:26:37.625 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5

16:26:42.875 Modules scanning

16:26:47.421 Disk 0 trace - called modules:

16:26:47.421

16:26:47.421 Scan finished successfully

16:27:01.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kay\Desktop\MBR.dat"

16:27:01.093 The log file has been saved successfully to "C:\Documents and Settings\Kay\Desktop\aswMBR.txt"

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

So I followed the instructions for Combo Fix, one thing bothered me though. My internet connection was not turned off during the scan as it stated it would. Idk if anything crept in during the scan while all the protections were down. The program ran just fine though.

ComboFix 12-07-16.01 - Kay 07/17/2012 18:15:38.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1289 [GMT 8:00]

Running from: c:\downloads\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk

c:\documents and settings\Kay\Application Data\.#

c:\program files\LoL_Install_0901.exe

c:\program files\Shared

c:\windows\apppatch\csrss.exe

c:\windows\csrss.log

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ILVMONEYDRIVER53

-------\Service_IlvMoneyDRIVER53

.

.

((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))

.

.

2012-07-17 10:27 . 2012-07-17 10:28 -------- d-----w- c:\windows\LastGood

2012-07-13 17:21 . 2012-07-13 17:21 -------- d-----w- c:\documents and settings\Kay\Application Data\Malwarebytes

2012-07-13 17:21 . 2012-07-13 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-07-13 17:21 . 2012-07-13 17:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-13 17:21 . 2012-07-03 05:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-18 12:12 . 2012-06-18 12:12 -------- d-----w- c:\documents and settings\Kay\Application Data\blekkotb_019

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-13 12:00 . 2012-04-22 01:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-13 12:00 . 2011-06-09 17:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 07:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 07:19 . 2009-05-20 14:51 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 07:19 . 2009-05-20 14:51 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 07:19 . 2009-05-20 14:51 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 07:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 07:19 . 2009-05-21 03:59 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 07:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 07:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 07:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 07:19 . 2009-05-20 14:51 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 07:19 . 2009-05-21 03:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 07:18 . 2009-05-25 04:40 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 07:18 . 2009-05-25 04:40 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 07:18 . 2009-05-25 04:40 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440]

"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-04-21 139264]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2008-03-21 141848]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2008-03-21 166424]

"Persistence"="c:\windows\System32\igfxpers.exe" [2008-03-21 137752]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]

"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-15 352976]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-2 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [N/A]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2011-10-1 1809680]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"StartMenuLogOff"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Warcraft III\\war3.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"c:\\Program Files\\Zultrax P2P\\Zultrax.Exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Garena Plus\\room\\garena_room.exe"=

.

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/10/2010 8:43 AM 11352]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [7/29/2009 9:26 PM 33824]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/14/2012 1:21 AM 655944]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/8/2010 3:06 AM 32856]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/3/2009 11:27 AM 19472]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/14/2012 1:21 AM 22344]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5/21/2009 12:56 PM 845184]

S1 f2e30cee;f2e30cee;c:\windows\system32\drivers\f2e30cee.sys [9/19/2009 11:23 PM 0]

S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [5/21/2009 12:29 PM 8960]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/22/2012 9:06 AM 250056]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [5/21/2009 12:29 PM 11264]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Glenn\LOCALS~1\Temp\HQV67.tmp --> c:\docume~1\Glenn\LOCALS~1\Temp\HQV67.tmp [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [4/2/2010 8:36 AM 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [4/2/2010 8:36 AM 79104]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [5/21/2009 12:29 PM 16640]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

S3 tcpip helper;tcpip helper;\??\c:\program files\Garena Plus\x86\tcpiphlp.sys --> c:\program files\Garena Plus\x86\tcpiphlp.sys [?]

S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 12:00]

.

2011-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-606747145-839522115-1003Core.job

- c:\documents and settings\Kay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 07:00]

.

2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-606747145-839522115-1003UA.job

- c:\documents and settings\Kay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 07:00]

.

2012-07-17 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2009-01-01 00:04]

.

2012-07-17 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2009-01-01 00:04]

.

2012-02-27 c:\windows\Tasks\wavepadShakeIcon.job

- c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-14 16:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.my/

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Enqueue in Star Downloader - c:\progra~1\STARDO~1\sdieenq.htm

IE: Leech with Star Downloader - c:\progra~1\STARDO~1\leechie.htm

IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

TCP: DhcpNameServer = 192.168.0.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe

AddRemove-Convert Doc_is1 - c:\program files\Softinterface

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-17 18:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\Glenn\LOCALS~1\Temp\HQV67.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3264)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Nero\Nero 7\InCD\InCDsrv.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Blaze Media Pro\NMSAccess32.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\Tablet.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wscntfy.exe

c:\windows\System32\igfxsrvc.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Orbitdownloader\orbitnet.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2012-07-17 18:32:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-17 10:32

.

Pre-Run: 77,703,835,648 bytes free

Post-Run: 83,066,081,280 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 9C0536F5672DEC4C1CA4A28637957AF9

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\Kay\Application Data\blekkotb_019

DDS::
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Still didn't disable my internet connection. Is this of any concern?

ComboFix 12-07-16.01 - Kay 07/17/2012 18:59:59.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1256 [GMT 8:00]

Running from: c:\downloads\ComboFix.exe

Command switches used :: c:\downloads\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Kay\Application Data\blekkotb_019

.

.

((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))

.

.

2012-07-17 10:27 . 2012-07-17 10:35 -------- d-----w- c:\windows\LastGood

2012-07-13 17:21 . 2012-07-13 17:21 -------- d-----w- c:\documents and settings\Kay\Application Data\Malwarebytes

2012-07-13 17:21 . 2012-07-13 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-07-13 17:21 . 2012-07-13 17:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-13 17:21 . 2012-07-03 05:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-13 12:00 . 2012-04-22 01:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-13 12:00 . 2011-06-09 17:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 07:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 07:19 . 2009-05-20 14:51 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 07:19 . 2009-05-20 14:51 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 07:19 . 2009-05-20 14:51 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 07:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 07:19 . 2009-05-21 03:59 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 07:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 07:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 07:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 07:19 . 2009-05-20 14:51 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 07:19 . 2009-05-21 03:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 07:18 . 2009-05-25 04:40 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 07:18 . 2009-05-25 04:40 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 07:18 . 2009-05-25 04:40 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-17_10.29.19 )))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440]

"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-04-21 139264]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2008-03-21 141848]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2008-03-21 166424]

"Persistence"="c:\windows\System32\igfxpers.exe" [2008-03-21 137752]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]

"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-09-15 352976]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-2 113664]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [N/A]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2011-10-1 1809680]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"StartMenuLogOff"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Warcraft III\\war3.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"c:\\Program Files\\Zultrax P2P\\Zultrax.Exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Garena Plus\\room\\garena_room.exe"=

.

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/10/2010 8:43 AM 11352]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [7/29/2009 9:26 PM 33824]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/14/2012 1:21 AM 655944]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/8/2010 3:06 AM 32856]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/3/2009 11:27 AM 19472]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/14/2012 1:21 AM 22344]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5/21/2009 12:56 PM 845184]

S1 f2e30cee;f2e30cee;c:\windows\system32\drivers\f2e30cee.sys [9/19/2009 11:23 PM 0]

S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [5/21/2009 12:29 PM 8960]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/22/2012 9:06 AM 250056]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [5/21/2009 12:29 PM 11264]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Glenn\LOCALS~1\Temp\HQV67.tmp --> c:\docume~1\Glenn\LOCALS~1\Temp\HQV67.tmp [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [4/2/2010 8:36 AM 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [4/2/2010 8:36 AM 79104]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [5/21/2009 12:29 PM 16640]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

S3 tcpip helper;tcpip helper;\??\c:\program files\Garena Plus\x86\tcpiphlp.sys --> c:\program files\Garena Plus\x86\tcpiphlp.sys [?]

S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 12:00]

.

2011-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-606747145-839522115-1003Core.job

- c:\documents and settings\Kay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 07:00]

.

2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-606747145-839522115-1003UA.job

- c:\documents and settings\Kay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-03 07:00]

.

2012-07-17 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2009-01-01 00:04]

.

2012-07-17 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2009-01-01 00:04]

.

2012-02-27 c:\windows\Tasks\wavepadShakeIcon.job

- c:\program files\NCH Software\WavePad\wavepad.exe [2012-01-14 16:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.my/

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Enqueue in Star Downloader - c:\progra~1\STARDO~1\sdieenq.htm

IE: Leech with Star Downloader - c:\progra~1\STARDO~1\leechie.htm

TCP: DhcpNameServer = 192.168.0.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-17 19:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\Glenn\LOCALS~1\Temp\HQV67.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(684)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2012-07-17 19:10:48

ComboFix-quarantined-files.txt 2012-07-17 11:10

ComboFix2.txt 2012-07-17 10:32

.

Pre-Run: 82,482,528,256 bytes free

Post-Run: 82,464,415,744 bytes free

.

- - End Of File - - 9BF1684C21FA4C86B9B641493ADF6D36

Link to post
Share on other sites

Thanks again!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

<p>Well, my IE hangs every time I try to run it, so I ended up resorting to the alternative in Chrome instead.. </p>

<p> </p>

<p> </p>

<div>ESETSmartInstaller@High as downloader log:</div>

<div>all ok</div>

<div># version=7</div>

<div># OnlineScannerApp.exe=1.0.0.1</div>

<div># OnlineScanner.ocx=1.0.0.6583</div>

<div># api_version=3.0.2</div>

<div># EOSSerial=a5759573e8a3eb46a9f4c9e95646f7b6</div>

<div># end=finished</div>

<div># remove_checked=true</div>

<div># archives_checked=false</div>

<div># unwanted_checked=true</div>

<div># unsafe_checked=false</div>

<div># antistealth_checked=true</div>

<div># utc_time=2012-07-17 01:37:05</div>

<div># local_time=2012-07-17 09:37:05 (+0800, Malay Peninsula Standard Time)</div>

<div># country="United States"</div>

<div># lang=1033</div>

<div># osver=5.1.2600 NT Service Pack 3</div>

<div># compatibility_mode=1280 16777175 100 0 61148680 61148680 0 0</div>

<div># compatibility_mode=8192 67108863 100 0 657 657 0 0</div>

<div># scanned=128462</div>

<div># found=14</div>

<div># cleaned=14</div>

<div># scan_time=4902</div>

<div>C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe<span class="Apple-tab-span" style="white-space:pre"> </span>probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP685\A0434240.vbs<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/AutoRun.Hupigon.V worm (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP685\A0434241.vbs<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/AutoRun.Hupigon.V worm (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP688\A0434832.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP688\A0434833.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP688\A0434834.exe<span class="Apple-tab-span" style="white-space:pre"> </span>probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP688\A0434835.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP688\A0434836.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>D:\My Documents\Downloads\159.exe<span class="Apple-tab-span" style="white-space:pre"> </span>multiple threats (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>D:\My Documents\Downloads\Enid_Blyton_72_books.exe<span class="Apple-tab-span" style="white-space:pre"> </span>multiple threats (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div> </div>

Link to post
Share on other sites

I don't know why the format for the previous post turned out like that. o.O re pasting, just in case..

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=a5759573e8a3eb46a9f4c9e95646f7b6

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-17 01:37:05

# local_time=2012-07-17 09:37:05 (+0800, Malay Peninsula Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1280 16777175 100 0 61148680 61148680 0 0

# compatibility_mode=8192 67108863 100 0 657 657 0 0

# scanned=128462

# found=14

# cleaned=14

# scan_time=4902

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP685\A0434240.vbs Win32/AutoRun.Hupigon.V worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP685\A0434241.vbs Win32/AutoRun.Hupigon.V worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP688\A0434832.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP688\A0434833.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP688\A0434834.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP688\A0434835.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{4B67D946-9433-4188-9B1A-133014DE2444}\RP688\A0434836.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\159.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\My Documents\Downloads\Enid_Blyton_72_books.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

When I ran combofix /uninstall, it requested me to disable my anti virus program (Kaspersky) so that it can run effectively. I didn't, and it proceeded to uninstall anyway. I hope it didn't interfere with anything important. o.O

That aside, everything seems to be just fine. ;) Thx again~!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.