Jump to content

I followed the instuctions and here i am


Recommended Posts

Malwarebytes scan :

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4192

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/21/2010 3:45:44 PM

mbam-log-2010-06-21 (15-45-44).txt

Scan type: Quick scan

Objects scanned: 135559

Time elapsed: 22 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_1 (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_2 (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_3 (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Common Files\keylog.txt (Malware.Trace) -> Quarantined and deleted successfully.

DDS :

DDS (Ver_10-03-17.01) - NTFSx86

Run by Scott Myers at 12:59:18.78 on Mon 06/21/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.340 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}

FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

C:\Program Files\Microsoft Windows OneCare Live\winss.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Scott Myers\My Documents\Downloads\dds.scr

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Alwil Software\Avast5\setup\avast.setup

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.youtube.com/

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

mWinlogon: Userinit=c:\windows\system32\userinit.exe,\\?\globalroot\systemroot\system32\kylgycf.exe,\\?\globalroot\systemroot\system32\g1dkjqm.exe,\\?\globalroot\systemroot\system32\dhufzwc.exe,\\?\globalroot\systemroot\system32\lupqbxv.exe,\\?\globalroot\systemroot\system32\478mlav.exe,\\?\globalroot\systemroot\system32\8Hbm2M2.exe,

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [oovoo.exe] c:\program files\oovoo\oovoo.exe /minimized

uRun: [Google Update] "c:\documents and settings\scott myers\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"

mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

StartupFolder: c:\docume~1\scottm~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://cube.northwestcollege.edu/kxhcm10.ocx

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} - hxxp://64.119.5.59/home/SonySncRz30View.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://87.244.76.134/activex/AxisCamControl.cab

DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/realarcade-webgames/insaniquarium/popcaploader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msrqeubr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scottm~1\applic~1\mozilla\firefox\profiles\ygiwgw9g.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - plugin: c:\docume~1\scottm~1\applic~1\powerc~1\nppowerloader.dll

FF - plugin: c:\documents and settings\scott myers\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\scott myers\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-20 164048]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-20 19024]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-20 40384]

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2010-2-5 26120]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-25 24652]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-20 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-20 40384]

R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2007-12-25 53168]

=============== Created Last 30 ================

2010-06-21 16:38:45 0 ----a-w- c:\documents and settings\scott myers\defogger_reenable

2010-06-21 01:40:07 112640 ----a-w- c:\windows\system32\ePYNrKc.exe

2010-06-21 01:13:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-06-21 00:08:57 112640 ----a-w- c:\windows\system32\G3DWkDN.exe

2010-06-20 23:11:15 112640 ----a-w- c:\windows\system32\UU9wInJ.exe

2010-06-20 16:25:39 112640 ----a-w- c:\windows\system32\CPAQKvt.exe

2010-06-20 15:16:47 112640 ----a-w- c:\windows\system32\pQkYCER.exe

2010-06-19 14:46:32 112640 ----a-w- c:\windows\system32\9EyLNNV.exe

2010-06-19 00:42:19 0 d-----w- c:\docume~1\scottm~1\applic~1\.minecraft

2010-06-18 01:05:27 110080 ----a-w- c:\windows\system32\JymF5rs.exe

2010-06-17 19:04:04 110080 ----a-w- c:\windows\system32\HFToZ6J.exe

2010-06-17 18:59:12 107008 ----a-w- c:\windows\system32\rOT447M.exe

2010-06-17 16:59:19 110080 ----a-w- c:\windows\system32\ljRLxdu.exe

2010-06-17 16:59:00 107008 ----a-w- c:\windows\system32\GDQb0oq.exe

2010-06-17 00:24:44 111616 ----a-w- c:\windows\system32\mOIZqih.exe

2010-06-17 00:24:18 110080 ----a-w- c:\windows\system32\0uNVJbs.exe

2010-06-16 22:12:22 120236 ----a-w- c:\documents and settings\scott myers\.recently-used.xbel

2010-06-16 21:19:54 111616 ----a-w- c:\windows\system32\Zww4Vfy.exe

2010-06-16 20:49:25 111616 ----a-w- c:\windows\system32\d2s9NkD.exe

2010-06-16 18:31:43 0 d-----w- c:\docume~1\scottm~1\applic~1\SUPERAntiSpyware.com

2010-06-16 18:31:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-06-16 18:31:31 0 d-----w- c:\program files\SUPERAntiSpyware

2010-06-16 10:51:14 99328 ----a-w- c:\windows\system32\blIjLQF.exe

2010-06-16 03:10:47 99328 ----a-w- c:\windows\system32\iqQ0avd.exe

2010-06-15 23:29:16 99328 ----a-w- c:\windows\system32\tBzpcIr.exe

2010-06-15 23:23:16 99328 ----a-w- c:\windows\system32\M4iz2De.exe

2010-06-15 23:23:00 104448 ----a-w- c:\windows\system32\8Hbm2M2.exe

2010-06-15 01:44:19 0 d-----w- c:\program files\Axife Mouse Recorder DEMO

2010-06-12 23:44:13 0 d-----w- c:\docume~1\scottm~1\applic~1\Malwarebytes

2010-06-12 23:43:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-12 23:43:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-06-12 23:43:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-12 23:43:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-09 01:59:03 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-08 02:17:21 0 ----a-w- c:\documents and settings\scott myers\tmp.tmp

2010-06-07 07:26:04 0 ----a-w- c:\windows\system32\tmp.tmp

2010-06-07 07:26:03 60928 ----a-w- c:\windows\system32\msrqeubr.dll

==================== Find3M ====================

2010-06-21 16:26:51 86 ----a-w- c:\program files\common files\keylog.txt

2010-05-31 16:42:59 2256 ----a-w- c:\windows\current_settings.bin

2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\dllcache\atmfd.dll

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-06 08:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll

2008-07-28 02:43:33 454 ----a-w- c:\program files\Shortcut to Graal.lnk

2008-07-03 14:00:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070320080704\index.dat

============= FINISH: 13:00:51.20 ===============

Other 2 files are in the attachment in the zipfile. Thank you guys. BTW - My usual browser is google chrome but now when i open it i get a blue screen with white text and it says it is helping me save something. You would like to see that, ask me and ill take a picture with my phone

attach.zip

Link to post
Share on other sites

Hello Lemonscott

Welcome to Malwarebytes.

=====================

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Combofix -

ComboFix 10-06-22.02 - Scott Myers 06/22/2010 16:41:19.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.372 [GMT -4:00]

Running from: c:\documents and settings\Scott Myers\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}

FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Scott Myers\Application Data\.#

c:\documents and settings\Scott Myers\Application Data\.#\MBX@100C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@100C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1048@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1048@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1068@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1068@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@106C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@106C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1114@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1114@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1120@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1120@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@11BC@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@11BC@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@12A0@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@12A0@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@131C@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@131C@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1374@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1374@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1388@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1388@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@139C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@139C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@13C0@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@13C0@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1440@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1440@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@145C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@145C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@146C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@146C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@161C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@161C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1650@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1650@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@16F0@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@16F0@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1728@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1728@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@173C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@173C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@174C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@174C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@18B8@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@18B8@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1914@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1914@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@194@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@194@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@198@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@198@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@19D0@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@19D0@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1A68@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1A68@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1A80@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1A80@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1AB4@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1AB4@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1B24@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1B24@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1C74@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1C74@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1D40@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1D40@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1F8C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1F8C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1FDC@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@1FDC@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@2154@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@2154@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@240@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@240@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@2630@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@2630@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@278@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@278@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@31C@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@31C@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@320@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@320@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@334@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@334@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@33C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@33C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@350@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@350@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@3BC@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@3BC@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@408@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@408@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@46C@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@46C@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@484@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@484@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@4B0@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@4B0@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@4E8@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@4E8@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@544@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@544@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@568@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@568@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@5C0@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@5C0@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@5F8@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@5F8@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@674@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@674@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@6B8@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@6B8@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@6D0@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@6D0@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@6E4@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@6E4@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@714@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@714@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@720@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@720@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@730@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@730@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@744@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@744@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@758@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@758@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@7BC@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@7BC@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@7F4@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@7F4@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@808@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@808@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@818@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@818@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@830@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@830@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@85C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@85C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@8AC@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@8AC@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@8B4@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@8B4@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@8E4@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@8E4@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@988@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@988@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@9B0@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@9B0@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@A10@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@A10@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@A18@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@A18@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@A2C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@A2C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@AAC@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@AAC@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@B2C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@B2C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@B3C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@B3C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@B48@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@B48@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@BD8@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@BD8@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@BDC@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@BDC@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@BE0@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@BE0@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@C00@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@C00@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@C2C@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@C2C@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@C34@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@C34@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@C84@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@C84@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@CC4@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@CC4@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@CCC@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@CCC@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@CD8@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@CD8@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@CFC@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@CFC@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@D34@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@D34@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@D5C@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@D5C@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@D6C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@D6C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@D7C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@D7C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@E14@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@E14@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@E4C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@E4C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@E90@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@E90@B048F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@EA8@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@EA8@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@EF8@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@EF8@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@F1C@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@F1C@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@F58@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@F58@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@FA0@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@FA0@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@FC0@B148E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@FC0@B148F0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@FCC@B048E0.###

c:\documents and settings\Scott Myers\Application Data\.#\MBX@FCC@B048F0.###

C:\LOG25A3.tmp

c:\program files\Common Files\keylog.txt

c:\program files\Internet Explorer\tmp.tmp

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\0uNVJbs.exe

c:\windows\system32\2OtNLqF.exe

c:\windows\system32\d2s9NkD.exe

c:\windows\system32\GDQb0oq.exe

c:\windows\system32\ISenQxL.exe

c:\windows\system32\mOIZqih.exe

c:\windows\system32\N4KOh75.exe

c:\windows\system32\Q9u0X0X.exe

c:\windows\system32\rOT447M.exe

c:\windows\system32\st325602.dll

c:\windows\system32\yUttzSS.exe

c:\windows\system32\Zww4Vfy.exe

.

((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))

.

2010-06-21 01:40 . 2010-06-21 01:40 112640 ----a-w- c:\windows\system32\ePYNrKc.exe

2010-06-21 01:13 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-21 01:13 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-21 01:13 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-21 01:13 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-21 01:13 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-06-21 01:13 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-06-21 01:13 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-06-21 01:13 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-06-21 01:13 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-21 01:13 . 2010-06-21 01:13 -------- d-----w- c:\program files\Alwil Software

2010-06-21 01:13 . 2010-06-21 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-06-21 00:08 . 2010-06-21 00:08 112640 ----a-w- c:\windows\system32\G3DWkDN.exe

2010-06-20 23:11 . 2010-06-20 23:11 112640 ----a-w- c:\windows\system32\UU9wInJ.exe

2010-06-20 16:25 . 2010-06-20 16:25 112640 ----a-w- c:\windows\system32\CPAQKvt.exe

2010-06-20 15:16 . 2010-06-20 15:16 112640 ----a-w- c:\windows\system32\pQkYCER.exe

2010-06-19 14:46 . 2010-06-19 14:46 112640 ----a-w- c:\windows\system32\9EyLNNV.exe

2010-06-19 00:42 . 2010-06-19 00:42 -------- d-----w- c:\documents and settings\Scott Myers\Application Data\.minecraft

2010-06-16 18:31 . 2010-06-16 18:31 -------- d-----w- c:\documents and settings\Scott Myers\Application Data\SUPERAntiSpyware.com

2010-06-16 18:31 . 2010-06-16 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-06-16 18:31 . 2010-06-16 18:31 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-06-16 03:13 . 2010-06-16 03:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-16 03:08 . 2010-06-16 03:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-06-16 03:08 . 2010-06-16 03:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2010-06-16 03:06 . 2010-06-16 03:06 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-06-15 23:23 . 2010-06-15 23:22 104448 ----a-w- c:\windows\system32\8Hbm2M2.exe

2010-06-15 01:44 . 2010-06-15 01:44 -------- d-----w- c:\program files\Axife Mouse Recorder DEMO

2010-06-12 23:44 . 2010-06-12 23:44 -------- d-----w- c:\documents and settings\Scott Myers\Application Data\Malwarebytes

2010-06-12 23:43 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-12 23:43 . 2010-06-12 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-12 23:43 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-12 23:43 . 2010-06-12 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-09 01:59 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-07 07:26 . 2010-06-07 07:26 60928 ----a-w- c:\windows\system32\msrqeubr.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-22 20:36 . 2010-06-08 02:17 0 ----a-w- c:\documents and settings\Scott Myers\tmp.tmp

2010-06-22 20:34 . 2010-05-12 01:14 -------- d-----w- c:\program files\Common Files\Akamai

2010-06-22 20:33 . 2010-06-07 07:26 0 ----a-w- c:\windows\system32\tmp.tmp

2010-06-21 19:37 . 2007-12-25 17:02 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

2010-06-21 03:38 . 2008-09-07 01:22 -------- d-----w- c:\program files\Image-Line

2010-06-21 00:56 . 2007-12-25 16:58 46792 ----a-w- c:\documents and settings\Scott Myers\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-21 00:53 . 2007-12-14 21:26 -------- d-----w- c:\program files\Google

2010-06-21 00:16 . 2010-02-26 21:45 -------- d-----w- c:\program files\PopCap Games

2010-06-21 00:15 . 2007-12-14 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-21 00:04 . 2008-07-28 03:27 -------- d-----w- c:\program files\RealArcade

2010-06-20 23:58 . 2007-12-30 22:23 -------- d-----w- c:\program files\Vstplugins

2010-06-20 23:15 . 2008-03-02 04:12 -------- d-----w- c:\program files\Graal

2010-06-20 21:40 . 2008-03-19 21:30 -------- d-----w- c:\program files\Pivot Stickfigure Animator

2010-06-20 21:40 . 2008-04-11 18:21 -------- d-----w- c:\program files\MAGIX

2010-06-20 21:40 . 2008-04-11 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX

2010-06-20 21:37 . 2008-03-07 01:06 -------- d-----w- c:\program files\AVS4YOU

2010-06-20 21:31 . 2008-03-08 19:28 -------- d-----w- c:\program files\Phun

2010-06-20 21:30 . 2007-12-25 18:18 -------- d-----w- c:\program files\Common Files\AOL

2010-06-20 21:18 . 2008-05-04 21:53 -------- d-----w- c:\program files\Active GIF Creator 3.2

2010-06-20 21:17 . 2009-09-17 01:49 -------- d-----w- c:\program files\Acoustica Mixcraft 4

2010-06-20 21:17 . 2009-09-17 01:50 -------- d-----w- c:\program files\Acoustica Shared Effects

2010-06-16 18:32 . 2010-06-16 18:32 63488 ----a-w- c:\documents and settings\Scott Myers\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-16 18:32 . 2010-06-16 18:32 52224 ----a-w- c:\documents and settings\Scott Myers\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-06-16 18:32 . 2010-06-16 18:32 117760 ----a-w- c:\documents and settings\Scott Myers\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-16 03:14 . 2008-02-06 01:10 53064 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-11 00:17 . 2007-12-14 21:27 -------- d-----w- c:\program files\Common Files\Adobe

2010-06-03 00:53 . 2008-07-30 23:23 -------- d-----w- c:\documents and settings\Scott Myers\Application Data\gtk-2.0

2010-05-31 16:42 . 2008-01-19 17:35 2256 ----a-w- c:\windows\current_settings.bin

2010-05-22 16:35 . 2010-05-22 16:35 61440 ----a-w- c:\documents and settings\Scott Myers\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5591bf99-n\decora-sse.dll

2010-05-22 16:35 . 2010-05-22 16:35 503808 ----a-w- c:\documents and settings\Scott Myers\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4471769f-n\msvcp71.dll

2010-05-22 16:35 . 2010-05-22 16:35 499712 ----a-w- c:\documents and settings\Scott Myers\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4471769f-n\jmc.dll

2010-05-22 16:35 . 2010-05-22 16:35 348160 ----a-w- c:\documents and settings\Scott Myers\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4471769f-n\msvcr71.dll

2010-05-22 16:35 . 2010-05-22 16:35 12800 ----a-w- c:\documents and settings\Scott Myers\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5591bf99-n\decora-d3d.dll

2010-05-22 16:12 . 2007-12-30 22:09 -------- d-----w- c:\documents and settings\Scott Myers\Application Data\LimeWire

2010-05-11 21:34 . 2007-12-14 21:20 -------- d-----w- c:\program files\Common Files\Java

2010-05-11 21:34 . 2010-05-11 21:34 503808 ----a-w- c:\documents and settings\Scott Myers\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b7b7296-n\msvcp71.dll

2010-05-11 21:34 . 2010-05-11 21:34 499712 ----a-w- c:\documents and settings\Scott Myers\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b7b7296-n\jmc.dll

2010-05-11 21:34 . 2010-05-11 21:34 348160 ----a-w- c:\documents and settings\Scott Myers\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b7b7296-n\msvcr71.dll

2010-05-11 21:34 . 2010-05-11 21:34 12800 ----a-w- c:\documents and settings\Scott Myers\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1a398cd6-n\decora-d3d.dll

2010-05-11 21:34 . 2010-05-11 21:34 61440 ----a-w- c:\documents and settings\Scott Myers\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1a398cd6-n\decora-sse.dll

2010-05-11 21:34 . 2007-12-14 21:20 -------- d-----w- c:\program files\Java

2010-05-06 10:41 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 19:42 . 2008-04-27 21:41 -------- d-----w- c:\documents and settings\Scott Myers\Application Data\CyberLink

2010-05-02 05:22 . 2004-08-10 18:51 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30 . 2004-08-10 18:50 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-12 21:29 . 2010-05-11 21:34 411368 ----a-w- c:\windows\system32\deployJava1.dll

2008-07-28 02:43 . 2008-07-28 02:43 454 ----a-w- c:\program files\Shortcut to Graal.lnk

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2010-02-10 18784440]

"Google Update"="c:\documents and settings\Scott Myers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-03 135664]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-24 8466432]

"nwiz"="nwiz.exe" [2007-09-24 1626112]

"NVHotkey"="nvHotkey.dll" [2007-09-24 67584]

"NvMediaCenter"="NvMCTray.dll" [2007-09-24 81920]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-09-07 1236992]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]

"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2010-02-05 65256]

"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\documents and settings\Scott Myers\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-14 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\system32\userinit.exe,\\?\globalroot\systemroot\system32\KYLgyCF.exe,\\?\globalroot\systemroot\system32\g1dkjQM.exe,\\?\globalroot\systemroot\system32\dhUFzWC.exe,\\?\globalroot\systemroot\system32\LUpQbXv.exe,\\?\globalroot\systemroot\system32\478MLaV.exe,\\?\globalroot\systemroot\system32\8Hbm2M2.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msrqeubr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"c:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:ooVoo TCP port 443

"443:UDP"= 443:UDP:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

"37678:TCP"= 37678:TCP:*:Disabled:ooVoo TCP port 37678

"37678:UDP"= 37678:UDP:*:Disabled:ooVoo UDP port 37678

"37679:UDP"= 37679:UDP:*:Disabled:ooVoo UDP port 37679

"28677:TCP"= 28677:TCP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/20/2010 9:13 PM 164048]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 2:51 PM 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/20/2010 9:13 PM 19024]

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2/5/2010 5:19 PM 26120]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/25/2007 2:18 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122210934-3354750130-1131209369-1006Core.job

- c:\documents and settings\Scott Myers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-03 03:57]

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122210934-3354750130-1131209369-1006UA.job

- c:\documents and settings\Scott Myers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-03 03:57]

2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{5920A00C-6D0C-40C1-86FE-684AB125CA05}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.youtube.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214

DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://cube.northwestcollege.edu/kxhcm10.ocx

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

FF - ProfilePath - c:\documents and settings\Scott Myers\Application Data\Mozilla\Firefox\Profiles\ygiwgw9g.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - plugin: c:\docume~1\SCOTTM~1\APPLIC~1\POWERC~1\nppowerloader.dll

FF - plugin: c:\documents and settings\Scott Myers\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\Scott Myers\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Download Manager\npfpdlm.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-22 16:54

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2122210934-3354750130-1131209369-1006\Software\SecuROM\License information*]

"datasecu"=hex:2e,74,2e,35,79,c2,db,3a,36,f9,a7,6a,79,93,9f,67,c6,2b,89,59,81,

00,ed,5d,7d,85,ba,fc,31,39,81,f8,93,43,7d,c9,e4,d6,ef,86,3b,79,37,3d,66,24,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\System32\BCMLogon.dll

.

Completion time: 2010-06-22 17:01:03

ComboFix-quarantined-files.txt 2010-06-22 21:00

Pre-Run: 82,340,757,504 bytes free

Post-Run: 85,270,396,928 bytes free

- - End Of File - - 0EF50D0E496F13038A0AE65ED7C97EFB

Link to post
Share on other sites

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.
For you this is referencing Limewire please remove this program before continuing.

Also it appears as that you have 2 antivirus programs running Windows Live care and Avast please remove one or the other.

1. Open notepad and copy/paste the text in the codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=54893

Collect::
c:\windows\system32\ePYNrKc.exe
c:\windows\system32\G3DWkDN.exe
c:\windows\system32\UU9wInJ.exe
c:\windows\system32\CPAQKvt.exe
c:\windows\system32\pQkYCER.exe
c:\windows\system32\9EyLNNV.exe
c:\windows\system32\8Hbm2M2.exe
c:\windows\system32\msrqeubr.dll
c:\documents and settings\Scott Myers\tmp.tmp
c:\windows\system32\tmp.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\\windows\\system32\\userinit.exe,"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll.msnsspc.dll"

Save this as CFScript.txt

Drag CFScript.txt into ComboFix.exe

2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

4. During this run Combofix will collect and automatically upload some sample files.

You will see it say Combofix needs to upload some samples.

If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Link to post
Share on other sites

Actually no this is because they will severely slow down the system and can have false positives against each other.

Also having 2 antivirus programs offers less protection as one is fighting with the other.

One Care will be fully supported through the end of 2010 after that it is discontinued.

I suggest removing it.

If you must keep it then I would remove Avast.

This will help the system to run much better overall plus provide less conflict.

Link to post
Share on other sites

ComboFix 10-06-22.02 - Scott Myers 06/22/2010 19:52:58.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.348 [GMT -4:00]

Running from: c:\documents and settings\Scott Myers\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Scott Myers\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}

FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

file zipped: c:\documents and settings\Scott Myers\tmp.tmp

file zipped: c:\windows\system32\8Hbm2M2.exe

file zipped: c:\windows\system32\9EyLNNV.exe

file zipped: c:\windows\system32\CPAQKvt.exe

file zipped: c:\windows\system32\ePYNrKc.exe

file zipped: c:\windows\system32\G3DWkDN.exe

file zipped: c:\windows\system32\msrqeubr.dll

file zipped: c:\windows\system32\pQkYCER.exe

file zipped: c:\windows\system32\tmp.tmp

file zipped: c:\windows\system32\UU9wInJ.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Scott Myers\tmp.tmp

c:\program files\Common Files\keylog.txt

c:\windows\system32\8Hbm2M2.exe

c:\windows\system32\9EyLNNV.exe

c:\windows\system32\CPAQKvt.exe

c:\windows\system32\ePYNrKc.exe

c:\windows\system32\G3DWkDN.exe

c:\windows\system32\lZOxY9p.exe

c:\windows\system32\msrqeubr.dll

c:\windows\system32\pQkYCER.exe

c:\windows\system32\tmp.tmp

c:\windows\system32\UU9wInJ.exe

.

((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))

.

2010-06-21 01:13 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-21 01:13 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-21 01:13 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-21 01:13 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-21 01:13 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-06-21 01:13 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-06-21 01:13 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-06-21 01:13 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-06-21 01:13 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-21 01:13 . 2010-06-21 01:13 -------- d-----w- c:\program files\Alwil Software

2010-06-21 01:13 . 2010-06-21 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-06-19 00:42 . 2010-06-19 00:42 -------- d-----w- c:\documents and settings\Scott Myers\Application Data\.minecraft

2010-06-16 18:31 . 2010-06-16 18:31 -------- d-----w- c:\documents and settings\Scott Myers\Application Data\SUPERAntiSpyware.com

2010-06-16 18:31 . 2010-06-16 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-06-16 18:31 . 2010-06-16 18:31 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-06-16 03:13 . 2010-06-16 03:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-16 03:08 . 2010-06-16 03:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-06-16 03:08 . 2010-06-16 03:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2010-06-16 03:06 . 2010-06-16 03:06 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2010-06-15 01:44 . 2010-06-15 01:44 -------- d-----w- c:\program files\Axife Mouse Recorder DEMO

2010-06-12 23:44 . 2010-06-12 23:44 -------- d-----w- c:\documents and settings\Scott Myers\Application Data\Malwarebytes

2010-06-12 23:43 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-12 23:43 . 2010-06-12 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-12 23:43 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-12 23:43 . 2010-06-12 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-09 01:59 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-23 00:06 . 2010-05-12 01:14 -------- d-----w- c:\program files\Common Files\Akamai

2010-06-22 23:45 . 2007-12-30 22:09 -------- d-----w- c:\program files\LimeWire

2010-06-21 19:37 . 2007-12-25 17:02 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

2010-06-21 03:38 . 2008-09-07 01:22 -------- d-----w- c:\program files\Image-Line

2010-06-21 00:56 . 2007-12-25 16:58 46792 ----a-w- c:\documents and settings\Scott Myers\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-21 00:53 . 2007-12-14 21:26 -------- d-----w- c:\program files\Google

2010-06-21 00:16 . 2010-02-26 21:45 -------- d-----w- c:\program files\PopCap Games

2010-06-21 00:15 . 2007-12-14 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-21 00:04 . 2008-07-28 03:27 -------- d-----w- c:\program files\RealArcade

2010-06-20 23:58 . 2007-12-30 22:23 -------- d-----w- c:\program files\Vstplugins

2010-06-20 23:15 . 2008-03-02 04:12 -------- d-----w- c:\program files\Graal

2010-06-20 21:40 . 2008-03-19 21:30 -------- d-----w- c:\program files\Pivot Stickfigure Animator

2010-06-20 21:40 . 2008-04-11 18:21 -------- d-----w- c:\program files\MAGIX

2010-06-20 21:40 . 2008-04-11 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX

2010-06-20 21:37 . 2008-03-07 01:06 -------- d-----w- c:\program files\AVS4YOU

2010-06-20 21:31 . 2008-03-08 19:28 -------- d-----w- c:\program files\Phun

2010-06-20 21:30 . 2007-12-25 18:18 -------- d-----w- c:\program files\Common Files\AOL

2010-06-20 21:18 . 2008-05-04 21:53 -------- d-----w- c:\program files\Active GIF Creator 3.2

2010-06-20 21:17 . 2009-09-17 01:49 -------- d-----w- c:\program files\Acoustica Mixcraft 4

2010-06-20 21:17 . 2009-09-17 01:50 -------- d-----w- c:\program files\Acoustica Shared Effects

2010-06-16 03:14 . 2008-02-06 01:10 53064 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-11 00:17 . 2007-12-14 21:27 -------- d-----w- c:\program files\Common Files\Adobe

2010-06-03 00:53 . 2008-07-30 23:23 -------- d-----w- c:\documents and settings\Scott Myers\Application Data\gtk-2.0

2010-05-31 16:42 . 2008-01-19 17:35 2256 ----a-w- c:\windows\current_settings.bin

2010-05-22 16:12 . 2007-12-30 22:09 -------- d-----w- c:\documents and settings\Scott Myers\Application Data\LimeWire

2010-05-11 21:34 . 2007-12-14 21:20 -------- d-----w- c:\program files\Common Files\Java

2010-05-11 21:34 . 2007-12-14 21:20 -------- d-----w- c:\program files\Java

2010-05-06 10:41 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 19:42 . 2008-04-27 21:41 -------- d-----w- c:\documents and settings\Scott Myers\Application Data\CyberLink

2010-05-02 05:22 . 2004-08-10 18:51 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30 . 2004-08-10 18:50 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-12 21:29 . 2010-05-11 21:34 411368 ----a-w- c:\windows\system32\deployJava1.dll

2008-07-28 02:43 . 2008-07-28 02:43 454 ----a-w- c:\program files\Shortcut to Graal.lnk

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2010-02-10 18784440]

"Google Update"="c:\documents and settings\Scott Myers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-03 135664]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-24 8466432]

"nwiz"="nwiz.exe" [2007-09-24 1626112]

"NVHotkey"="nvHotkey.dll" [2007-09-24 67584]

"NvMediaCenter"="NvMCTray.dll" [2007-09-24 81920]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-09-07 1236992]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]

"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2010-02-05 65256]

"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\documents and settings\Scott Myers\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-14 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msrqeubr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"c:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:ooVoo TCP port 443

"443:UDP"= 443:UDP:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

"37678:TCP"= 37678:TCP:*:Disabled:ooVoo TCP port 37678

"37678:UDP"= 37678:UDP:*:Disabled:ooVoo UDP port 37678

"37679:UDP"= 37679:UDP:*:Disabled:ooVoo UDP port 37679

"28677:TCP"= 28677:TCP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/20/2010 9:13 PM 164048]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 2:51 PM 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/20/2010 9:13 PM 19024]

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2/5/2010 5:19 PM 26120]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/25/2007 2:18 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122210934-3354750130-1131209369-1006Core.job

- c:\documents and settings\Scott Myers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-03 03:57]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122210934-3354750130-1131209369-1006UA.job

- c:\documents and settings\Scott Myers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-03 03:57]

2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{5920A00C-6D0C-40C1-86FE-684AB125CA05}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.youtube.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214

DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://cube.northwestcollege.edu/kxhcm10.ocx

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

FF - ProfilePath - c:\documents and settings\Scott Myers\Application Data\Mozilla\Firefox\Profiles\ygiwgw9g.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - plugin: c:\docume~1\SCOTTM~1\APPLIC~1\POWERC~1\nppowerloader.dll

FF - plugin: c:\documents and settings\Scott Myers\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\Scott Myers\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Download Manager\npfpdlm.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-22 20:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2122210934-3354750130-1131209369-1006\Software\SecuROM\License information*]

"datasecu"=hex:2e,74,2e,35,79,c2,db,3a,36,f9,a7,6a,79,93,9f,67,c6,2b,89,59,81,

00,ed,5d,7d,85,ba,fc,31,39,81,f8,93,43,7d,c9,e4,d6,ef,86,3b,79,37,3d,66,24,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1172)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\STacSV.exe

c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

c:\program files\Microsoft Windows OneCare Live\winss.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\RunDLL32.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\DellTPad\Apntex.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-06-22 20:16:37 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-23 00:16

ComboFix2.txt 2010-06-22 21:01

Pre-Run: 85,342,904,320 bytes free

Post-Run: 85,303,316,480 bytes free

- - End Of File - - 097DDC829FD982BE7644CF468DD708B4

Link to post
Share on other sites

laptop is looking GREAT right now. Thanks for the help so far. Ill be sure to use the paypal under your post once my computer is completely clean. I can finally watch videos and go to things fast. My computer usage is no usually between 0 -30 with internet open rather then 60+ with no programs open.

Link to post
Share on other sites

Actually no this is because they will severely slow down the system and can have false positives against each other.

Also having 2 antivirus programs offers less protection as one is fighting with the other.

One Care will be fully supported through the end of 2010 after that it is discontinued.

I suggest removing it.

If you must keep it then I would remove Avast.

This will help the system to run much better overall plus provide less conflict.

thanks for the info, i will uninstall onecare it right now.

Link to post
Share on other sites

Please do the following before running the scans.

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

=======================

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Link to post
Share on other sites

=======================

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

uploaded the submit file, am i ready to run these 2 scans?

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4226

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/22/2010 10:22:47 PM

mbam-log-2010-06-22 (22-22-47).txt

Scan type: Quick scan

Objects scanned: 131181

Time elapsed: 18 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_1 (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_2 (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\option_3 (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

they are still there :[

Link to post
Share on other sites

You can run this tomorrow it will take a while but post the log when it is complete.

Please click here to download Kaspersky Virus Removal Tool.

  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  5. Then click on Start Scan.
  6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  7. When the scan is done no log will be produced.
  8. Click on the bottom where it says Report to open the report.
  9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  11. You can save this on the desktop.
  12. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Link to post
Share on other sites

Autoscan: completed 1 minute ago (events: 14, objects: 159043, time: 05:50:31)

6/23/2010 6:32:35 AM Task started

6/23/2010 6:46:21 AM Detected: Trojan.Java.Agent.u C:\Documents and Settings\Scott Myers\Application Data\Sun\Java\Deployment\cache\6.0\49\5b211c31-40f0e8ed/quote/GMailer.class

6/23/2010 6:46:21 AM Untreated: Trojan.Java.Agent.u C:\Documents and Settings\Scott Myers\Application Data\Sun\Java\Deployment\cache\6.0\49\5b211c31-40f0e8ed/quote/GMailer.class Postponed

6/23/2010 6:46:21 AM Detected: Trojan-Downloader.Java.Agent.dr C:\Documents and Settings\Scott Myers\Application Data\Sun\Java\Deployment\cache\6.0\49\5b211c31-40f0e8ed/quote/Gmerrews.class

6/23/2010 6:46:21 AM Untreated: Trojan-Downloader.Java.Agent.dr C:\Documents and Settings\Scott Myers\Application Data\Sun\Java\Deployment\cache\6.0\49\5b211c31-40f0e8ed/quote/Gmerrews.class Postponed

6/23/2010 6:46:21 AM Detected: Exploit.Java.Agent.f C:\Documents and Settings\Scott Myers\Application Data\Sun\Java\Deployment\cache\6.0\49\5b211c31-40f0e8ed/quote/GReader.class

6/23/2010 6:46:21 AM Untreated: Exploit.Java.Agent.f C:\Documents and Settings\Scott Myers\Application Data\Sun\Java\Deployment\cache\6.0\49\5b211c31-40f0e8ed/quote/GReader.class Postponed

6/23/2010 6:46:24 AM Detected: Exploit.Java.Agent.f C:\Documents and Settings\Scott Myers\Application Data\Sun\Java\Deployment\cache\6.0\51\7d0bedf3-184d5a1d/GoogleCode.class

6/23/2010 6:46:24 AM Untreated: Exploit.Java.Agent.f C:\Documents and Settings\Scott Myers\Application Data\Sun\Java\Deployment\cache\6.0\51\7d0bedf3-184d5a1d/GoogleCode.class Postponed

6/23/2010 7:34:12 AM Detected: Backdoor.Win32.Raid.af C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0012555.exe

6/23/2010 7:34:13 AM Untreated: Backdoor.Win32.Raid.af C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0012555.exe Postponed

6/23/2010 7:47:34 AM Detected: Backdoor.Win32.Raid.af C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0012555.exe

6/23/2010 12:23:06 PM Deleted: Backdoor.Win32.Raid.af C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0012555.exe

6/23/2010 12:23:07 PM Task completed

is that what you wanted? if not, i still have the program opened

Link to post
Share on other sites

almost positive this is good news :P , but some of my pictures aren't loading on facebook so i assume that has something to do with the Java.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4232

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/23/2010 11:32:15 PM

mbam-log-2010-06-23 (23-32-15).txt

Scan type: Quick scan

Objects scanned: 131387

Time elapsed: 11 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by Scott Myers at 8:39:21.95 on Thu 06/24/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.272 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\ooVoo\oovoo.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\iTunes\iTunes.exe

C:\Documents and Settings\Scott Myers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Apple Software Update\SoftwareUpdate.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

C:\Documents and Settings\Scott Myers\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.youtube.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071214

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [oovoo.exe] c:\program files\oovoo\oovoo.exe /minimized

uRun: [Google Update] "c:\documents and settings\scott myers\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

StartupFolder: c:\docume~1\scottm~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\scottm~1\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\scott myers\desktop\virus removal tool\setup_9.0.0.722_23.06.2010_03-42\startup.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://cube.northwestcollege.edu/kxhcm10.ocx

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} - hxxp://64.119.5.59/home/SonySncRz30View.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://87.244.76.134/activex/AxisCamControl.cab

DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/realarcade-webgames/insaniquarium/popcaploader.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msrqeubr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scottm~1\applic~1\mozilla\firefox\profiles\ygiwgw9g.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - plugin: c:\docume~1\scottm~1\applic~1\powerc~1\nppowerloader.dll

FF - plugin: c:\documents and settings\scott myers\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\scott myers\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 28674762;28674762 Boot Guard Driver;c:\windows\system32\drivers\28674762.sys [2010-6-22 37392]

R1 28674761;28674761;c:\windows\system32\drivers\28674761.sys [2010-6-22 128016]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-20 164048]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 setup_9.0.0.722_23.06.2010_03-42drv;setup_9.0.0.722_23.06.2010_03-42drv;c:\windows\system32\drivers\2867476.sys [2010-6-22 315408]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-20 19024]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-20 40384]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-25 24652]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-20 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-20 40384]

S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]

=============== Created Last 30 ================

2010-06-23 11:11:36 296 --sha-w- c:\windows\setup_9.0.0.722_23.06.2010_03-42drv.spi

2010-06-23 02:47:31 37392 ----a-w- c:\windows\system32\drivers\28674762.sys

2010-06-23 02:47:31 315408 ----a-w- c:\windows\system32\drivers\2867476.sys

2010-06-23 02:47:31 128016 ----a-w- c:\windows\system32\drivers\28674761.sys

2010-06-23 01:23:10 0 d-sh--w- c:\docume~1\scottm~1\applic~1\.#

2010-06-22 20:28:05 0 d-sha-r- C:\cmdcons

2010-06-22 20:21:38 77312 ----a-w- c:\windows\MBR.exe

2010-06-22 20:21:37 98816 ----a-w- c:\windows\sed.exe

2010-06-22 20:21:37 256512 ----a-w- c:\windows\PEV.exe

2010-06-22 20:21:37 161792 ----a-w- c:\windows\SWREG.exe

2010-06-21 16:38:45 0 ----a-w- c:\documents and settings\scott myers\defogger_reenable

2010-06-21 01:13:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-06-19 00:42:19 0 d-----w- c:\docume~1\scottm~1\applic~1\.minecraft

2010-06-16 22:12:22 120236 ----a-w- c:\documents and settings\scott myers\.recently-used.xbel

2010-06-16 18:31:43 0 d-----w- c:\docume~1\scottm~1\applic~1\SUPERAntiSpyware.com

2010-06-16 18:31:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-06-16 18:31:31 0 d-----w- c:\program files\SUPERAntiSpyware

2010-06-15 01:44:19 0 d-----w- c:\program files\Axife Mouse Recorder DEMO

2010-06-12 23:44:13 0 d-----w- c:\docume~1\scottm~1\applic~1\Malwarebytes

2010-06-12 23:43:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-12 23:43:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-06-12 23:43:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-12 23:43:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-09 01:59:03 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-06-24 04:12:18 33256 ---ha-w- c:\windows\system32\mlfcache.dat

2010-05-31 16:42:59 2256 ----a-w- c:\windows\current_settings.bin

2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\dllcache\atmfd.dll

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-06 08:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll

2010-03-31 04:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-03-31 04:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2008-07-28 02:43:33 454 ----a-w- c:\program files\Shortcut to Graal.lnk

2008-07-03 14:00:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070320080704\index.dat

============= FINISH: 8:40:26.03 ===============

Link to post
Share on other sites

Some leftovers to get rid of.

1. Please open Notepad

  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
c:\docume~1\scottm~1\applic~1\.#
c:\documents and settings\scott myers\desktop\virus removal tool

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll,schannel.dll,digest.dll,msnsspc.dll"

File::
c:\windows\system32\drivers\28674762.sys
c:\windows\system32\drivers\28674761.sys
c:\windows\system32\drivers\2867476.sys
c:\windows\setup_9.0.0.722_23.06.2010_03-42drv.spi
c:\documents and settings\scott myers\desktop\virus removal tool\setup_9.0.0.722_23.06.2010_03-42\startup.exe
c:\docume~1\scottm~1\startm~1\programs\startup\setup_~1.lnk


Driver::
28674762
28674761
setup_9.0.0.722_23.06.2010_03-42drv

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt

=============

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.