Olmarik.IF

[sampleinajar]

I was infected with Olmarik.IF which was identified, but unable to be removed by ESET. I could not get Malwarebytes to run until after running combofix (I figured that I would be reformatting so why not) and renaming the mbam.exe file. Prior to that I would get an error when trying to install or run malwarebytes (run time error 53 could not find file mbamnet.dll). Malwarebytes was able to identify Trojan.FakeMS, Rouge.FakeHDD, and PUM.BAD.Proxy. Since then I have run Malwarebytes, ESET, and TDSSkiller. All have come back clean. Is there anyway to tell if my PC is clean?

ComboFix.txt

mbam-log-2011-06-01 (21-13-29).txt

[screen317]

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

[sampleinajar]

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Eric Mills at 19:16:38 on 2011-06-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1148 [GMT -4:00]

.

AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Fitbit\fitbit.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070124

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [WD Anywhere Backup] c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe --silent

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://go.gwinnett.k12.ga.us/norcrossln01/iNotes6W.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170031684265

DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://go.gwinnett.k12.ga.us/norcrossln01/dwa85W.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://cadman.viewnetcam.com:50000/bl_camera.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {93B08541-9F6B-4697-9F9A-7058F1E33785} - hxxps://support.immucor.com/inquiero/mod/setup/ntractivex1182.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://secure.immucor.com/dana-cached/setup/JuniperSetupSP1.cab

DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxps://support.immucor.com/inquiero/mod/setup/ntractivex118_24.cab

TCP: Interfaces\{92A09D4F-A7AD-4284-A329-0CC94BC02AA7} : DhcpNameServer = 68.87.68.166 68.87.74.166

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\eric mills\application data\mozilla\firefox\profiles\niwuhutt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]

R2 Fitbit;Fitbit Data Uploader;c:\program files\fitbit\fitbit.exe [2010-5-14 777336]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-17 25824]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-26 24652]

RUnknown pavboot;pavboot; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]

S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2010-5-14 14848]

.

=============== Created Last 30 ================

.

2011-06-02 00:38:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-06-02 00:38:20 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-06-02 00:38:20 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-06-02 00:38:20 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-06-02 00:38:20 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-06-02 00:38:20 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-06-02 00:38:20 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-06-02 00:38:20 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-06-02 00:38:20 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-06-02 00:38:20 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-06-02 00:23:37 -------- d-----w- c:\program files\Malwarebytes

2011-06-01 23:55:27 -------- d-sha-r- C:\cmdcons

2011-06-01 23:52:03 98816 ----a-w- c:\windows\sed.exe

2011-06-01 23:52:03 518144 ----a-w- c:\windows\SWREG.exe

2011-06-01 23:52:03 256512 ----a-w- c:\windows\PEV.exe

2011-06-01 23:52:03 208896 ----a-w- c:\windows\MBR.exe

2011-06-01 23:47:55 -------- d-----w- c:\documents and settings\eric mills\local settings\application data\AskToolbar

2011-06-01 23:45:04 -------- d-----w- c:\documents and settings\eric mills\application data\Sammsoft

2011-06-01 23:44:53 -------- d-----w- c:\program files\Ask.com

2011-06-01 23:29:35 -------- d-----w- c:\program files\Panda Security

2011-06-01 10:25:02 4224 ----a-w- c:\windows\system32\beep.sys

2011-05-23 00:05:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

.

============= FINISH: 19:17:18.73 ===============

[sampleinajar]

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6766

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/4/2011 7:23:35 PM

mbam-log-2011-06-04 (19-23-35).txt

Scan type: Quick scan

Objects scanned: 190595

Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[screen317]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[sampleinajar]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

ComboFix 11-06-06.07 - Eric Mills 06/07/2011 20:47:53.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1277 [GMT -4:00]

Running from: c:\documents and settings\Eric Mills\Desktop\ComboFix.exe

AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))

.

.

2011-06-07 02:16 . 2011-06-07 02:16 -------- d-----w- c:\program files\iPod

2011-06-07 02:15 . 2011-06-07 02:16 -------- d-----w- c:\program files\iTunes

2011-06-07 02:10 . 2011-06-07 02:10 -------- d-----w- c:\program files\Bonjour

2011-06-02 22:33 . 2011-06-02 22:33 -------- d-----w- c:\documents and settings\Sarah Newhard\Local Settings\Application Data\Mozilla

2011-06-02 00:38 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-06-02 00:38 . 2011-04-14 16:25 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-06-02 00:38 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-06-02 00:38 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-06-02 00:38 . 2011-04-14 16:25 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-06-02 00:38 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-06-02 00:38 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-06-02 00:38 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-06-02 00:38 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-06-02 00:38 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-06-02 00:23 . 2011-06-02 01:35 -------- d-----w- c:\program files\Malwarebytes

2011-06-01 23:47 . 2011-06-01 23:49 -------- d-----w- c:\documents and settings\Eric Mills\Local Settings\Application Data\AskToolbar

2011-06-01 23:45 . 2011-06-02 00:15 -------- d-----w- c:\documents and settings\Eric Mills\Application Data\Sammsoft

2011-06-01 23:44 . 2011-06-01 23:45 -------- d-----w- c:\program files\Ask.com

2011-06-01 23:29 . 2011-06-02 01:35 -------- d-----w- c:\program files\Panda Security

2011-06-01 10:25 . 2004-08-10 10:00 4224 ----a-w- c:\windows\system32\beep.sys

2011-05-23 00:05 . 2011-05-23 00:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 13:11 . 2010-11-07 00:28 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2010-11-07 00:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-14 16:26 . 2011-06-02 00:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-02_00.02.58 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-07 02:11 . 2011-02-18 20:36 41984 c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaapl.sys

+ 2011-06-03 13:40 . 2011-06-03 13:40 21504 c:\windows\Installer\7d14351.msi

+ 2011-06-07 02:10 . 2011-06-07 02:10 811520 c:\windows\Installer\19f245fc.msi

+ 2011-06-07 02:17 . 2011-06-07 02:17 380928 c:\windows\Installer\{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}\iTunesIco.exe

+ 2011-06-07 02:11 . 2011-02-18 20:36 4184352 c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaaplrc.dll

+ 2011-06-07 02:17 . 2011-06-07 02:17 6523904 c:\windows\Installer\19f24f09.msi

+ 2011-06-07 02:11 . 2011-06-07 02:11 3085312 c:\windows\Installer\19f24667.msi

+ 2011-06-07 02:11 . 2011-06-07 02:11 1984000 c:\windows\Installer\19f2461f.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-02-01 23:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]

"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2009-04-17 197856]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

.

c:\documents and settings\Sarah Newhard\Start Menu\Programs\Startup\

Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-15 344064]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-4 813584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0

"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1

"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2

"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3

"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4

"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5

"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6

"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7

"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8

"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9

"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration

"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/16/2009 10:03 AM 108792]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/16/2009 10:04 AM 735960]

R2 Fitbit;Fitbit Data Uploader;c:\program files\Fitbit\fitbit.exe [5/14/2010 4:11 PM 777336]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [4/17/2009 1:51 PM 25824]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/26/2007 7:56 PM 24652]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/27/2010 6:15 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/27/2010 6:15 PM 135664]

S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [5/14/2010 4:11 PM 14848]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - HTTPFILTER

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

.

2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 22:15]

.

2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 22:15]

.

2011-06-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 23:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070124

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: {93B08541-9F6B-4697-9F9A-7058F1E33785} - hxxps://support.immucor.com/inquiero/mod/setup/ntractivex1182.cab

FF - ProfilePath - c:\documents and settings\Eric Mills\Application Data\Mozilla\Firefox\Profiles\niwuhutt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-07 20:54

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(964)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

- - - - - - - > 'winlogon.exe'(1544)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(4172)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

- - - - - - - > 'explorer.exe'(4808)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2011-06-07 20:55:54

ComboFix-quarantined-files.txt 2011-06-08 00:55

ComboFix2.txt 2011-06-02 00:09

.

Pre-Run: 154,491,387,904 bytes free

Post-Run: 154,582,564,864 bytes free

.

- - End Of File - - 163E32BA6B381059897B51FE80516374

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Eric Mills at 21:01:50 on 2011-06-07

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1292 [GMT -4:00]

.

AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Fitbit\fitbit.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\explorer.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070124

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [WD Anywhere Backup] c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe --silent

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://go.gwinnett.k12.ga.us/norcrossln01/iNotes6W.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170031684265

DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://go.gwinnett.k12.ga.us/norcrossln01/dwa85W.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://cadman.viewnetcam.com:50000/bl_camera.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {93B08541-9F6B-4697-9F9A-7058F1E33785} - hxxps://support.immucor.com/inquiero/mod/setup/ntractivex1182.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://secure.immucor.com/dana-cached/setup/JuniperSetupSP1.cab

DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxps://support.immucor.com/inquiero/mod/setup/ntractivex118_24.cab

TCP: Interfaces\{92A09D4F-A7AD-4284-A329-0CC94BC02AA7} : DhcpNameServer = 68.87.68.166 68.87.74.166

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\eric mills\application data\mozilla\firefox\profiles\niwuhutt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]

R2 Fitbit;Fitbit Data Uploader;c:\program files\fitbit\fitbit.exe [2010-5-14 777336]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-17 25824]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-26 24652]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]

S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2010-5-14 14848]

.

=============== Created Last 30 ================

.

2011-06-07 02:16:01 -------- d-----w- c:\program files\iPod

2011-06-07 02:15:58 -------- d-----w- c:\program files\iTunes

2011-06-07 02:10:59 -------- d-----w- c:\program files\Bonjour

2011-06-02 00:38:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-06-02 00:38:20 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-06-02 00:38:20 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-06-02 00:38:20 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-06-02 00:38:20 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-06-02 00:38:20 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-06-02 00:38:20 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-06-02 00:38:20 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-06-02 00:38:20 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-06-02 00:38:20 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-06-02 00:23:37 -------- d-----w- c:\program files\Malwarebytes

2011-06-01 23:55:27 -------- d-sha-r- C:\cmdcons

2011-06-01 23:52:03 98816 ----a-w- c:\windows\sed.exe

2011-06-01 23:52:03 518144 ----a-w- c:\windows\SWREG.exe

2011-06-01 23:52:03 256512 ----a-w- c:\windows\PEV.exe

2011-06-01 23:52:03 208896 ----a-w- c:\windows\MBR.exe

2011-06-01 23:47:55 -------- d-----w- c:\documents and settings\eric mills\local settings\application data\AskToolbar

2011-06-01 23:45:04 -------- d-----w- c:\documents and settings\eric mills\application data\Sammsoft

2011-06-01 23:44:53 -------- d-----w- c:\program files\Ask.com

2011-06-01 23:29:35 -------- d-----w- c:\program files\Panda Security

2011-06-01 10:25:02 4224 ----a-w- c:\windows\system32\beep.sys

2011-05-23 00:05:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

============= FINISH: 21:01:59.89 ===============

[screen317]

Hi,

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

• It promotes its toolbars on sites targeted at kids.
  
• It promotes its toolbars through ads that appear to be part of other companies' sites.
  
• It promotes its toolbars through other companies' spyware.
  
• It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  
• It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  
• It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
  

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

• 
  
• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  
• Viewpoint Toolbar
  

Let me know if you decided to uninstall it.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.
  

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[sampleinajar]

Results of screen317's Security Check version 0.99.13

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Smart Security

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Flash Player Out of Date!

Adobe Flash Player 10.0.42.34

Adobe Reader 8.2.6

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Thanks for the help. I removed both the ask toolbar and the viewpoint software. F scan just found a few cookies. The only thing left to fix is an unusual MS Word error that I should be able to take care of. Other than that things seem to be running fine. Thanks again I appreciate the help.

[screen317]

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Flash Player 10.0.42.34

Adobe Reader 8.2.6

Restart your computer.

Get the latest version of Adobe Reader and Adobe Flash Player.

Let me know what issues remain.

-screen317

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!