bluebell73 Posted November 22, 2009 ID:160957 Share Posted November 22, 2009 Hi! I hope this is the place to post the logfiles, apologies if it isn't. Finally have been able to work around the issues with mbam.exe files, have run Malwarebytes, removed 15 items. Restarted, ran HijackThis, came here to post the results, and still having popups. *popups for a variety of websites, mainly Nexplore*browser being hijacked, mainly through googleThe following is the results of the Malwarebytes scan, followed by the Hijackthis logfile I did upon rebooting. Hope I did this right!Malwarebytes' Anti-Malware 1.41Database version: 2775Windows 5.1.2600 Service Pack 311/21/2009 9:43:45 PMmbam-log-2009-11-21 (21-43-37).txtScan type: Full Scan (C:\|D:\|F:\|)Objects scanned: 215057Time elapsed: 3 hour(s), 39 minute(s), 9 second(s)Memory Processes Infected: 0Memory Modules Infected: 4Registry Keys Infected: 7Registry Values Infected: 4Registry Data Items Infected: 3Folders Infected: 8Files Infected: 94Memory Processes Infected:(No malicious items detected)Memory Modules Infected:c:\WINDOWS\system32\sakidebo.dll (Trojan.Vundo.H) -> No action taken.c:\WINDOWS\system32\jikotato.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\losamine.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\yopopanu.dll (Trojan.Vundo) -> No action taken.Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{605cc962-6dfd-451f-a089-cab8fab55c20} (Trojan.Vundo.H) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> No action taken.HKEY_CLASSES_ROOT\TypeLib\{67450775-3b18-49b1-aa83-0e010f07f4df} (Trojan.Dropper) -> No action taken.HKEY_CLASSES_ROOT\Interface\{69b3ebfa-0015-4914-9312-e7758eacfac1} (Trojan.Dropper) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{30de9920-2e84-40a2-88a5-b8d256e15101} (Trojan.Dropper) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00edf64 (Trojan.Vundo) -> No action taken.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yolimuhoj (Trojan.Vundo.H) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{605cc962-6dfd-451f-a089-cab8fab55c20} (Trojan.Vundo.H) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\hejidijub (Trojan.Vundo.H) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> No action taken.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sakidebo.dll -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sakidebo.dll -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.Folders Infected:C:\Program Files\Bug Doctor (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin (Rogue.BugDoctor) -> No action taken.C:\Program Files\BulletProofSoft.com (Rogue.BulletProofSpyware) -> No action taken.C:\Program Files\BulletProofSoft.com\SpywareRemover (Rogue.BulletProofSpyware) -> No action taken.C:\Program Files\RXToolBar (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\graphics (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\HTML (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\Semantic Insight (Adware.RXToolbar) -> No action taken.Files Infected:c:\WINDOWS\system32\sakidebo.dll (Trojan.Vundo.H) -> No action taken.C:\Program Files\Common Files\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> No action taken.C:\Program Files\Bug Doctor\Bug Doctor Help.chm (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\Get Bonuses.url (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\unins000.dat (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\bug.swf (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\fixing_error-disable.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\fixing_error-normal.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\fixing_error-pressed.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\fixing_error-rollover.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\fix_complete-disable.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\fix_complete-normal.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\fix_complete-pressed.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\fix_complete-roll_over.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\LiveUpdate_disable.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\LiveUpdate_normal.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\LiveUpdate_pressed.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\LiveUpdate_rollover.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\main_disable.jpg (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\main_enable.jpg (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\main_pressed.jpg (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\main_roll_over.jpg (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\mask.bmp (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\mask1.bmp (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\scan.swf (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\scancomplete.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\scanning_error-disable.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\scanning_error-normal.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\scanning_error-pressed.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\scanning_error-rollover.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\scan_complete-disable.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\scan_complete-normal.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\scan_complete-pressed.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\scan_complete-roll_over.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\schedule_disable.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\schedule_normal.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\schedule_pressed.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\schedule_rollover.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\SubMainDisable.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\SubMainNormal.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\SubMainPressed.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\SubMainRollOver.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\support_disable.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\support_normal.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\support_pressed.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\support_rollover.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\Thumbs.db (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\unlock_key-disable.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\unlock_key-normal.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\unlock_key-pressed.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\Bug Doctor\skin\unlock_key-roll_over.gif (Rogue.BugDoctor) -> No action taken.C:\Program Files\BulletProofSoft.com\SpywareRemover\errorlog.txt (Rogue.BulletProofSpyware) -> No action taken.C:\Program Files\BulletProofSoft.com\SpywareRemover\Remove.reg (Rogue.BulletProofSpyware) -> No action taken.C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyLog02-01-05-70259.txt (Rogue.BulletProofSpyware) -> No action taken.C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyLog02-01-05-74709.txt (Rogue.BulletProofSpyware) -> No action taken.C:\Program Files\RXToolBar\rx.xml (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\rxwebsearches.xsl (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\sfcont.bin (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\graphics\additional.gif (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\graphics\additional_active.gif (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\graphics\background.jpg (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\graphics\blue_hr_horz.GIF (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\graphics\gray_hr_horz.GIF (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\graphics\thumbtack.gif (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\graphics\thumbtack_active.gif (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\graphics\thumbtack_click.gif (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\HTML\content.htm (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\HTML\main.htm (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat (Adware.RXToolbar) -> No action taken.C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig (Adware.RXToolbar) -> No action taken.C:\WINDOWS\system32\besohaki.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\dinibafi.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\hilemebu.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\hurasivi.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\huvajolu.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\jikotato.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\katowola.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\kehitulo.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\losamine.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\penipure.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\rahobofo.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\tikiyabu.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\votojoye.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\vumehijo.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\yopopanu.dll (Trojan.Vundo) -> No action taken.C:\WINDOWS\system32\yujitana.dll (Trojan.Vundo) -> No action taken.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:50:38 PM, on 11/21/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TELUS\TELUS security services\Fws.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TELUS\TELUS security services\rps.exeC:\Program Files\TELUS\TELUS security advisor\TsaComHandler.exeC:\WINDOWS\Mixer.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exeC:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\TELUS\TELUS security advisor\Tsa.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Raxco\PerfectDisk\PDEngine.exeC:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS security services\pkR.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exeO4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exeO4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUNO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\8udLSvXn6.exe" /runcleanupscriptO4 - HKLM\..\Run: [yolimuhoj] Rundll32.exe "c:\windows\system32\sakidebo.dll",aO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\SECRET~1\AVG\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\SECRET~1\AVG\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jocelyn\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174174240699O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO20 - AppInit_DLLs: c:\windows\system32\dikemude.dll c:\windows\system32\hizapego.dll c:\windows\system32\jibuvuna.dll c:\windows\system32\wegehove.dll c:\windows\system32\nilofono.dll c:\windows\system32\vujigami.dll c:\windows\system32\duruniwa.dll c:\windows\system32\lokubaja.dll c:\windows\system32\furujeze.dll c:\windows\system32\pasagami.dll c:\windows\system32\lezaromo.dll c:\windows\system32\fatopoze.dll c:\windows\system32\nogorike.dll c:\windows\system32\zuvusibo.dll c:\windows\system32\sabafiru.dll c:\windows\system32\hobavana.dll c:\windows\system32\notabage.dll c:\windows\system32\bohumoye.dll c:\windows\system32\gulobimu.dll c:\windows\system32\yemibumi.dll c:\windows\system32\vatotosa.dll c:\windows\system32\tafiwizo.dll c:\windows\system32\jujukeyo.dll c:\windows\system32\yedibona.dll losamine.dll vekopefu.dll zibipudo.dll c:\windows\system32\sakidebo.dllO21 - SSODL: kejehasit - {abe22075-a82b-4dc5-b05d-e4795d86e856} - c:\windows\system32\hizapego.dll (file missing)O21 - SSODL: vojiviyer - {ecde797c-33a0-4ba8-82b2-296fb65b6c5a} - c:\windows\system32\jibuvuna.dll (file missing)O21 - SSODL: porekiluz - {a672deaa-4d75-4f5f-bc85-4f46221d159d} - c:\windows\system32\wegehove.dll (file missing)O21 - SSODL: gegamitim - {e370e5d2-5994-4862-a172-7fa475a4a621} - c:\windows\system32\nilofono.dll (file missing)O21 - SSODL: yozewehev - {2cb7e045-88d7-4e65-b5d5-ab1413681229} - c:\windows\system32\vujigami.dll (file missing)O21 - SSODL: yujukonin - {05780f8a-3ff7-4c57-a0de-a71a92b3abdc} - c:\windows\system32\duruniwa.dll (file missing)O21 - SSODL: nimitosej - {c4e43ced-48e7-438d-9772-2bb961a54015} - c:\windows\system32\lokubaja.dll (file missing)O21 - SSODL: jitamapop - {6770d18d-109b-4687-9d47-c051e36de579} - c:\windows\system32\furujeze.dll (file missing)O21 - SSODL: jotekupiv - {c3f65d12-63f1-4f03-bba2-8b5902f0b921} - c:\windows\system32\yofolufe.dll (file missing)O21 - SSODL: wotawetun - {8a5f7c04-64a3-44bb-843d-740249023c80} - c:\windows\system32\pasagami.dll (file missing)O21 - SSODL: jayugavuj - {c7550f50-b8af-4cca-bcea-ffdb3e69111a} - c:\windows\system32\lezaromo.dll (file missing)O21 - SSODL: sowotilob - {31ee7e6b-94eb-49e9-a16b-e321f6f6c9e0} - c:\windows\system32\fatopoze.dll (file missing)O21 - SSODL: jehapumig - {0902ff81-5b8f-4887-9e37-4dd1382436a9} - c:\windows\system32\nogorike.dll (file missing)O21 - SSODL: saluvibew - {fa199d5c-b112-453e-bcb5-249c29e785ae} - c:\windows\system32\zuvusibo.dll (file missing)O21 - SSODL: lodesuyoz - {6edfb859-ab71-4aeb-b4a2-589c2a581270} - c:\windows\system32\sabafiru.dll (file missing)O21 - SSODL: mohatumav - {788f9630-2a05-495e-a8e8-9583ba7c8e8c} - c:\windows\system32\hobavana.dll (file missing)O21 - SSODL: zupikezed - {c99952c6-a3b2-4d8b-99f9-4c7deaa33169} - c:\windows\system32\notabage.dll (file missing)O21 - SSODL: hivifurer - {e7ca829d-9399-4383-a16f-f51abe76e9d5} - c:\windows\system32\bohumoye.dll (file missing)O21 - SSODL: pimaloyif - {64eaee8f-98ef-4d7c-93a5-a416d8b8ffec} - c:\windows\system32\gulobimu.dll (file missing)O21 - SSODL: yalinomuv - {fd441ad4-56a7-4bd6-b008-9cdb9ddc0fe3} - c:\windows\system32\yemibumi.dll (file missing)O21 - SSODL: yemizojih - {12d3f43a-b8b0-4d29-bf91-dcdff27c5c68} - c:\windows\system32\vatotosa.dll (file missing)O21 - SSODL: tizumunoy - {a2ece251-3b1b-4cd8-9ac4-959bdc844b85} - c:\windows\system32\tafiwizo.dll (file missing)O21 - SSODL: luzabizaf - {10d08520-c86d-4077-9f73-01cae1b94eab} - c:\windows\system32\jujukeyo.dll (file missing)O21 - SSODL: junilifas - {8a954e5b-f83b-40d6-9cbe-045a060bf07b} - c:\windows\system32\yedibona.dll (file missing)O21 - SSODL: hejidijub - {605cc962-6dfd-451f-a089-cab8fab55c20} - c:\windows\system32\sakidebo.dllO22 - SharedTaskScheduler: mujuzedij - {abe22075-a82b-4dc5-b05d-e4795d86e856} - c:\windows\system32\hizapego.dll (file missing)O22 - SharedTaskScheduler: jugezatag - {ecde797c-33a0-4ba8-82b2-296fb65b6c5a} - c:\windows\system32\jibuvuna.dll (file missing)O22 - SharedTaskScheduler: jugezatag - {a672deaa-4d75-4f5f-bc85-4f46221d159d} - c:\windows\system32\wegehove.dll (file missing)O22 - SharedTaskScheduler: mujuzedij - {e370e5d2-5994-4862-a172-7fa475a4a621} - c:\windows\system32\nilofono.dll (file missing)O22 - SharedTaskScheduler: jugezatag - {2cb7e045-88d7-4e65-b5d5-ab1413681229} - c:\windows\system32\vujigami.dll (file missing)O22 - SharedTaskScheduler: kupuhivus - {05780f8a-3ff7-4c57-a0de-a71a92b3abdc} - c:\windows\system32\duruniwa.dll (file missing)O22 - SharedTaskScheduler: gahurihor - {c4e43ced-48e7-438d-9772-2bb961a54015} - c:\windows\system32\lokubaja.dll (file missing)O22 - SharedTaskScheduler: gahurihor - {6770d18d-109b-4687-9d47-c051e36de579} - c:\windows\system32\furujeze.dll (file missing)O22 - SharedTaskScheduler: jugezatag - {c3f65d12-63f1-4f03-bba2-8b5902f0b921} - c:\windows\system32\yofolufe.dll (file missing)O22 - SharedTaskScheduler: jugezatag - {8a5f7c04-64a3-44bb-843d-740249023c80} - c:\windows\system32\pasagami.dll (file missing)O22 - SharedTaskScheduler: tokatiluy - {c7550f50-b8af-4cca-bcea-ffdb3e69111a} - c:\windows\system32\lezaromo.dll (file missing)O22 - SharedTaskScheduler: jugezatag - {31ee7e6b-94eb-49e9-a16b-e321f6f6c9e0} - c:\windows\system32\fatopoze.dll (file missing)O22 - SharedTaskScheduler: mujuzedij - {0902ff81-5b8f-4887-9e37-4dd1382436a9} - c:\windows\system32\nogorike.dll (file missing)O22 - SharedTaskScheduler: tokatiluy - {fa199d5c-b112-453e-bcb5-249c29e785ae} - c:\windows\system32\zuvusibo.dll (file missing)O22 - SharedTaskScheduler: jugezatag - {6edfb859-ab71-4aeb-b4a2-589c2a581270} - c:\windows\system32\sabafiru.dll (file missing)O22 - SharedTaskScheduler: jugezatag - {788f9630-2a05-495e-a8e8-9583ba7c8e8c} - c:\windows\system32\hobavana.dll (file missing)O22 - SharedTaskScheduler: kupuhivus - {c99952c6-a3b2-4d8b-99f9-4c7deaa33169} - c:\windows\system32\notabage.dll (file missing)O22 - SharedTaskScheduler: gahurihor - {e7ca829d-9399-4383-a16f-f51abe76e9d5} - c:\windows\system32\bohumoye.dll (file missing)O22 - SharedTaskScheduler: gahurihor - {64eaee8f-98ef-4d7c-93a5-a416d8b8ffec} - c:\windows\system32\gulobimu.dll (file missing)O22 - SharedTaskScheduler: tokatiluy - {fd441ad4-56a7-4bd6-b008-9cdb9ddc0fe3} - c:\windows\system32\yemibumi.dll (file missing)O22 - SharedTaskScheduler: mujuzedij - {12d3f43a-b8b0-4d29-bf91-dcdff27c5c68} - c:\windows\system32\vatotosa.dll (file missing)O22 - SharedTaskScheduler: gahurihor - {a2ece251-3b1b-4cd8-9ac4-959bdc844b85} - c:\windows\system32\tafiwizo.dll (file missing)O22 - SharedTaskScheduler: kupuhivus - {10d08520-c86d-4077-9f73-01cae1b94eab} - c:\windows\system32\jujukeyo.dll (file missing)O22 - SharedTaskScheduler: kupuhivus - {8a954e5b-f83b-40d6-9cbe-045a060bf07b} - c:\windows\system32\yedibona.dll (file missing)O22 - SharedTaskScheduler: mujuzedij - {605cc962-6dfd-451f-a089-cab8fab55c20} - c:\windows\system32\sakidebo.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exeO23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exeO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exeO23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)O23 - Service: TELUS security services (Radialpoint Security Services) - TELUS - C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exeO23 - Service: TELUS security services Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS security services\Fws.exeO23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exeO23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe--End of file - 16011 bytes Link to post Share on other sites More sharing options...
SpySentinel Posted November 22, 2009 ID:161117 Share Posted November 22, 2009 Hi bluebell73, welcome to Malwarebytes Please run a Malwarebytes scan again, adn this time when it shows the threats it found, choose to Remove them.Then....Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".[*]During the download, rename Combofix to Combo-Fix as follows:[*]It is important you rename Combofix during the download, but not after.[*]Please do not rename Combofix to other names, but only to the one indicated.[*]Close any open browsers.[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers.WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------[*]Double click on combo-Fix.exe & follow the prompts.[*]When finished, it will produce a report for you. [*]Please post the "C:\Combo-Fix.txt" for further review.**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall** Link to post Share on other sites More sharing options...
bluebell73 Posted November 23, 2009 Author ID:161299 Share Posted November 23, 2009 downloaded combofix, changed the name to combo-fix. closed ad-aware, closed my virus-scan software. immediately inundated with nexplore popups, close browser and shut off internet connection. Load Combo-fix. says files are corrupted, will need new download. Then combo-fix window pops up saying do i *really* want to shut off my anti-virus software, I say yes. At this point, I cannot connect with internet long enough to try downloading a fresh copy of combofix without multiple browser hijacks. about to try again, though i'm apparently unable to completely shut down my virus scan from running in background mode! I'll do my best, as I realized this may cause problems. Let you know what happens. Link to post Share on other sites More sharing options...
SpySentinel Posted November 23, 2009 ID:161404 Share Posted November 23, 2009 Thanks,If you can you can download a fresh copy to either Flash Drive or CD and run comboFix that way. Link to post Share on other sites More sharing options...
bluebell73 Posted November 23, 2009 Author ID:161420 Share Posted November 23, 2009 I tried again, I think the issues were due to my virus scan running in background mode the first time, as the second time I was able to run combo fix. Here's the log from that. ComboFix 09-11-22.04 - Jocelyn 11/23/2009 0:00.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.211 [GMT -8:00]Running from: c:\documents and settings\Jocelyn\Desktop\Combo-Fix.exeAV: 0.-1.2089878893 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}AV: TELUS security services Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}FW: TELUS security services Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22} * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\INSTAFINKc:\program files\INSTAFINK\Cache\T15150.tmpc:\program files\Need2Findc:\program files\Need2Find\bar\1.bin\N2FFXTBR.JARc:\program files\Need2Find\bar\1.bin\N2NTSTBR.JARc:\program files\Need2Find\bar\1.bin\PARTNER.DATc:\recycler\S-1-5-21-746137067-706699826-1708537768-1003(2)c:\windows\patch.exec:\windows\system32\AdCachec:\windows\system32\AdCache\B_329_0_0_106800.htmc:\windows\system32\AdCache\B_329_0_0_107400.htmc:\windows\system32\AdCache\B_329_1_0_449200.gifc:\windows\system32\AdCache\B_329_1_0_449600.gifc:\windows\system32\AdCache\B_329_1_0_454300.gifc:\windows\system32\AdCache\B_329_2_0_106800.htmc:\windows\system32\AdCache\B_329_2_0_107400.htmc:\windows\system32\AdCache\B_329_3_0_106800.htmc:\windows\system32\AdCache\B_329_3_0_107400.htmc:\windows\system32\AdCache\B_329_4_0_111600.htmc:\windows\system32\AdCache\B_329_4_0_152400.htmc:\windows\system32\AdCache\B_329_4_0_155300.htmc:\windows\system32\AdCache\B_329_4_0_164100.htmc:\windows\system32\AdCache\Thumbs.dbc:\windows\system32\cache329c:\windows\system32\cache329\B_329_0_0_106800.htmc:\windows\system32\cache329\B_329_0_0_107400.htmc:\windows\system32\cache329\B_329_1_0_449200.gifc:\windows\system32\cache329\B_329_1_0_449600.gifc:\windows\system32\cache329\B_329_1_0_454300.gifc:\windows\system32\cache329\B_329_2_0_106800.htmc:\windows\system32\cache329\B_329_2_0_107400.htmc:\windows\system32\cache329\B_329_3_0_106800.htmc:\windows\system32\cache329\B_329_3_0_107400.htmc:\windows\system32\cache329\B_329_4_0_111600.htmc:\windows\system32\cache329\B_329_4_0_152400.htmc:\windows\system32\cache329\B_329_4_0_155300.htmc:\windows\system32\cache329\B_329_4_0_164100.htmc:\windows\system32\cache329\t_B_329_0_0_106800.htmc:\windows\system32\cache329\t_B_329_0_0_107400.htmc:\windows\system32\cache329\t_B_329_2_0_106800.htmc:\windows\system32\cache329\t_B_329_2_0_107400.htmc:\windows\system32\cache329\t_B_329_3_0_106800.htmc:\windows\system32\cache329\t_B_329_3_0_107400.htmc:\windows\system32\cache329\t_B_329_4_0_111600.htmc:\windows\system32\cache329\t_B_329_4_0_152400.htmc:\windows\system32\cache329\t_B_329_4_0_155300.htmc:\windows\system32\cache329\t_B_329_4_0_164100.htmc:\windows\system32\cache329\Thumbs.dbc:\windows\system32\dimadadu.dllc:\windows\system32\dogejuhu.dllc:\windows\system32\febobafi.dllc:\windows\system32\fivipute.dllc:\windows\system32\koburiwi.dllc:\windows\System32\losamine.dllc:\windows\system32\P2P Networkingc:\windows\system32\P2P Networking\Cache\Database\file-10000-0x121a5443392ba651e819da3fa477ec31.sigc:\windows\system32\P2P Networking\Cache\Database\file-10000-0x4be0cf57daf05bf43d27718ae7162368.sigc:\windows\system32\P2P Networking\Cache\Database\file-10000-0x7f5ca253b385859d8f34a7077ee2842e.sigc:\windows\system32\P2P Networking\Cache\Database\file-10001-110.sigc:\windows\system32\P2P Networking\Cache\Database\file-10001-2963153630.sigc:\windows\system32\P2P Networking\Cache\Database\file-1005-1020048.sigc:\windows\system32\P2P Networking\Cache\Database\index256.dbbc:\windows\system32\P2P Networking\P2P Networking.engc:\windows\system32\Packet.dllc:\windows\system32\raganapo.dllc:\windows\system32\razifazi.dllc:\windows\system32\sakidebo.dllc:\windows\system32\sekanawo.dllc:\windows\system32\terozepu.dllc:\windows\system32\vekopefu.dllc:\windows\system32\wivehezo.dllc:\windows\system32\yopopanu.dllc:\windows\system32\zibipudo.dllc:\windows\Tasks\xfqlnqda.jobc:\windows\winhelp.iniC:\xcrashdump.dat.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_POWERMANAGER-------\Service_PowerManager((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 ))))))))))))))))))))))))))))))).2009-11-23 07:50 . 2009-11-23 07:51 -------- dc----w- C:\32788R22FWJFW.0.tmp2009-11-22 19:35 . 2009-11-22 19:35 -------- dc----w- C:\Combo-Fix2009-11-22 01:57 . 2009-11-22 01:57 -------- dc----w- c:\documents and settings\Jocelyn\Application Data\Malwarebytes2009-11-22 01:30 . 2009-09-10 22:54 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-11-22 01:30 . 2009-11-22 01:30 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes2009-11-22 01:30 . 2009-09-10 22:53 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys2009-11-22 01:30 . 2009-11-22 19:17 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware2009-11-15 19:03 . 2009-11-15 19:03 152576 -c--a-w- c:\documents and settings\Jocelyn\Application Data\Sun\Java\jre1.6.0_17\lzma.dll2009-11-15 19:01 . 2009-11-15 19:03 79488 -c--a-w- c:\documents and settings\Jocelyn\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll2009-11-15 18:57 . 2008-12-04 09:25 120832 -c--a-w- c:\documents and settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\profilenew\5b0664lw.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll2009-11-15 02:04 . 2009-11-15 02:04 -------- dc----w- C:\VundoFix Backups2009-11-11 08:28 . 2009-11-11 08:28 247280 -c--a-w- c:\documents and settings\Jocelyn\Application Data\Mozilla\plugins\npgoogletalk.dll2009-11-02 20:30 . 2009-11-02 20:30 93360 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys2009-10-26 19:29 . 2009-09-23 12:55 64288 -c--a-w- c:\windows\system32\drivers\Lbd.sys2009-10-26 19:28 . 2009-11-19 20:30 862040 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe2009-10-26 19:28 . 2009-11-19 20:30 206944 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll2009-10-26 19:28 . 2009-11-19 20:30 390288 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll2009-10-26 19:28 . 2009-11-19 20:30 537576 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll2009-10-26 19:28 . 2009-11-19 20:30 370744 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll2009-10-26 19:28 . 2009-11-19 20:30 163728 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll2009-10-26 19:28 . 2009-11-19 20:30 194104 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll2009-10-26 19:27 . 2009-11-19 20:30 327000 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll2009-10-26 19:27 . 2009-11-19 20:30 87496 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll2009-10-26 19:27 . 2009-11-19 20:30 933120 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll2009-10-26 19:27 . 2009-11-19 20:30 641632 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe2009-10-26 19:27 . 2009-11-19 20:30 816272 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe2009-10-26 19:26 . 2009-11-19 20:29 822904 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe2009-10-26 19:26 . 2009-11-19 20:29 1638640 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe2009-10-26 19:26 . 2009-11-19 20:29 788880 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe2009-10-26 19:26 . 2009-11-19 20:29 1184912 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe2009-10-26 19:24 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe2009-10-26 19:23 . 2009-10-26 19:23 -------- dc----w- c:\program files\Lavasoft2009-10-26 19:23 . 2009-10-26 19:23 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft2009-10-26 19:17 . 2009-10-26 19:24 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-11-23 08:37 . 2009-03-07 00:41 25638176 --sha-w- c:\windows\system32\drivers\fidbox.dat2009-11-23 08:29 . 2009-03-07 00:41 762656 --sha-w- c:\windows\system32\drivers\fidbox2.dat2009-11-23 08:24 . 2009-03-07 00:41 74588 --sha-w- c:\windows\system32\drivers\fidbox2.idx2009-11-23 08:24 . 2009-03-07 00:41 349496 --sha-w- c:\windows\system32\drivers\fidbox.idx2009-11-15 19:12 . 2006-08-08 23:23 -------- dc----w- c:\program files\Java2009-11-08 11:09 . 2006-11-05 07:12 51376 -c--a-w- c:\documents and settings\Jocelyn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-11-02 20:30 . 2009-11-02 20:30 93360 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys2009-11-02 20:30 . 2009-11-02 20:30 554280 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll2009-11-02 20:30 . 2009-11-02 20:30 15880 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe2009-11-02 20:30 . 2009-10-27 02:34 15880 -c--a-w- c:\windows\system32\lsdelete.exe2009-11-02 20:30 . 2009-11-02 20:30 212480 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll2009-11-02 20:30 . 2009-11-02 20:30 283944 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll2009-11-02 20:30 . 2009-11-02 20:30 1223976 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll2009-11-02 20:30 . 2009-11-02 20:30 242984 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll2009-11-02 20:30 . 2009-11-02 20:30 5908024 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll2009-10-28 00:08 . 2009-10-28 00:08 -------- dc----w- c:\program files\Trend Micro2009-10-27 04:02 . 2006-12-15 06:00 -------- dc----w- c:\program files\CCleaner2009-10-11 12:17 . 2009-05-13 23:00 411368 -c--a-w- c:\windows\system32\deploytk.dll2009-09-11 14:18 . 2002-08-29 12:00 136192 -c--a-w- c:\windows\system32\msv1_0.dll2009-09-04 21:03 . 2002-08-29 12:00 58880 -c--a-w- c:\windows\system32\msasn1.dll2009-08-29 07:36 . 2004-08-24 04:32 832512 -c--a-w- c:\windows\system32\wininet.dll2009-08-29 07:36 . 2004-08-04 07:56 78336 -c--a-w- c:\windows\system32\ieencode.dll2009-08-29 07:36 . 2002-08-29 12:00 17408 -c--a-w- c:\windows\system32\corpol.dll2009-08-26 08:00 . 2002-08-29 12:00 247326 -c--a-w- c:\windows\system32\strmdll.dll2004-08-28 11:51 . 2004-08-28 11:33 3612764 -c--a-w- c:\program files\Hollywood Screenplay Superpro.exe2004-07-01 20:40 . 2004-07-01 20:40 32 -csha-w- c:\windows\{0D835F36-EC86-4481-BD38-DCFF8EE52610}.dat2004-07-01 20:39 . 2004-07-01 20:39 32 -csha-w- c:\windows\{B7F61D04-05E7-401B-A385-70A7D6D85988}.dat2004-07-01 20:39 . 2004-07-01 20:39 32 -csha-w- c:\windows\system32\{66BEA561-2870-437D-81B4-9394DA013C1D}.dat2004-07-01 20:40 . 2004-07-01 20:40 32 -csha-w- c:\windows\system32\{B2BB8757-6E43-4AC8-B04E-154CD33E6134}.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Google Update"="c:\documents and settings\Jocelyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-15 133104]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 44032]"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]"TELUS_McciTrayApp"="c:\program files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe" [2007-10-08 1462272]"TELUS_eCare_Lite_McciTrayApp"="c:\program files\TELUS_eCare_Lite\eCareTrayApp.exe" [2007-01-24 1007720]"Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2008-09-18 3228912]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\8udLSvXn6.exe" [2009-11-22 1312080]"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-16 1818624][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"SRUUninstall"="c:\windows\system32\msiexec.exe" [2008-04-14 78848]"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-1 113664]Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"AVGEMS"=2 (0x2)"Avg7UpdSvc"=2 (0x2)"Avg7Alrt"=2 (0x2)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="c:\\WINDOWS\\system32\\usmt\\migwiz.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"="c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"="c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Documents and Settings\\Jocelyn\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"="c:\\Documents and Settings\\Jocelyn\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="c:\\Program Files\\TELUS\\TELUS security services\\RpsSecurityAwareR.exe"="c:\\WINDOWS\\system32\\taskmgr.exe"="c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"="c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"="c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpsvc.exe"="c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe"="c:\\Program Files\\TELUS\\TELUS Support Centre\\bin\\McciTrayApp.exe"="c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"="c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/26/2009 11:29 AM 64288]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1184912]R3 Radialpoint Security Services;TELUS security services;c:\program files\TELUS\TELUS security services\RpsSecurityAwareR.exe [12/9/2008 3:04 PM 97520]S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [11/13/2006 8:52 PM 96256]S3 dwusbdnt;dwusbdnt;c:\windows\system32\drivers\dwusbdnt.sys [7/31/2005 6:16 PM 10368].Contents of the 'Scheduled Tasks' folder2009-11-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:29]2009-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]2009-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-706699826-1708537768-1004Core.job- c:\documents and settings\Jocelyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 05:25]2009-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-706699826-1708537768-1004UA.job- c:\documents and settings\Jocelyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 05:25]..------- Supplementary Scan -------.uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}mSearch Bar = uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jocelyn\Start Menu\Programs\IMVU\Run IMVU.lnkDPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - c:\documents and settings\Jocelyn\Application Data\Mozilla\Firefox\Profiles\profilenew\5b0664lw.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - GoogleFF - plugin: c:\documents and settings\Jocelyn\Application Data\Mozilla\plugins\npgoogletalk.dllFF - plugin: c:\documents and settings\Jocelyn\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dllFF - plugin: c:\program files\TELUS\TELUS security advisor\nprpspa.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);.- - - - ORPHANS REMOVED - - - -BHO-{a0bf3b46-f61f-4b09-9d6e-46a6be67e115} - dimadadu.dllHKLM-Run-yolimuhoj - c:\windows\system32\fivipute.dllHKLM-Run-hufunatodi - yopopanu.dllSharedTaskScheduler-{abe22075-a82b-4dc5-b05d-e4795d86e856} - c:\windows\system32\hizapego.dllSharedTaskScheduler-{ecde797c-33a0-4ba8-82b2-296fb65b6c5a} - c:\windows\system32\jibuvuna.dllSharedTaskScheduler-{a672deaa-4d75-4f5f-bc85-4f46221d159d} - c:\windows\system32\wegehove.dllSharedTaskScheduler-{e370e5d2-5994-4862-a172-7fa475a4a621} - c:\windows\system32\nilofono.dllSharedTaskScheduler-{2cb7e045-88d7-4e65-b5d5-ab1413681229} - c:\windows\system32\vujigami.dllSharedTaskScheduler-{05780f8a-3ff7-4c57-a0de-a71a92b3abdc} - c:\windows\system32\duruniwa.dllSharedTaskScheduler-{c4e43ced-48e7-438d-9772-2bb961a54015} - c:\windows\system32\lokubaja.dllSharedTaskScheduler-{6770d18d-109b-4687-9d47-c051e36de579} - c:\windows\system32\furujeze.dllSharedTaskScheduler-{c3f65d12-63f1-4f03-bba2-8b5902f0b921} - c:\windows\system32\yofolufe.dllSharedTaskScheduler-{8a5f7c04-64a3-44bb-843d-740249023c80} - c:\windows\system32\pasagami.dllSharedTaskScheduler-{c7550f50-b8af-4cca-bcea-ffdb3e69111a} - c:\windows\system32\lezaromo.dllSharedTaskScheduler-{31ee7e6b-94eb-49e9-a16b-e321f6f6c9e0} - c:\windows\system32\fatopoze.dllSharedTaskScheduler-{0902ff81-5b8f-4887-9e37-4dd1382436a9} - c:\windows\system32\nogorike.dllSharedTaskScheduler-{fa199d5c-b112-453e-bcb5-249c29e785ae} - c:\windows\system32\zuvusibo.dllSharedTaskScheduler-{6edfb859-ab71-4aeb-b4a2-589c2a581270} - c:\windows\system32\sabafiru.dllSharedTaskScheduler-{788f9630-2a05-495e-a8e8-9583ba7c8e8c} - c:\windows\system32\hobavana.dllSharedTaskScheduler-{c99952c6-a3b2-4d8b-99f9-4c7deaa33169} - c:\windows\system32\notabage.dllSharedTaskScheduler-{e7ca829d-9399-4383-a16f-f51abe76e9d5} - c:\windows\system32\bohumoye.dllSharedTaskScheduler-{64eaee8f-98ef-4d7c-93a5-a416d8b8ffec} - c:\windows\system32\gulobimu.dllSharedTaskScheduler-{fd441ad4-56a7-4bd6-b008-9cdb9ddc0fe3} - c:\windows\system32\yemibumi.dllSharedTaskScheduler-{12d3f43a-b8b0-4d29-bf91-dcdff27c5c68} - c:\windows\system32\vatotosa.dllSharedTaskScheduler-{a2ece251-3b1b-4cd8-9ac4-959bdc844b85} - c:\windows\system32\tafiwizo.dllSharedTaskScheduler-{10d08520-c86d-4077-9f73-01cae1b94eab} - c:\windows\system32\jujukeyo.dllSharedTaskScheduler-{8a954e5b-f83b-40d6-9cbe-045a060bf07b} - c:\windows\system32\yedibona.dllSharedTaskScheduler-{c59cee3a-0e91-4c95-a0a7-b9bb84270654} - c:\windows\system32\fivipute.dllSSODL-kejehasit-{abe22075-a82b-4dc5-b05d-e4795d86e856} - c:\windows\system32\hizapego.dllSSODL-vojiviyer-{ecde797c-33a0-4ba8-82b2-296fb65b6c5a} - c:\windows\system32\jibuvuna.dllSSODL-porekiluz-{a672deaa-4d75-4f5f-bc85-4f46221d159d} - c:\windows\system32\wegehove.dllSSODL-gegamitim-{e370e5d2-5994-4862-a172-7fa475a4a621} - c:\windows\system32\nilofono.dllSSODL-yozewehev-{2cb7e045-88d7-4e65-b5d5-ab1413681229} - c:\windows\system32\vujigami.dllSSODL-yujukonin-{05780f8a-3ff7-4c57-a0de-a71a92b3abdc} - c:\windows\system32\duruniwa.dllSSODL-nimitosej-{c4e43ced-48e7-438d-9772-2bb961a54015} - c:\windows\system32\lokubaja.dllSSODL-jitamapop-{6770d18d-109b-4687-9d47-c051e36de579} - c:\windows\system32\furujeze.dllSSODL-jotekupiv-{c3f65d12-63f1-4f03-bba2-8b5902f0b921} - c:\windows\system32\yofolufe.dllSSODL-wotawetun-{8a5f7c04-64a3-44bb-843d-740249023c80} - c:\windows\system32\pasagami.dllSSODL-jayugavuj-{c7550f50-b8af-4cca-bcea-ffdb3e69111a} - c:\windows\system32\lezaromo.dllSSODL-sowotilob-{31ee7e6b-94eb-49e9-a16b-e321f6f6c9e0} - c:\windows\system32\fatopoze.dllSSODL-jehapumig-{0902ff81-5b8f-4887-9e37-4dd1382436a9} - c:\windows\system32\nogorike.dllSSODL-saluvibew-{fa199d5c-b112-453e-bcb5-249c29e785ae} - c:\windows\system32\zuvusibo.dllSSODL-lodesuyoz-{6edfb859-ab71-4aeb-b4a2-589c2a581270} - c:\windows\system32\sabafiru.dllSSODL-mohatumav-{788f9630-2a05-495e-a8e8-9583ba7c8e8c} - c:\windows\system32\hobavana.dllSSODL-zupikezed-{c99952c6-a3b2-4d8b-99f9-4c7deaa33169} - c:\windows\system32\notabage.dllSSODL-hivifurer-{e7ca829d-9399-4383-a16f-f51abe76e9d5} - c:\windows\system32\bohumoye.dllSSODL-pimaloyif-{64eaee8f-98ef-4d7c-93a5-a416d8b8ffec} - c:\windows\system32\gulobimu.dllSSODL-yalinomuv-{fd441ad4-56a7-4bd6-b008-9cdb9ddc0fe3} - c:\windows\system32\yemibumi.dllSSODL-yemizojih-{12d3f43a-b8b0-4d29-bf91-dcdff27c5c68} - c:\windows\system32\vatotosa.dllSSODL-tizumunoy-{a2ece251-3b1b-4cd8-9ac4-959bdc844b85} - c:\windows\system32\tafiwizo.dllSSODL-luzabizaf-{10d08520-c86d-4077-9f73-01cae1b94eab} - c:\windows\system32\jujukeyo.dllSSODL-junilifas-{8a954e5b-f83b-40d6-9cbe-045a060bf07b} - c:\windows\system32\yedibona.dllSSODL-wufavafis-{c59cee3a-0e91-4c95-a0a7-b9bb84270654} - c:\windows\system32\fivipute.dll**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-11-23 00:27Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-746137067-706699826-1708537768-1004\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(912)c:\windows\system32\Ati2evxx.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\program files\TELUS\TELUS security services\Fws.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\Motive\McciCMService.exec:\program files\Raxco\PerfectDisk\PDAgent.exec:\windows\system32\Ati2evxx.exec:\program files\TELUS\TELUS security services\rps.exec:\program files\Canon\CAL\CALMAIN.exec:\windows\System32\wbem\unsecapp.exec:\program files\TELUS\TELUS security advisor\TsaComHandler.exec:\program files\Lavasoft\Ad-Aware\AAWTray.exec:\program files\TELUS\TELUS security services\Kav\Bin\ScanningProcess.exe.**************************************************************************.Completion time: 2009-11-23 00:58 - machine was rebootedComboFix-quarantined-files.txt 2009-11-23 08:58Pre-Run: 5,579,218,944 bytes freePost-Run: 6,269,939,712 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn- - End Of File - - 6007568B5704A6F606FC52DFF4DC5776 Link to post Share on other sites More sharing options...
bluebell73 Posted November 23, 2009 Author ID:161432 Share Posted November 23, 2009 thought I should also provide a brand new HijackThis log for you as well. Will run Malwarebytes again today as well. Also happy to report that I am now able to turn Windows Update on and thus far, it appears to have stayed on. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:36:17 AM, on 11/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TELUS\TELUS security services\Fws.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TELUS\TELUS security services\rps.exeC:\Program Files\TELUS\TELUS security advisor\TsaComHandler.exeC:\WINDOWS\Mixer.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exeC:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exeC:\Program Files\TELUS\TELUS security advisor\Tsa.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Raxco\PerfectDisk\PDEngine.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS security services\pkR.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exeO4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exeO4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUNO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\8udLSvXn6.exe" /runcleanupscriptO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jocelyn\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174174240699O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exeO23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exeO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exeO23 - Service: TELUS security services (Radialpoint Security Services) - TELUS - C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exeO23 - Service: TELUS security services Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS security services\Fws.exeO23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exeO23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe--End of file - 8792 bytes Link to post Share on other sites More sharing options...
SpySentinel Posted November 23, 2009 ID:161434 Share Posted November 23, 2009 Glad to hear you can update now.after you run Malwarebytes and post the log, please:Run ESET Online ScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Push the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push You can refer to this animation by neomage if needed. Link to post Share on other sites More sharing options...
bluebell73 Posted November 23, 2009 Author ID:161441 Share Posted November 23, 2009 here are the results of a quick scan. I should probably do a full one as well? I will now do the next item you posted. Thank you so much for all your help so far!!! Malwarebytes' Anti-Malware 1.41Database version: 3213Windows 5.1.2600 Service Pack 311/23/2009 11:31:24 AMmbam-log-2009-11-23 (11-31-24).txtScan type: Quick ScanObjects scanned: 137567Time elapsed: 16 minute(s), 33 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
bluebell73 Posted November 24, 2009 Author ID:161617 Share Posted November 24, 2009 Just out of curiosity, how long should that ESET Online AV scanner take to run? I have left it running for over 5 hours now, returned home and it says it's only 20% finished?! It's not stalled, it says it is processing files, but like...one every 4-5 mins. Is that right? Link to post Share on other sites More sharing options...
bluebell73 Posted November 24, 2009 Author ID:161649 Share Posted November 24, 2009 ESET Anti-Virus has been running for 7.5 hours and it's still at 20% completed. hmm. Appears to possibly be stalled. ?? I'll leave it for a while longer I guess. Link to post Share on other sites More sharing options...
bluebell73 Posted November 24, 2009 Author ID:161794 Share Posted November 24, 2009 i left ESET scanner running last night when I went to bed, it had reached about 31% completed and at that time has found 12 items. Woke up this morning...and my computer had restarted. Logging on, it appeared that Windows Update had caused the computer to restart...so I would assume that means that ESET did not finish scanning? Please keep topic open, it may take some time to actually have this scan completed. Thanks! Link to post Share on other sites More sharing options...
SpySentinel Posted November 25, 2009 ID:162302 Share Posted November 25, 2009 Thanks for the update. Link to post Share on other sites More sharing options...
bluebell73 Posted November 25, 2009 Author ID:162348 Share Posted November 25, 2009 So here's where i'm at now. I'm not sure what the problem is, but after trying to run the ESET scanner for 3 days, each day it will scan for about 12-15 hours, reaching 31% completion around the time I have to go to bed. Each morning upon waking up, I discover my computer has restarted, and each day it shows that has occurred because of Windows Update. I've run it literally for 3 days and not gotten further than 31% - and I have no idea if it managed to get further while I was sleeping, it's been pretty frustrating. Today I ran a full Malwarebytes scan, and am about to run Hijackthis. Following are the results of both. One question- when Malwarebytes finishes, I save the logfile, and delete all the items it found. It asks to restart, I do so, then upon opening Malwarebytes again, all the items are still in quarantine. I removed them, but wasn't sure if this was normal or not? And what would you suggest I do at this point? Thank you SO MUCH for your patience and help with this, it's truly appreciated. Malwarebytes' Anti-Malware 1.41Database version: 3230Windows 5.1.2600 Service Pack 311/25/2009 2:09:24 PMmbam-log-2009-11-25 (14-09-24).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 217300Time elapsed: 3 hour(s), 39 minute(s), 4 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 61Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP847\A0300615.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP847\A0300806.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP847\A0300810.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP847\A0300816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP847\A0300822.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP847\A0300840.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP847\A0300858.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP847\A0300870.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0300888.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0301908.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302151.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302101.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302106.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302107.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302108.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302071.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302072.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302073.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302093.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302094.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302095.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302122.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302123.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302162.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302183.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302191.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP848\A0302196.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP849\A0302218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP849\A0302214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302532.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302500.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302501.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302502.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302503.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302505.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302509.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302464.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302486.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302496.dll (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302530.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302531.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302533.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302534.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302535.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302536.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302537.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302538.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302539.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302540.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302541.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302542.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302543.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP850\A0302544.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP851\A0302586.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{90D30E29-3E41-45E6-ADF7-39105A82904B}\RP851\A0302596.dll (Trojan.Vundo) -> Quarantined and deleted successfully.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:32:39 PM, on 11/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TELUS\TELUS security services\Fws.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TELUS\TELUS security services\rps.exeC:\WINDOWS\Mixer.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exeC:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exeC:\Program Files\TELUS\TELUS security advisor\Tsa.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\TELUS\TELUS security advisor\TsaComHandler.exeC:\Program Files\Raxco\PerfectDisk\PDEngine.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS security services\pkR.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exeO4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exeO4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUNO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\8udLSvXn6.exe" /runcleanupscriptO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jocelyn\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174174240699O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exeO23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exeO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exeO23 - Service: TELUS security services (Radialpoint Security Services) - TELUS - C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exeO23 - Service: TELUS security services Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS security services\Fws.exeO23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exeO23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe--End of file - 8725 bytes Link to post Share on other sites More sharing options...
SpySentinel Posted November 26, 2009 ID:162489 Share Posted November 26, 2009 You're welcome. Hope you have a nice Thanksgiving Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).It will close all programs when run, so make sure you have saved all your work before you begin.Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) Link to post Share on other sites More sharing options...
bluebell73 Posted November 26, 2009 Author ID:162516 Share Posted November 26, 2009 I hope you are having a lovely Thankgiving! I am up in Canada, so we had ours last month! I ran TFC, rebooted, and ran RSIT. following is log.txt, then info.txt. Logfile of random's system information tool 1.06 (written by random/random)Run by Jocelyn at 2009-11-25 20:52:12Microsoft Windows XP Home Edition Service Pack 3System drive C: has 6 GB (18%) free of 32 GBTotal RAM: 767 MB (29% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:52:32 PM, on 11/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TELUS\TELUS security services\Fws.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\Raxco\PerfectDisk\PDEngine.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TELUS\TELUS security services\rps.exeC:\WINDOWS\Mixer.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exeC:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exeC:\Program Files\TELUS\TELUS security advisor\TsaComHandler.exeC:\Program Files\TELUS\TELUS security advisor\Tsa.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\taskmgr.exeC:\Documents and Settings\Jocelyn\Desktop\RSIT.exeC:\Program Files\Trend Micro\HijackThis\Jocelyn.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS security services\pkR.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXEO4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exeO4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exeO4 - HKLM\..\Run: [Tsa.exe] "C:\Program Files\TELUS\TELUS security advisor\Tsa.exe" /AUTORUNO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\8udLSvXn6.exe" /runcleanupscriptO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\RunOnce: [sRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [sRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jocelyn\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174174240699O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exeO23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exeO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exeO23 - Service: TELUS security services (Radialpoint Security Services) - TELUS - C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exeO23 - Service: TELUS security services Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS security services\Fws.exeO23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exeO23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe--End of file - 8897 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\Ad-Aware Update (Weekly).jobC:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-706699826-1708537768-1004Core.jobC:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-706699826-1708537768-1004UA.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]PopKill Class - C:\Program Files\TELUS\TELUS security services\pkR.dll [2008-12-09 55536][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"C-Media Mixer"=Mixer.exe /startup []"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2002-08-29 44032]"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]"TELUS_McciTrayApp"=C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe [2007-10-07 1462272]"TELUS_eCare_Lite_McciTrayApp"=C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe [2007-01-24 1007720]"Tsa.exe"=C:\Program Files\TELUS\TELUS security advisor\Tsa.exe [2008-09-18 3228912]"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\8udLSvXn6.exe [2009-11-21 1312080][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Google Update"=C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-14 133104]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"AVGEMS"=2"Avg7UpdSvc"=2"Avg7Alrt"=2C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\StartupAdobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeAdobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]C:\WINDOWS\system32\Ati2evxx.dll [2004-09-29 90112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=323"NoDriveAutoRun"=67108863"NoDrives"=0[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"HonorAutoRunSetting"="NoDriveAutoRun"="NoDriveTypeAutoRun"="NoDrives"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger""C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice""C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe:*:Enabled:SiSoftware Sandra Lite""C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite""C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite""C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox""C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader""C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour""C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes""C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)""C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin""C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Jocelyn\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin""C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe"="C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe:*:Enabled:RpsSecurityAwareR""C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:taskmgr""C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware""C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"="C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe:*:Enabled:AAWTray""C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe:*:Enabled:HelpSvc""C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe"="C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe:*:Enabled:Ad-AwareAdmin""C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe"="C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe:*:Enabled:McciTrayApp""C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK""C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:WINWORD""C:\Program Files\Apple Software Update\SoftwareUpdate.exe"="C:\Program Files\Apple Software Update\SoftwareUpdate.exe:*:Enabled:SoftwareUpdate"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe:*:Enabled:SiSoftware Sandra Lite""C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite""C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite""C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"======List of files/folders created in the last 1 months======2009-11-25 20:52:12 ----DC---- C:\rsit2009-11-25 03:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$2009-11-25 03:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$2009-11-24 03:11:00 ----AC---- C:\WINDOWS\system32\MRT.exe2009-11-24 03:06:23 ----AC---- C:\WINDOWS\imsins.BAK2009-11-24 03:05:10 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$2009-11-23 11:44:03 ----DC---- C:\Program Files\ESET2009-11-23 00:58:40 ----AC---- C:\ComboFix.txt2009-11-22 23:57:36 ----AC---- C:\Boot.bak2009-11-22 23:57:17 ----RASHDC---- C:\cmdcons2009-11-22 23:53:36 ----AC---- C:\WINDOWS\zip.exe2009-11-22 23:53:36 ----AC---- C:\WINDOWS\SWXCACLS.exe2009-11-22 23:53:36 ----AC---- C:\WINDOWS\SWSC.exe2009-11-22 23:53:36 ----AC---- C:\WINDOWS\SWREG.exe2009-11-22 23:53:36 ----AC---- C:\WINDOWS\sed.exe2009-11-22 23:53:36 ----AC---- C:\WINDOWS\PEV.exe2009-11-22 23:53:36 ----AC---- C:\WINDOWS\NIRCMD.exe2009-11-22 23:53:36 ----AC---- C:\WINDOWS\MBR.exe2009-11-22 23:53:36 ----AC---- C:\WINDOWS\grep.exe2009-11-22 23:53:05 ----DC---- C:\WINDOWS\ERDNT2009-11-22 11:35:46 ----DC---- C:\Combo-Fix2009-11-22 11:34:23 ----DC---- C:\Qoobox2009-11-21 17:57:45 ----DC---- C:\Documents and Settings\Jocelyn\Application Data\Malwarebytes2009-11-21 17:30:06 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes2009-11-21 17:30:00 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware2009-11-15 11:13:01 ----AC---- C:\WINDOWS\system32\javaws.exe2009-11-15 11:13:01 ----AC---- C:\WINDOWS\system32\javaw.exe2009-11-15 11:13:01 ----AC---- C:\WINDOWS\system32\java.exe2009-11-14 18:04:58 ----DC---- C:\VundoFix Backups2009-11-14 18:04:58 ----AC---- C:\VundoFix.txt2009-11-02 10:44:04 ----HDC---- C:\BJPrinter2009-10-27 16:08:10 ----DC---- C:\Program Files\Trend Micro2009-10-26 18:34:35 ----AC---- C:\WINDOWS\system32\lsdelete.exe2009-10-26 11:23:25 ----DC---- C:\Program Files\Lavasoft2009-10-26 11:23:25 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft2009-10-26 11:17:48 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}======List of files/folders modified in the last 1 months======2009-11-25 20:52:02 ----DC---- C:\WINDOWS\Prefetch2009-11-25 20:49:53 ----DC---- C:\Program Files\Mozilla Firefox2009-11-25 20:49:04 ----DC---- C:\WINDOWS\Temp2009-11-25 20:47:53 ----SDC---- C:\WINDOWS\Tasks2009-11-25 20:43:13 ----A---- C:\WINDOWS\SchedLgU.Txt2009-11-25 20:42:46 ----DC---- C:\WINDOWS\system322009-11-25 20:42:46 ----DC---- C:\WINDOWS2009-11-25 20:15:21 ----DC---- C:\WINDOWS\system32\wbem2009-11-25 20:15:17 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI2009-11-25 14:19:37 ----SHDC---- C:\RECYCLER2009-11-25 03:06:39 ----HDC---- C:\WINDOWS\inf2009-11-25 03:06:08 ----DC---- C:\WINDOWS\system32\dllcache2009-11-25 03:02:40 ----HDC---- C:\WINDOWS\$hf_mig$2009-11-25 03:02:33 ----DC---- C:\WINDOWS\system32\CatRoot22009-11-25 03:02:08 ----SHDC---- C:\WINDOWS\Installer2009-11-25 03:02:07 ----DC---- C:\Config.Msi2009-11-25 03:02:04 ----DC---- C:\WINDOWS\WinSxS2009-11-24 03:24:33 ----AC---- C:\WINDOWS\win.ini2009-11-23 11:44:03 ----ADC---- C:\Program Files2009-11-23 00:59:01 ----DC---- C:\WINDOWS\system32\drivers2009-11-23 00:28:21 ----AC---- C:\WINDOWS\system.ini2009-11-23 00:23:33 ----DC---- C:\WINDOWS\system32\config2009-11-23 00:12:39 ----DC---- C:\WINDOWS\AppPatch2009-11-23 00:12:27 ----DC---- C:\Program Files\Common Files2009-11-22 23:57:37 ----RASHC---- C:\boot.ini2009-11-21 10:39:52 ----DC---- C:\Documents and Settings\Jocelyn\Application Data\Mozilla2009-11-15 11:12:45 ----DC---- C:\Program Files\Java2009-11-07 16:47:11 ----RSDC---- C:\WINDOWS\Fonts2009-11-04 21:17:41 ----DC---- C:\WINDOWS\Help2009-11-02 11:35:30 ----SHD---- C:\System Volume Information2009-11-02 11:35:30 ----DC---- C:\WINDOWS\system32\Restore2009-11-02 11:30:15 ----DC---- C:\WINDOWS\Downloaded Installations2009-11-02 10:31:31 ----DC---- C:\Documents and Settings2009-10-28 07:07:15 ----C---- C:\WINDOWS\system32\tzchange.exe2009-10-26 20:08:42 ----DC---- C:\WINDOWS\Debug2009-10-26 20:02:50 ----DC---- C:\Program Files\CCleaner2009-10-26 11:29:14 ----DC---- C:\WINDOWS\system32\DRVSTORE======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-07-26 23920]R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]R1 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2008-09-08 196368]R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-22 23936]R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-03-13 41984]R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2008-04-24 53192]R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-09-29 800256]R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]R3 FETNDISB;D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys [2003-04-02 41984]R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160]R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]S1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys []S1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys []S1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys []S2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys []S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2004-08-03 105984]S3 catchme;catchme; \??\C:\Combo-Fix17241C\catchme.sys []S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]S3 dwusbdnt;dwusbdnt; C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 10368]S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2004-08-03 13824]S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\System32\DRIVERS\mxnic.sys []S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0); C:\WINDOWS\System32\DRIVERS\CamDrO21.sys [2001-08-17 314752]S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-09-29 405504]R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-19 1184912]R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-12-13 308528]R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2008-04-28 414984]R2 RP_FWS;TELUS security services Firewall; C:\Program Files\TELUS\TELUS security services\Fws.exe [2008-12-09 363248]R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2008-04-28 738568]R3 Radialpoint Security Services;TELUS security services; C:\Program Files\TELUS\TELUS security services\RpsSecurityAwareR.exe [2008-12-09 97520]S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-09-29 516096]S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]S3 SandraDataSrv;Sandra Data Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe [2006-08-01 119800]S3 SandraTheSrv;Sandra Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe [2006-08-01 1156096]S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]S4 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\SECRET~1\AVG\avgamsvr.exe []S4 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\SECRET~1\AVG\avgupsvc.exe []S4 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\SECRET~1\AVG\avgemc.exe []S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]-----------------EOF-----------------info.txt logfile of random's system information tool 1.06 2009-11-25 20:53:02======Uninstall list======-->MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE5629A0-B057-480A-9585-8C45360A56B1}\Setup.exe" -l0x9 /UNINSTALL-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAd-Aware-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSEAd-Aware-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exeAdobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exeAdobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exeAdobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9 AS-Patch-Reset-->MsiExec.exe /I{53BEA20C-4566-401D-8C02-EDEC5678218B}ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanBonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"CCleaner-->"C:\Program Files\CCleaner\uninst.exe"Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"DFE-530TX Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F2BB456F-C07B-4EDE-975F-4D6DED19750A} ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exeGoogle Talk Plugin-->MsiExec.exe /I{EC59BF9E-39D5-3108-A34B-12FB60ECAF8B}HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstallHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}K-Lite Codec Pack-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"Logitech Link to post Share on other sites More sharing options...
SpySentinel Posted November 27, 2009 ID:163101 Share Posted November 27, 2009 Hi bluebell73, I had a great Thanksgiving, thank you Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):Adobe Reader 7.0.8Java Link to post Share on other sites More sharing options...
bluebell73 Posted November 28, 2009 Author ID:163480 Share Posted November 28, 2009 ok- a couple questions. I've downloaded and installed the new Adobe reader. Seems to be ok. Went into add & remove programs, removed:Java Link to post Share on other sites More sharing options...
bluebell73 Posted November 28, 2009 Author ID:163492 Share Posted November 28, 2009 and the results of the quick scan. Malwarebytes' Anti-Malware 1.41Database version: 3230Windows 5.1.2600 Service Pack 311/28/2009 2:06:52 PMmbam-log-2009-11-28 (14-06-52).txtScan type: Quick ScanObjects scanned: 138840Time elapsed: 25 minute(s), 6 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
SpySentinel Posted November 29, 2009 ID:163520 Share Posted November 29, 2009 Tried to remove Adobe Reader 7.0.8, keep receiving the error "The installation source for this product is not available. Verify that the source exists and that you can access it." Any idea what that is about?It was probably removed when you install the latest version of Adobe.And for the good news.................Your log looks clean, Great Job Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.Now for some cleanup..Please download OTC and save it to Desktop.Please make sure you are connecting to the InternetDouble-click OTC.exeClick the CleanUp! button.Select Yes when the "Begin cleanup Process?" prompt appears.If you are prompted to Reboot during the cleanup, select YesSet a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then go to Start > Run and type: CleanmgrClick "OK".Click the "More Options" Tab.Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options.Click once on the Security tabClick once on the Internet icon so it becomes highlighted.Click once on the Custom Level button.Change the Download signed ActiveX controls to PromptChange the Download unsigned ActiveX controls to DisableChange the Initialize and script ActiveX controls not marked as safe to DisableChange the Installation of desktop items to PromptChange the Launching programs and files in an IFRAME to PromptChange the Navigate sub-frames across different domains to PromptWhen all these settings have been made, click on the OK button.If it prompts you as to whether or not you want to save the settings, press the Yes button.Next press the Apply button and then the OK to exit the Internet Properties page.Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically. here are some additional utilities that will enhance your safetyMcAfee Site Advisor <= McAfee Site Advisor protects your browser against malicious sites and warns you when you go to one.MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Link to post Share on other sites More sharing options...
bluebell73 Posted November 29, 2009 Author ID:163540 Share Posted November 29, 2009 weird...I just attempted to uninstall Combofix as per your instructions and it isn't uninstalling, it keeps trying to run the program again. Does the fact that we changed the name from "ComboFix" to "Combo-Fix" when downloading have anything to do with that? I typed in "ComboFix /u" and pressed start and a box popped up asking for permission to run the software. The 1st time I tried, i wasn't sure so i clicked run and it started to run combofix and the warnings popped up that my security programs were still running and would interfere with combo-fix, etc. I obviously don't want to run it again! Did I do something incorrectly? Should we have done Start/Run/ Combo-Fix /u or something like that? I'll proceed to the rest of the cleanup once this is figured out. Thanks again! Link to post Share on other sites More sharing options...
SpySentinel Posted November 29, 2009 ID:163559 Share Posted November 29, 2009 Try Combo-Fix /u but it should have worked. Link to post Share on other sites More sharing options...
bluebell73 Posted November 29, 2009 Author ID:163566 Share Posted November 29, 2009 Combo-Fix /u didn't work, "Windows cannot find 'Combo-Fix'. and either 'ComboFix /u' or 'ComboFix /u' opens the 'Open File - Security Warning - The publisher could not be verified, are you sure you want to run this software?' dialog box, which wants to run the software again. Definitely isn't uninstalling it. Weird! Is there another way around it? Also in the previous instructions to increase my browser security levels are all for IE, are there similar instructions for Firefox? Thank you! Link to post Share on other sites More sharing options...
bluebell73 Posted November 30, 2009 Author ID:164377 Share Posted November 30, 2009 still haven't been able to remove Combo-fix as per these instructions - may I remove it using the add/remove programs feature or is this problematic at all? thanks again! system is running wonderfully, I can't express how grateful I am to you guys and this awesome help you've given me and my computer!!! Link to post Share on other sites More sharing options...
SpySentinel Posted December 1, 2009 ID:164513 Share Posted December 1, 2009 Hi bluebell73 You're welcome, I'm glad I could help. Please try this:combo-fix /uninstallorcombofix /uninstall Link to post Share on other sites More sharing options...
bluebell73 Posted December 1, 2009 Author ID:164803 Share Posted December 1, 2009 the last one finally worked! Thanks so much for all your help. Link to post Share on other sites More sharing options...
Recommended Posts