I have too many infections due to my ignorance

[IgnorantLady]

I have had no protection until recently and my computer takes forever to open a page or go online. Sometimes an application won't even open. I have managed to get Combifix log and attached HijackThis log.

Please someone help me.

CombiFix log:

ComboFix 10-03-17.07 - Florritta Ogefere 18/03/2010 19:53:03.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.447.117 [GMT 0:00]

Running from: c:\documents and settings\Florritta Ogefere\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\FreePhone.lnk

c:\documents and settings\Florritta Ogefere\Local Settings\Temporary Internet Files\MUZAoDA.cfg

c:\documents and settings\Florritta Ogefere\Local Settings\Temporary Internet Files\MUZAoDA0.che

c:\documents and settings\Florritta Ogefere\Local Settings\Temporary Internet Files\MUZAoDA1.che

c:\documents and settings\Florritta Ogefere\Local Settings\Temporary Internet Files\MUZAoDA2.che

c:\documents and settings\Florritta Ogefere\Local Settings\Temporary Internet Files\MUZAoDA3.che

c:\documents and settings\Florritta Ogefere\Local Settings\Temporary Internet Files\MUZAoDA4.che

c:\documents and settings\Florritta Ogefere\Local Settings\Temporary Internet Files\MUZAoDA5.che

c:\documents and settings\Florritta Ogefere\Local Settings\Temporary Internet Files\MUZAoDA6.che

c:\documents and settings\Florritta Ogefere\Local Settings\Temporary Internet Files\MUZAoDA7.che

c:\documents and settings\Florritta Ogefere\Local Settings\Temporary Internet Files\MUZAoDA8.che

c:\documents and settings\Florritta Ogefere\Local Settings\Temporary Internet Files\MUZAoDA9.che

c:\program files\FunWebProducts

c:\program files\FunWebProducts\ScreenSaver\Images\0030A687.urr

c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html

c:\program files\Internet Explorer\msimg32.dll

c:\program files\MyWebSearch

c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG

c:\program files\MyWebSearch\bar\2.bin\F3CJpeg.dll

c:\program files\MyWebSearch\bar\2.bin\F3DTactl.dll

c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL

c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL

c:\program files\MyWebSearch\bar\2.bin\F3HTmlmu.dll

c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL

c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL

c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR

c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL

c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL

c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL

c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE

c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL

c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV

c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT

c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL

c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG

c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR

c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST

c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE

c:\program files\MyWebSearch\bar\2.bin\M3HTml.dll

c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL

c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE

c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE

c:\program files\MyWebSearch\bar\2.bin\M3MSg.dll

c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR

c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST

c:\program files\MyWebSearch\bar\2.bin\M3OUtlcn.dll

c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL

c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL

c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE

c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE

c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE

c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL

c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL

c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL

c:\program files\MyWebSearch\bar\2.bin\MWSSrcas.dll

c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE

c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL

c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S

c:\program files\MyWebSearch\bar\Cache\000307A2

c:\program files\MyWebSearch\bar\Cache\000423EF.bin

c:\program files\MyWebSearch\bar\Cache\00049140

c:\program files\MyWebSearch\bar\Cache\00049B23.bin

c:\program files\MyWebSearch\bar\Cache\0004F0C5

c:\program files\MyWebSearch\bar\Cache\00050140

c:\program files\MyWebSearch\bar\Cache\0006665D

c:\program files\MyWebSearch\bar\Cache\00228046.bin

c:\program files\MyWebSearch\bar\Cache\00228576.bin

c:\program files\MyWebSearch\bar\Cache\0022899D.bin

c:\program files\MyWebSearch\bar\Cache\00228E7F.bin

c:\program files\MyWebSearch\bar\Cache\00338729.bin

c:\program files\MyWebSearch\bar\Cache\00338A75.bin

c:\program files\MyWebSearch\bar\Cache\00338FC4.bin

c:\program files\MyWebSearch\bar\Cache\0033967B.bin

c:\program files\MyWebSearch\bar\Cache\00339C67

c:\program files\MyWebSearch\bar\Cache\03A7EEA2.bin

c:\program files\MyWebSearch\bar\Cache\files.ini

c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S

c:\program files\MyWebSearch\bar\Game\CHESS.F3S

c:\program files\MyWebSearch\bar\Game\REVERSI.F3S

c:\program files\MyWebSearch\bar\History\search3

c:\program files\MyWebSearch\bar\icons\CM.ICO

c:\program files\MyWebSearch\bar\icons\MFC.ICO

c:\program files\MyWebSearch\bar\icons\PSS.ICO

c:\program files\MyWebSearch\bar\icons\SMILEY.ICO

c:\program files\MyWebSearch\bar\icons\WB.ICO

c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO

c:\program files\MyWebSearch\bar\Message\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\DOG.F3S

c:\program files\MyWebSearch\bar\Notifier\FISH.F3S

c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S

c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

c:\program files\MyWebSearch\bar\Notifier\MAID.F3S

c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S

c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S

c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S

c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S

c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S

c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm

c:\program files\MyWebSearch\bar\Settings\s_pid.dat

c:\program files\MyWebSearch\bar\Settings\setting2.htm

c:\program files\MyWebSearch\bar\Settings\settings.dat

c:\program files\MyWebSearch\bar\setups\mwsautSp.exe

c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

c:\recycler\S-1-5-21-1144363573-458748354-2883004415-1003

c:\recycler\S-1-5-21-1645522239-1303643608-725345543-1003

c:\recycler\S-1-5-21-1783537388-1812318774-132927450-1003

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\Downloaded Program Files\Install.dll

c:\windows\Downloaded Program Files\Install.inf

c:\windows\system32\f3PSSavr.scr

c:\windows\system32\muzapp.exe

.

((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))

.

2010-03-17 22:53 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-06 19:50 . 2010-03-06 19:50 -------- d-----w- c:\documents and settings\Florritta Ogefere\Application Data\Tific

2010-03-06 19:49 . 2010-03-06 19:49 -------- d-----w- c:\documents and settings\Florritta Ogefere\Local Settings\Application Data\Symantec

2010-03-06 19:09 . 2008-02-26 11:59 294912 -c----w- c:\windows\system32\dllcache\msctf.dll

2010-03-06 18:54 . 2010-03-06 18:55 -------- d-----w- C:\42f4fca548ba6d1036c851

2010-03-06 03:09 . 2010-03-06 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton Installer

2010-03-06 03:07 . 2010-03-18 19:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-03-06 03:04 . 2010-03-06 03:11 -------- d-----w- c:\program files\Norton Utilities 14

2010-03-06 02:50 . 2010-03-06 02:50 -------- d-----w- c:\program files\Symantec

2010-03-06 02:50 . 2010-03-06 02:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-03-06 02:50 . 2010-03-06 02:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-03-06 02:46 . 2010-03-06 02:50 -------- d-----w- c:\windows\system32\drivers\NIS

2010-03-06 02:46 . 2010-03-06 02:46 -------- d-----w- c:\program files\Windows Sidebar

2010-03-06 02:45 . 2010-03-06 02:46 -------- d-----w- c:\program files\Norton Internet Security

2010-03-06 02:38 . 2010-03-06 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

2010-03-06 02:36 . 2010-03-06 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-03-06 02:14 . 2010-03-06 02:50 -------- d-----w- c:\program files\NortonInstaller

2010-03-06 02:14 . 2010-03-06 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-17 23:05 . 2010-03-06 02:47 968560 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll

2010-03-06 03:15 . 2010-03-18 19:12 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100317.051\NAVENG.SYS

2010-03-06 03:15 . 2010-03-18 19:12 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100317.051\NAVEX15.SYS

2010-03-06 03:15 . 2010-03-18 19:12 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100317.051\EECTRL.SYS

2010-03-06 03:15 . 2010-03-18 19:12 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100317.051\ERASER.SYS

2010-03-06 03:15 . 2010-03-18 19:12 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100317.051\NAVEX32A.DLL

2010-03-06 03:15 . 2010-03-18 19:12 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100317.051\NAVENG32.DLL

2010-03-06 03:15 . 2010-03-18 19:12 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100317.051\CCERASER.DLL

2010-03-06 03:15 . 2010-03-18 19:12 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100317.051\ECMSVR32.DLL

2010-03-06 03:13 . 2004-08-23 12:28 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-03-06 02:50 . 2010-03-06 02:50 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-03-06 02:50 . 2010-03-06 02:50 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-03-04 10:18 . 2005-03-04 21:21 38118 ----a-w- c:\documents and settings\Florritta Ogefere\Application Data\wklnhst.dat

2010-02-11 18:44 . 2010-02-11 18:44 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHRules.dll

2010-02-11 18:44 . 2010-02-11 18:44 1406352 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHEngine.dll

2010-02-11 18:44 . 2010-02-11 18:44 676912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx64.sys

2010-02-11 18:44 . 2010-02-11 18:44 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx86.sys

2010-02-11 18:44 . 2010-02-11 18:44 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\bbRGen.dll

2009-12-31 16:14 . 2004-08-23 07:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-22 05:42 . 2004-08-23 07:00 662016 ----a-w- c:\windows\system32\wininet.dll

2009-12-22 05:42 . 2004-08-23 07:00 81920 ----a-w- c:\windows\system32\ieencode.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]

"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 860160]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]

"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]

"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-03-06 4105576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CFSServ.exe"="CFSServ.exe -NoClient" [X]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-22 98304]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-22 507904]

"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-08-16 430080]

"TPSMain"="TPSMain.exe" [2004-08-11 266240]

"NDSTray.exe"="NDSTray.exe" [bU]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-04-27 118784]

"PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]

"TFncKy"="TFncKy.exe" [bU]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]

"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]

"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-09 50688]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

c:\documents and settings\Florritta Ogefere\Start Menu\Programs\Startup\

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-11 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

DSLMON.lnk - c:\program files\SAGEM\TalkTalk Broadband\dslmon.exe [2004-12-27 962661]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [23/08/2004 10:49 5632]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\symds.sys [06/03/2010 02:49 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000.07F\symefa.sys [06/03/2010 02:49 172592]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1105000.07F\cchpx86.sys [06/03/2010 02:49 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1105000.07F\ironx86.sys [06/03/2010 02:49 116272]

R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [06/03/2010 02:49 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [06/03/2010 03:15 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100312.001\IDSXpx86.sys [17/03/2010 23:17 329592]

S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL

AddRemove-RegistryFix_is1 - c:\program files\RegistryFix\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-18 20:07

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2010-03-18 20:16:00

ComboFix-quarantined-files.txt 2010-03-18 20:15

Pre-Run: 22,929,858,560 bytes free

Post-Run: 23,140,392,960 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9BEC1DD080C9F8E4C2A90288104B7404

hijackthis.zip

[screen317]

Hi and welcome to Malwarebytes.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and Paste the entire report in your next reply along with a fresh HijackThis log.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

-screen317

[IgnorantLady]

Hi and welcome to Malwarebytes.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and Paste the entire report in your next reply along with a fresh HijackThis log.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

-screen317

Thank you for helping me. My computer has started responding better.

DDS log:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Florritta Ogefere at 7:25:00.46 on 20/03/2010

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.447.56 [GMT 0:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\PadTouch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Norton Utilities 14\nu.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Documents and Settings\Florritta Ogefere\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.5.0.127\IPSBHO.DLL

BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll

BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-gb\msntb.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-gb\msntb.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\companion\modules\messmod2\v4\yhexbmes.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [TPSMain] TPSMain.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [smoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe

mRun: [PadTouch] "c:\program files\toshiba\padtouch\PadExe.exe

mRun: [TFncKy] TFncKy.exe

mRun: [speedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon

mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe

mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -onlytray

mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

mRun: [CFSServ.exe] CFSServ.exe -NoClient

mRun: [sMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe

mRun: [MAAgent] c:\program files\markany\contentsafer\MAAgent.exe

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\florri~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\talktalk broadband\dslmon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\companion\modules\messmod2\v4\yhexbmes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} - hxxps://www.plaxo.com/down/latest/PlaxoInstall.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.qwizonline.com/cabs/QOLCheck.ocx

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2004-8-23 5632]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1105000.07f\symds.sys [2010-3-6 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1105000.07f\symefa.sys [2010-3-6 172592]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1105000.07f\cchpx86.sys [2010-3-6 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1105000.07f\ironx86.sys [2010-3-6 116272]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-6 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100312.001\IDSXpx86.sys [2010-3-17 329592]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100319.041\NAVENG.SYS [2010-3-20 84912]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100319.041\NAVEX15.SYS [2010-3-20 1324720]

S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20091205.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20091205.001\BHDrvx86.sys [?]

=============== Created Last 30 ================

2010-03-20 06:41:02 0 d-----w- c:\docume~1\florri~1\applic~1\Malwarebytes

2010-03-20 06:40:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-20 06:40:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-20 06:40:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-20 06:40:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-18 21:38:04 0 d-----w- c:\program files\Trend Micro

2010-03-18 20:22:12 293376 ------w- c:\windows\system32\browserchoice.exe

2010-03-18 19:47:09 0 d-sha-r- C:\cmdcons

2010-03-18 19:44:19 98816 ----a-w- c:\windows\sed.exe

2010-03-18 19:44:19 77312 ----a-w- c:\windows\MBR.exe

2010-03-18 19:44:19 261632 ----a-w- c:\windows\PEV.exe

2010-03-18 19:44:19 161792 ----a-w- c:\windows\SWREG.exe

2010-03-17 22:53:57 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-06 19:50:03 0 d-----w- c:\docume~1\florri~1\applic~1\Tific

2010-03-06 19:09:46 294912 -c----w- c:\windows\system32\dllcache\msctf.dll

2010-03-06 19:09:46 294912 ----a-w- c:\windows\system32\SET1F.tmp

2010-03-06 18:54:34 0 d-----w- C:\42f4fca548ba6d1036c851

2010-03-06 03:09:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton Installer

2010-03-06 03:05:27 880640 ----a-w- c:\windows\system32\UniBox10.ocx

2010-03-06 03:05:27 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx

2010-03-06 03:05:27 1101824 ----a-w- c:\windows\system32\UniBox210.ocx

2010-03-06 03:04:47 0 d-----w- c:\program files\Norton Utilities 14

2010-03-06 02:50:07 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-03-06 02:50:07 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-03-06 02:50:07 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-03-06 02:50:07 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-03-06 02:50:07 0 d-----w- c:\program files\Symantec

2010-03-06 02:46:04 0 d-----w- c:\windows\system32\drivers\NIS

2010-03-06 02:45:43 0 d-----w- c:\program files\Norton Internet Security

2010-03-06 02:38:09 0 d-----w- c:\docume~1\alluse~1\applic~1\PCSettings

2010-03-06 02:36:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-03-06 02:14:30 0 d-----w- c:\program files\NortonInstaller

2010-03-06 02:14:30 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2010-03-04 10:18:09 38118 ----a-w- c:\docume~1\florri~1\applic~1\wklnhst.dat

2009-12-22 05:42:49 662016 ------w- c:\windows\system32\wininet.dll

2009-12-22 05:42:45 81920 ----a-w- c:\windows\system32\ieencode.dll

============= FINISH: 7:26:53.75 ===============

mbam-log:

Malwarebytes' Anti-Malware 1.44

Database version: 3886

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

20/03/2010 07:04:33

mbam-log-2010-03-20 (07-04-33).txt

Scan type: Quick Scan

Objects scanned: 117926

Time elapsed: 18 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 41

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Florritta Ogefere\Favorites\MP3 Download, music mp3 downloads. ALLOFMP3..url (Rogue.Link) -> Quarantined and deleted successfully.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:17:57, on 20/03/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\PadTouch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Norton Utilities 14\nu.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe /H

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.qwizonline.com/cabs/QOLCheck.ocx

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

--

End of file - 10313 bytes

Attach.zip

[screen317]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
  

-screen317

[IgnorantLady]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
  

-screen317

Thankyou

Combofix log:

ComboFix 10-03-19.07 - Florritta Ogefere 20/03/2010 9:45.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.447.141 [GMT 0:00]

Running from: c:\documents and settings\Florritta Ogefere\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))

.

2010-03-20 08:30 . 2010-03-20 08:30 -------- d-----w- c:\documents and settings\Florritta Ogefere\Local Settings\Application Data\PassMark

2010-03-20 06:41 . 2010-03-20 06:41 -------- d-----w- c:\documents and settings\Florritta Ogefere\Application Data\Malwarebytes

2010-03-20 06:40 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-20 06:40 . 2010-03-20 06:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-20 06:40 . 2010-03-20 06:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-20 06:40 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-18 21:38 . 2010-03-18 21:38 -------- d-----w- c:\program files\Trend Micro

2010-03-18 20:22 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-03-17 22:53 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-06 19:50 . 2010-03-06 19:50 -------- d-----w- c:\documents and settings\Florritta Ogefere\Application Data\Tific

2010-03-06 19:49 . 2010-03-06 19:49 -------- d-----w- c:\documents and settings\Florritta Ogefere\Local Settings\Application Data\Symantec

2010-03-06 19:09 . 2008-02-26 11:59 294912 -c----w- c:\windows\system32\dllcache\msctf.dll

2010-03-06 18:54 . 2010-03-06 18:55 -------- d-----w- C:\42f4fca548ba6d1036c851

2010-03-06 03:09 . 2010-03-06 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton Installer

2010-03-06 03:07 . 2010-03-20 09:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-03-06 02:46 . 2010-03-06 02:46 -------- d-----w- c:\program files\Windows Sidebar

2010-03-06 02:38 . 2010-03-06 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

2010-03-06 02:36 . 2010-03-06 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-03-06 02:14 . 2010-03-06 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-20 09:34 . 2004-08-23 12:28 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-03-06 03:08 . 2010-03-20 09:16 4105576 ----a-w- c:\documents and settings\Florritta Ogefere\Application Data\Yahoo!\Mail\attach\nu.exe

2010-03-04 10:18 . 2005-03-04 21:21 38118 ----a-w- c:\documents and settings\Florritta Ogefere\Application Data\wklnhst.dat

2009-12-31 16:14 . 2004-08-23 07:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-22 05:42 . 2004-08-23 07:00 662016 ------w- c:\windows\system32\wininet.dll

2009-12-22 05:42 . 2004-08-23 07:00 81920 ----a-w- c:\windows\system32\ieencode.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]

"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 860160]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]

"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CFSServ.exe"="CFSServ.exe -NoClient" [X]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-22 98304]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-22 507904]

"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-08-16 430080]

"TPSMain"="TPSMain.exe" [2004-08-11 266240]

"NDSTray.exe"="NDSTray.exe" [bU]

"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-04-27 118784]

"PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]

"TFncKy"="TFncKy.exe" [bU]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]

"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]

"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-09 50688]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

c:\documents and settings\Florritta Ogefere\Start Menu\Programs\Startup\

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-11 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

DSLMON.lnk - c:\program files\SAGEM\TalkTalk Broadband\dslmon.exe [2004-12-27 962661]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [23/08/2004 10:49 5632]

.

Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-20 09:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1532)

c:\program files\MarkAny\ContentSafer\MaCSProHook.DLL

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

.

Completion time: 2010-03-20 10:03:12

ComboFix-quarantined-files.txt 2010-03-20 10:03

ComboFix2.txt 2010-03-18 20:16

Pre-Run: 23,257,526,272 bytes free

Post-Run: 23,274,483,712 bytes free

- - End Of File - - 96467B6A984CD2AA876DA0F00CFE3217

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:04:31, on 20/03/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\PadTouch\PadExe.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.qwizonline.com/cabs/QOLCheck.ocx

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--

End of file - 9158 bytes

`

[screen317]

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.
  

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[IgnorantLady]

Hi,

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.
  

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

checkup log:

Results of screen317's Security Check version 0.99.1

Windows XP Service Pack 2

Out of date service pack!!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG Free 9.0

``````````````````````````````

Anti-malware/Other Utilities Check:

Yahoo! Anti-Spy

HijackThis 2.0.2

Java 6 Update 18

Java Auto Updater

Java 2 Runtime Environment, SE v1.4.2_05

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 6.0.1

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

F-Secure Log: I had to run twice as my pc restarted before I could copy log (17 files were infected in first scan)

2nd scan is below (6 infections found but 1 could not be cleaned)

6 malware found

TrackingCookie.Atdmt (spyware)

System (Disinfected)

TrackingCookie.Doubleclick (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

Suspicious:W32/Malware!Gemini (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F8411AA7-B414-4A71-9478-DDCDFDE56440}\RP410\A0140275.EXE (Not cleaned & Submitted)

Toolbar:W32/MyWebSearch.B (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F8411AA7-B414-4A71-9478-DDCDFDE56440}\RP410\A0140287.DLL (Renamed & Submitted)

Adware:W32/MyWebSearch.I (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F8411AA7-B414-4A71-9478-DDCDFDE56440}\RP410\A0140297.EXE (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 45868

System: 3589

Not scanned: 9

Actions:

Disinfected: 3

Renamed: 2

Deleted: 0

Not cleaned: 1

Submitted: 3

Files not scanned:

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

C:\DOCUMENTS AND SETTINGS\FLORRITTA OGEFERE\LOCAL SETTINGS\TEMP\HSPERFDATA_FLORRITTA OGEFERE\296

C:\DOCUMENTS AND SETTINGS\FLORRITTA OGEFERE\LOCAL SETTINGS\TEMP\HSPERFDATA_FLORRITTA OGEFERE\2384

--------------------------------------------------------------------------------

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

Thank you very much. How can I make a donation?

[screen317]

Hi,

Your generosity is very much appreciate, but I believe we don't accept donations on this forum as we're a company looking to sell our product, but I would highly recommend that you protect yourself for the rest of your life by purchasing a license for MBAM. It probably would have prevented this entire fiasco. You can purchase a license from our home page.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterwards. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java 2 Runtime Environment, SE v1.4.2_05

Adobe Reader 6.0.1

Restart your computer.

Get the latest version of Adobe Reader.

Restart your computer and let me know what issues remain.

-screen317

[IgnorantLady]

Hi,

Your generosity is very much appreciate, but I believe we don't accept donations on this forum as we're a company looking to sell our product, but I would highly recommend that you protect yourself for the rest of your life by purchasing a license for MBAM. It probably would have prevented this entire fiasco. You can purchase a license from our home page.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterwards. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java 2 Runtime Environment, SE v1.4.2_05

Adobe Reader 6.0.1

Restart your computer.

Get the latest version of Adobe Reader.

Restart your computer and let me know what issues remain.

-screen317

Thank you and I have completed the above.

What do I do concerning the file that F-Secure could not clean?

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F8411AA7-B414-4A71-9478-DDCDFDE56440}\RP410\A0140275.EXE (Not cleaned & Submitted)

My computer runs a bit better but stil slow.

[screen317]

When you did this step:

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterwards. Notice the space between the X and the /uninstall

, it took care of the entry that F-Secure couldn't clean.

Next, please run the PCPitstop Full Tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

[IgnorantLady]

When you did this step:

, it took care of the entry that F-Secure couldn't clean.

Next, please run the PCPitstop Full Tests here. When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

Log from PCPitstop:

6 Viruses/Malware found

Name Category Level Whitelist

DirectNetAdvertising.com Adware Level 1

Bifrost Backdoor Level 3

WinAntiVirus Pro 2006 Rogue Security Software Level 3

WinSpywareProtect Rogue Security Software Level 3

WinPup32 Adware Level 1

ErrorGuard Adware Level 1

Name Category Level Whitelist

DirectNetAdvertising.com Adware Level 1

Bifrost Backdoor Level 3

WinAntiVirus Pro 2006 Rogue Security Software Level 3

WinSpywareProtect Rogue Security Software Level 3

WinPup32 Adware Level 1

ErrorGuard Adware Level 1

Look carefully at the threats found below. Most computers do not have any mid or high level threats. If PC Matic has found one or more, please take this problem seriously. Mid and high level threats are by definition malicious software that is compromising the security and performance of your PC. Our advice is always the same - REMOVE IMMEDIATELY.

`21 Available Fixes / 5 Advice Items

Test Area Test Name Scan Result Recommendation

Security High DirectNetAdvertising.com Found Remove

Security High Bifrost Found Remove

Security High WinAntiVirus Pro 2006 Found Remove

Security High WinSpywareProtect Found Remove

Security High WinPup32 Found Remove

Security High ErrorGuard Found Remove

Security Low Tracking Cookies 80 Tracking Cookies found Remove

Junk Files System Restore Files 533.70 MB 50 MB

Junk Files System Restore Files 1,140.74 MB 50 MB

Internet HTTP Internet Settings Unoptimized Optimized

Internet TCP Internet Settings Unoptimized Optimized

Internet dns_settings Unoptimized Optimized

Internet afd_settings Unoptimized Optimized

Startup Programs ATIPTA Enabled Disabled

Startup Programs Microsoft Works Update Detection Enabled Disabled

Startup Programs QuickTime Task Enabled Disabled

Startup Programs Adobe Reader Speed Launcher Enabled Disabled

Registry Registry Fixes 148 Registry Fixes < 100 Registry Fixes

Other Drivers SMC IrCC - Fast Infrared Port5.1.2250.22/27/2001 SMC IrCC - Fast Infrared Port5.1.3600.712/9/2004

Other Drivers Realtek AC97 Audio5.10.00.55102/27/2004 Realtek AC97 Audio5.10.00.63009/24/2008

Other Drivers Realtek RTL8139/810x Family Fast Ethernet NIC5.6102.1125.200312/4/2003 Realtek RTL8139/810x Family Fast Ethernet NIC5.719.0325.20093/25/2009

Memory Utilization Memory Check 448 MB Add at least 64 MB of RAM

Memory Utilization Free Memory % 8% > 20%

Memory Utilization Free Memory 35.84 MB 200 MB

Advice System Restore Test Disabled Enabled

Advice Adobe Reader Advice Adobe Reader 9.3 Replace Adobe Reader

Test Area Test Name Scan Result Recommendation

`

[screen317]

What test did you run?? The results from the Full Tests do not appear like that.

[IgnorantLady]

What test did you run?? The results from the Full Tests do not appear like that.

This results were obtained from a program run on the site as directed

I am running a scan again but a different link on the site - I will post results shortly

Can you explain why infections are still been detected on my PC even after Malwarebytes found nothing?

[IgnorantLady]

This results were obtained from a program run on the site as directed

I am running a scan again but a different link on the site - I will post results shortly

Can you explain why infections are still been detected on my PC even after Malwarebytes found nothing?

url for log:

http://www.pcpitstop.com/betapit/sec.asp?conid=23455972

[screen317]

Hi,

Can you explain why infections are still been detected on my PC even after Malwarebytes found nothing?

If you're referring to the PCPitStop results, then the "infections" listed probably don't exist. There is no trace of them anywhere, and you would be bombarded with popups if that were actually the case. Not sure what those "detections" are, but they may be little more than trying to coax you to purchase the product..

Unless you were referring to your antivirus?