11 replies to this topic

[pattycake]

Unable to get rid of malware. Am using the latest free version This has been going on since Jan. I have ran a full virus scan with McAfee and these are the log files from MB and HJ this.. Please help. Thank you, pat


Malwarebytes' Anti-Malware 1.37
Database version: 2190
Windows 5.1.2600 Service Pack 3

5/28/2009 6:46:48 PM
mbam-log-2009-05-28 (18-46-33).txt two

Scan type: Quick Scan
Objects scanned: 88446
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\explore.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\services.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\comploader.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\SYSTEM32\socul.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\SYSTEM32\sodahk.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\SYSTEM32\unsocul.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\SYSTEM32\rundll.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\winhost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\server.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\winupd.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\sksdrvr2.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\svhost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\winsys.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\csrss.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\SYSTEM32\msupdate.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\SYSTEM32\win32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\SYSTEM32\msmsgs.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\SYSTEM32\skybot.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.
C:\csrss.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\svchost32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\0.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\windll.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\smss.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\SYSTEM32\iexplorer.exe (Trojan.Downloader) -> No action taken.
C:\winstall.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\SYSTEM32\klo5.sys (Stolen.Data) -> No action taken.
C:\WINDOWS\SYSTEM32\draw32.dll (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\c3.dll (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\cm.dll (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\sdmapi.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\boot32.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\vdnt32.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\memlow.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\c3.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\c4.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\hm.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\wd.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\winxp.exe (Backdoor.Poison) -> No action taken.
C:\WINDOWS\SYSTEM32\servises.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\msnmsgrs.exe (Trojan.Banker) -> No action taken.
C:\hellmsn.exe (Worm.Mytob) -> No action taken.
C:\WINDOWS\SYSTEM32\taskgmr32.exe (Worm.Mytob) -> No action taken.
C:\WINDOWS\SYSTEM32\svshost.exe (Adware.EasySearch) -> No action taken.
C:\WINDOWS\SYSTEM32\fuck.exe (Backdoor.Hupigon) -> No action taken.
C:\WINDOWS\SYSTEM32\mswins.exe (Backdoor.Sdbot) -> No action taken.
C:\WINDOWS\skynetave.exe (Worm.Sasser) -> No action taken.


Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:40:01 PM, on 5/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CapsUnlock\CapsUnlock.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11112 bytes

[AdvancedSetup]

The logs show that you did not tell MBAM to fix it. You need to tell MBAM to fix the problem.

Please follow the directions below and make sure you MBAM fix it.


Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

[pattycake]

AdvancedSetup, on May 29 2009, 08:16 PM, said:

The logs show that you did not tell MBAM to fix it. You need to tell MBAM to fix the problem.

Please follow the directions below and make sure you MBAM fix it.


Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log. Thanks for your patience

Sorry about sending the wrong copy.. These were just done this a.m.
Malwarebytes' Anti-Malware 1.37
Database version: 2190
Windows 5.1.2600 Service Pack 3

5/30/2009 8:02:35 AM
mbam-log-2009-05-30 (08-02-35).txt

Scan type: Quick Scan
Objects scanned: 90318
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\explore.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\services.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\comploader.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\socul.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sodahk.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\unsocul.exe (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\rundll.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\winhost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\server.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\winupd.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sksdrvr2.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\svhost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\winsys.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\csrss.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\msupdate.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\win32.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\msmsgs.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\skybot.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Delete on reboot.
C:\csrss.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\svchost32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\0.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\windll.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\smss.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\iexplorer.exe (Trojan.Downloader) -> Delete on reboot.
C:\winstall.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\klo5.sys (Stolen.Data) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\draw32.dll (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\c3.dll (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\cm.dll (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sdmapi.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\boot32.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\vdnt32.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\memlow.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\c3.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\c4.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\hm.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\wd.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\winxp.exe (Backdoor.Poison) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\servises.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\msnmsgrs.exe (Trojan.Banker) -> Delete on reboot.
C:\hellmsn.exe (Worm.Mytob) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\taskgmr32.exe (Worm.Mytob) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\svshost.exe (Adware.EasySearch) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\fuck.exe (Backdoor.Hupigon) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\mswins.exe (Backdoor.Sdbot) -> Delete on reboot.
C:\WINDOWS\skynetave.exe (Worm.Sasser) -> Delete on reboot.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:31 AM, on 5/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CapsUnlock\CapsUnlock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

[AdvancedSetup]

Please REBOOT as requested. Run MBAM again and check for updates again, then do another QUICK SCAN and post back the NEW log.


[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt

[/indent]

[pattycake]

AdvancedSetup, on May 31 2009, 12:02 AM, said:

Please REBOOT as requested. Run MBAM again and check for updates again, then do another QUICK SCAN and post back the NEW log.


[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt

[/indent]

I downloaded updates and ran scan, deleted all files and a restart with another scan..Also a copy of the DDS.txt and the Attach.txt is enclosed. Thank you for you help and patience

[pattycake]

Looks like one my Duh days..

Malwarebytes' Anti-Malware 1.37
Database version: 2203
Windows 5.1.2600 Service Pack 3

5/31/2009 2:27:08 PM
mbam-log-2009-05-31 (14-26-39).txt may 31

Scan type: Quick Scan
Objects scanned: 90631
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\explore.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\services.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\comploader.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\SYSTEM32\socul.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\SYSTEM32\sodahk.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\SYSTEM32\unsocul.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\SYSTEM32\rundll.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\winhost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\server.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\winupd.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\sksdrvr2.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\svhost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\winsys.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\csrss.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\SYSTEM32\msupdate.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\SYSTEM32\win32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\SYSTEM32\msmsgs.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\SYSTEM32\skybot.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.
C:\csrss.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\svchost32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\0.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\windll.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\smss.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\SYSTEM32\iexplorer.exe (Trojan.Downloader) -> No action taken.
C:\winstall.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\SYSTEM32\klo5.sys (Stolen.Data) -> No action taken.
C:\WINDOWS\SYSTEM32\draw32.dll (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\c3.dll (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\cm.dll (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\sdmapi.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\boot32.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\vdnt32.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\memlow.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\c3.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\c4.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\hm.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\wd.sys (Rootkit.Haxdor) -> No action taken.
C:\WINDOWS\SYSTEM32\winxp.exe (Backdoor.Poison) -> No action taken.
C:\WINDOWS\SYSTEM32\servises.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\msnmsgrs.exe (Trojan.Banker) -> No action taken.
C:\hellmsn.exe (Worm.Mytob) -> No action taken.
C:\WINDOWS\SYSTEM32\taskgmr32.exe (Worm.Mytob) -> No action taken.
C:\WINDOWS\SYSTEM32\svshost.exe (Adware.EasySearch) -> No action taken.
C:\WINDOWS\SYSTEM32\fuck.exe (Backdoor.Hupigon) -> No action taken.
C:\WINDOWS\SYSTEM32\mswins.exe (Backdoor.Sdbot) -> No action taken.
C:\WINDOWS\skynetave.exe (Worm.Sasser) -> No action taken.


Malwarebytes' Anti-Malware 1.37
Database version: 2203
Windows 5.1.2600 Service Pack 3

5/31/2009 2:58:47 PM
mbam-log-2009-05-31 (14-58-47).txt

Scan type: Quick Scan
Objects scanned: 90632
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\explore.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\services.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\comploader.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\socul.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sodahk.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\unsocul.exe (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\rundll.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\winhost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\server.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\winupd.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sksdrvr2.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\svhost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\winsys.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\csrss.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\iexplore.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\msupdate.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\win32.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\msmsgs.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\skybot.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Delete on reboot.
C:\csrss.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\svchost32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\0.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\windll.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\smss.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\iexplorer.exe (Trojan.Downloader) -> Delete on reboot.
C:\winstall.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\klo5.sys (Stolen.Data) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\draw32.dll (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\c3.dll (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\cm.dll (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sdmapi.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\boot32.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\vdnt32.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\memlow.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\c3.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\c4.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\hm.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\wd.sys (Rootkit.Haxdor) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\winxp.exe (Backdoor.Poison) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\servises.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\msnmsgrs.exe (Trojan.Banker) -> Delete on reboot.
C:\hellmsn.exe (Worm.Mytob) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\taskgmr32.exe (Worm.Mytob) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\svshost.exe (Adware.EasySearch) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\fuck.exe (Backdoor.Hupigon) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\mswins.exe (Backdoor.Sdbot) -> Delete on reboot.
C:\WINDOWS\skynetave.exe (Worm.Sasser) -> Delete on reboot.



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/28/2005 10:31:54 PM
System Uptime: 5/31/2009 3:02:42 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0F8403
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 34 GiB total, 19.043 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP116: 4/29/2009 5:55:01 PM - System Checkpoint
RP117: 4/30/2009 6:13:51 PM - System Checkpoint
RP118: 5/1/2009 6:24:51 PM - System Checkpoint
RP119: 5/2/2009 9:08:03 PM - System Checkpoint
RP120: 5/4/2009 9:49:01 AM - System Checkpoint
RP121: 5/5/2009 2:08:36 PM - System Checkpoint
RP122: 5/6/2009 2:56:37 PM - System Checkpoint
RP123: 5/7/2009 3:59:17 PM - System Checkpoint
RP124: 5/8/2009 4:23:46 PM - System Checkpoint
RP125: 5/9/2009 5:00:01 PM - System Checkpoint
RP126: 5/11/2009 6:31:25 AM - Installed Do not compress old files for Disk Cleanup Tool
RP127: 5/11/2009 8:51:20 AM - Installed MediaImpression
RP128: 5/11/2009 8:54:00 AM - Installed Connect Service
RP129: 5/11/2009 9:48:13 AM - Installed MediaImpression
RP130: 5/12/2009 10:09:40 AM - System Checkpoint
RP131: 5/13/2009 8:53:20 AM - Software Distribution Service 3.0
RP132: 5/13/2009 10:26:36 AM - Installed Windows Media Player 11
RP133: 5/13/2009 10:30:08 AM - Installed Windows XP MSCompPackV1.
RP134: 5/13/2009 4:40:40 PM - Removed MediaImpression
RP135: 5/14/2009 5:59:04 PM - System Checkpoint
RP136: 5/15/2009 7:07:21 PM - System Checkpoint
RP137: 5/16/2009 7:34:18 PM - System Checkpoint
RP138: 5/17/2009 7:36:57 PM - System Checkpoint
RP139: 5/19/2009 10:04:53 AM - System Checkpoint
RP140: 5/20/2009 10:18:08 AM - System Checkpoint
RP141: 5/21/2009 11:44:41 AM - System Checkpoint
RP142: 5/22/2009 12:11:04 PM - System Checkpoint
RP143: 5/23/2009 1:00:28 PM - System Checkpoint
RP144: 5/24/2009 1:12:10 PM - System Checkpoint
RP145: 5/25/2009 2:23:00 PM - System Checkpoint
RP146: 5/26/2009 2:33:52 PM - System Checkpoint
RP147: 5/27/2009 2:43:43 PM - System Checkpoint
RP148: 5/27/2009 9:24:58 PM - Software Distribution Service 3.0
RP149: 5/28/2009 7:25:46 AM - Installed Windows Internet Explorer 8.
RP150: 5/28/2009 7:27:17 AM - Software Distribution Service 3.0
RP151: 5/29/2009 8:26:39 AM - System Checkpoint
RP152: 5/30/2009 8:35:19 AM - System Checkpoint
RP153: 5/31/2009 1:54:28 PM - System Checkpoint

==== Installed Programs ======================


2004 Mahjongg Lite
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced Video FX Engine
Advanced WindowsCare
AiO_Scan_CDA
AiOSoftwareNPI
AnalogX SuperShredder
Anark Client 4
Apple Mobile Device Support
Apple Software Update
ARP++
Banctec Service Agreement
BufferChm
C3100
c3100_Help
Camera Support Core Library
Canon Camera Support Core Library
CCleaner (remove only)
Creative Software AutoUpdate
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Dell System Restore
Destinations
DeviceManagementQFolder
Digital Line Detect
DirectX for Managed Code Update (December 2004)
DocProc
DocProcQFolder
DriverAgent by TouchStone Software
eSupportQFolder
Fax_CDA
Get High Speed Internet!
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Photosmart Essential
HP Update
HPPhotoSmartExpress
HPProductAssistant
ieSpell
Inpaint
InstantShareDevicesMFC
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
Java™ 6 Update 12
Java™ 6 Update 5
Java™ 6 Update 6
Java™ 6 Update 7
Jing
KeyScrambler
Learn2 Player (Uninstall Only)
MAGIX FunPix Maker 1.0.0.0 (US)
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
MFC RunTime files
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Managed DirectX (1126)
Microsoft Plus! Digital Media Edition Installer
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Moraff's MomJongg 1.00
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
My Way Search Assistant
NetWaiting
NewCopy_CDA
Online Armor 3.5
OpenWith.org 1.0.3
PanoStandAlone
Photo Viewer
PhotoWipe 1.0
Picasa 3
ProductContextNPI
QuickTime
Readme
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
SolutionCenter
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spell Checker For OE 2.1
Spybot - Search & Destroy
SpywareBlaster 4.2
Status
Toolbox
TrayApp
Tweak UI
Unload
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VSO Image Resizer 2.1.8.2
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Wise Disk Cleaner 4.23
Wise Registry Cleaner 4 Free 4.24
WordPerfect Office 12
WorldStart Clipboard Cleaner 1.0
WOT for Internet Explorer

==== Event Viewer Messages From Past Week ========

5/28/2009 7:31:40 AM, error: Service Control Manager [7000] - The Windows Service Pack Installer update service service failed to start due to the following error: Access is denied.
5/28/2009 4:09:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
5/28/2009 4:09:07 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
5/27/2009 9:25:24 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.

==== End Of File ===========================
DDS (Ver_09-05-14.01) - NTFSx86
Run by possumpaw at 15:09:17.18 on Sun 05/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1504 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: MacroVirus *On-access scanning enabled* (Updated) {F9E4702E-3C38-4D63-A9B1-5262F1F7A873}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CapsUnlock\CapsUnlock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\possumpaw\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.comcast.net/
mStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {08E74C67-99A6-45C7-94DA-A397A8FD8082} - No File
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: {2884A2D1-2114-4799-9D18-ED60EE30BE66} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Update Service] c:\progra~1\common~1\teknum~1\update.exe /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
StartupFolder: c:\docume~1\possum~1\startm~1\programs\startup\capsun~1.lnk - c:\program files\capsunlock\CapsUnlock.exe
StartupFolder: c:\docume~1\possum~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: NoNetworkConnections = 01000000
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
LSA: Notification Packages = :\windows\system3

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-4-11 3968]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-13 201320]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-5-26 198224]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-5-26 31824]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-5-26 29776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-10-13 359248]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2007-10-13 144704]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-5-26 361672]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-5-26 3052744]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-8-1 24652]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-5-13 114024]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-10-13 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-13 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-13 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-13 40488]
S0 xurrtcy;xurrtcy;c:\windows\system32\drivers\hqnc.sys --> c:\windows\system32\drivers\hqnc.sys [?]
S3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);c:\windows\system32\drivers\FLMckUSB.sys [2006-6-18 67159]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-13 33832]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2008-2-27 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2008-2-27 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2008-2-27 170368]

=============== Created Last 30 ================

2009-05-30 08:06 61,440 a------- c:\windows\system32\drivers\orsfojiw.sys
2009-05-28 16:02 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-28 16:02 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-28 16:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-28 07:38 <DIR> --dsh--- c:\documents and settings\possumpaw\IECompatCache
2009-05-28 07:35 <DIR> --dsh--- c:\documents and settings\possumpaw\PrivacIE
2009-05-28 07:30 <DIR> --dsh--- c:\documents and settings\possumpaw\IETldCache
2009-05-28 07:28 <DIR> --d----- c:\windows\ie8updates
2009-05-28 07:24 78,336 a------- c:\windows\system32\ieencode.dll
2009-05-28 07:24 78,336 a------- c:\windows\system32\dllcache\ieencode.dll
2009-05-28 07:24 68,608 a------- c:\windows\system32\dllcache\plugin.ocx
2009-05-28 07:21 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-26 18:13 <DIR> --d----- c:\docume~1\possum~1\applic~1\OnlineArmor
2009-05-26 18:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OnlineArmor
2009-05-26 18:13 198,224 a------- c:\windows\system32\drivers\OADriver.sys
2009-05-26 18:13 31,824 a------- c:\windows\system32\drivers\OAmon.sys
2009-05-26 18:13 29,776 a------- c:\windows\system32\drivers\OAnet.sys
2009-05-26 09:01 <DIR> --d----- c:\program files\Tall Emu
2009-05-13 12:06 114,024 a------- c:\windows\system32\drivers\keyscrambler.sys
2009-05-13 12:06 <DIR> --d----- c:\program files\KeyScrambler
2009-05-12 20:00 <DIR> --d----- c:\docume~1\possum~1\applic~1\RevoluTV
2009-05-12 16:58 <DIR> --d----- c:\docume~1\possum~1\applic~1\XnView
2009-05-11 06:07 <DIR> --d----- c:\docume~1\possum~1\applic~1\ieSpell
2009-05-07 07:50 <DIR> --d----- c:\docume~1\possum~1\applic~1\IObit
2009-05-01 17:57 <DIR> --d----- c:\program files\CCleaner

==================== Find3M ====================

2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-09 14:18 47,044 a---h--- c:\windows\system32\mlfcache.dat
2009-03-21 07:06 989,696 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 18:14 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2006-09-17 21:20 232 -c--hr-- c:\program files\common files\winsoftware
2006-09-17 21:20 226 -c--hr-- c:\program files\common files\ucontrol
2006-09-17 21:20 226 -c--hr-- c:\program files\common files\sogou pxp
2006-09-17 21:20 232 -c--hr-- c:\program files\common files\wqzq
2006-09-17 21:20 230 -c--hr-- c:\program files\common files\msiets
2006-09-17 21:20 230 -c--hr-- c:\program files\common files\btlink
2006-09-17 21:20 248 -c--hr-- c:\program files\common files\eacceleration
2006-09-17 21:20 236 -c--hr-- c:\program files\common files\psd tools
2006-09-17 21:20 228 -c--hr-- c:\program files\common files\gmt
2006-09-17 21:20 228 -c--hr-- c:\program files\common files\cmeii

============= FINISH: 15:11:39.51 ===============
DDS (Ver_09-05-14.01) - NTFSx86
Run by possumpaw at 15:09:17.18 on Sun 05/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1504 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: MacroVirus *On-access scanning enabled* (Updated) {F9E4702E-3C38-4D63-A9B1-5262F1F7A873}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CapsUnlock\CapsUnlock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\possumpaw\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.comcast.net/
mStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {08E74C67-99A6-45C7-94DA-A397A8FD8082} - No File
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: {2884A2D1-2114-4799-9D18-ED60EE30BE66} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Update Service] c:\progra~1\common~1\teknum~1\update.exe /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
StartupFolder: c:\docume~1\possum~1\startm~1\programs\startup\capsun~1.lnk - c:\program files\capsunlock\CapsUnlock.exe
StartupFolder: c:\docume~1\possum~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: NoNetworkConnections = 01000000
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
LSA: Notification Packages = :\windows\system3

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-4-11 3968]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-13 201320]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-5-26 198224]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-5-26 31824]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-5-26 29776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-10-13 359248]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2007-10-13 144704]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-5-26 361672]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-5-26 3052744]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-8-1 24652]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-5-13 114024]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-10-13 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-13 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-13 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-13 40488]
S0 xurrtcy;xurrtcy;c:\windows\system32\drivers\hqnc.sys --> c:\windows\system32\drivers\hqnc.sys [?]
S3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);c:\windows\system32\drivers\FLMckUSB.sys [2006-6-18 67159]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-13 33832]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2008-2-27 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2008-2-27 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2008-2-27 170368]

=============== Created Last 30 ================

2009-05-30 08:06 61,440 a------- c:\windows\system32\drivers\orsfojiw.sys
2009-05-28 16:02 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-28 16:02 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-28 16:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-28 07:38 <DIR> --dsh--- c:\documents and settings\possumpaw\IECompatCache
2009-05-28 07:35 <DIR> --dsh--- c:\documents and settings\possumpaw\PrivacIE
2009-05-28 07:30 <DIR> --dsh--- c:\documents and settings\possumpaw\IETldCache
2009-05-28 07:28 <DIR> --d----- c:\windows\ie8updates
2009-05-28 07:24 78,336 a------- c:\windows\system32\ieencode.dll
2009-05-28 07:24 78,336 a------- c:\windows\system32\dllcache\ieencode.dll
2009-05-28 07:24 68,608 a------- c:\windows\system32\dllcache\plugin.ocx
2009-05-28 07:21 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-26 18:13 <DIR> --d----- c:\docume~1\possum~1\applic~1\OnlineArmor
2009-05-26 18:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OnlineArmor
2009-05-26 18:13 198,224 a------- c:\windows\system32\drivers\OADriver.sys
2009-05-26 18:13 31,824 a------- c:\windows\system32\drivers\OAmon.sys
2009-05-26 18:13 29,776 a------- c:\windows\system32\drivers\OAnet.sys
2009-05-26 09:01 <DIR> --d----- c:\program files\Tall Emu
2009-05-13 12:06 114,024 a------- c:\windows\system32\drivers\keyscrambler.sys
2009-05-13 12:06 <DIR> --d----- c:\program files\KeyScrambler
2009-05-12 20:00 <DIR> --d----- c:\docume~1\possum~1\applic~1\RevoluTV
2009-05-12 16:58 <DIR> --d----- c:\docume~1\possum~1\applic~1\XnView
2009-05-11 06:07 <DIR> --d----- c:\docume~1\possum~1\applic~1\ieSpell
2009-05-07 07:50 <DIR> --d----- c:\docume~1\possum~1\applic~1\IObit
2009-05-01 17:57 <DIR> --d----- c:\program files\CCleaner

==================== Find3M ====================

2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-09 14:18 47,044 a---h--- c:\windows\system32\mlfcache.dat
2009-03-21 07:06 989,696 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 18:14 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2006-09-17 21:20 232 -c--hr-- c:\program files\common files\winsoftware
2006-09-17 21:20 226 -c--hr-- c:\program files\common files\ucontrol
2006-09-17 21:20 226 -c--hr-- c:\program files\common files\sogou pxp
2006-09-17 21:20 232 -c--hr-- c:\program files\common files\wqzq
2006-09-17 21:20 230 -c--hr-- c:\program files\common files\msiets
2006-09-17 21:20 230 -c--hr-- c:\program files\common files\btlink
2006-09-17 21:20 248 -c--hr-- c:\program files\common files\eacceleration
2006-09-17 21:20 236 -c--hr-- c:\program files\common files\psd tools
2006-09-17 21:20 228 -c--hr-- c:\program files\common files\gmt
2006-09-17 21:20 228 -c--hr-- c:\program files\common files\cmeii

============= FINISH: 15:11:39.51 ===============
DDS (Ver_09-05-14.01) - NTFSx86
Run by possumpaw at 15:09:17.18 on Sun 05/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1504 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: MacroVirus *On-access scanning enabled* (Updated) {F9E4702E-3C38-4D63-A9B1-5262F1F7A873}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CapsUnlock\CapsUnlock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\possumpaw\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.comcast.net/
mStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {08E74C67-99A6-45C7-94DA-A397A8FD8082} - No File
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: {2884A2D1-2114-4799-9D18-ED60EE30BE66} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Update Service] c:\progra~1\common~1\teknum~1\update.exe /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
StartupFolder: c:\docume~1\possum~1\startm~1\programs\startup\capsun~1.lnk - c:\program files\capsunlock\CapsUnlock.exe
StartupFolder: c:\docume~1\possum~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: NoNetworkConnections = 01000000
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
LSA: Notification Packages = :\windows\system3

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-4-11 3968]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-13 201320]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-5-26 198224]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-5-26 31824]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-5-26 29776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-10-13 359248]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2007-10-13 144704]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-5-26 361672]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2009-5-26 3052744]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-8-1 24652]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-5-13 114024]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-10-13 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-13 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-13 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-13 40488]
S0 xurrtcy;xurrtcy;c:\windows\system32\drivers\hqnc.sys --> c:\windows\system32\drivers\hqnc.sys [?]
S3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);c:\windows\system32\drivers\FLMckUSB.sys [2006-6-18 67159]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-13 33832]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2008-2-27 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2008-2-27 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2008-2-27 170368]

=============== Created Last 30 ================

2009-05-30 08:06 61,440 a------- c:\windows\system32\drivers\orsfojiw.sys
2009-05-28 16:02 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-28 16:02 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-28 16:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-28 07:38 <DIR> --dsh--- c:\documents and settings\possumpaw\IECompatCache
2009-05-28 07:35 <DIR> --dsh--- c:\documents and settings\possumpaw\PrivacIE
2009-05-28 07:30 <DIR> --dsh--- c:\documents and settings\possumpaw\IETldCache
2009-05-28 07:28 <DIR> --d----- c:\windows\ie8updates
2009-05-28 07:24 78,336 a------- c:\windows\system32\ieencode.dll
2009-05-28 07:24 78,336 a------- c:\windows\system32\dllcache\ieencode.dll
2009-05-28 07:24 68,608 a------- c:\windows\system32\dllcache\plugin.ocx
2009-05-28 07:21 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-26 18:13 <DIR> --d----- c:\docume~1\possum~1\applic~1\OnlineArmor
2009-05-26 18:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OnlineArmor
2009-05-26 18:13 198,224 a------- c:\windows\system32\drivers\OADriver.sys
2009-05-26 18:13 31,824 a------- c:\windows\system32\drivers\OAmon.sys
2009-05-26 18:13 29,776 a------- c:\windows\system32\drivers\OAnet.sys
2009-05-26 09:01 <DIR> --d----- c:\program files\Tall Emu
2009-05-13 12:06 114,024 a------- c:\windows\system32\drivers\keyscrambler.sys
2009-05-13 12:06 <DIR> --d----- c:\program files\KeyScrambler
2009-05-12 20:00 <DIR> --d----- c:\docume~1\possum~1\applic~1\RevoluTV
2009-05-12 16:58 <DIR> --d----- c:\docume~1\possum~1\applic~1\XnView
2009-05-11 06:07 <DIR> --d----- c:\docume~1\possum~1\applic~1\ieSpell
2009-05-07 07:50 <DIR> --d----- c:\docume~1\possum~1\applic~1\IObit
2009-05-01 17:57 <DIR> --d----- c:\program files\CCleaner

==================== Find3M ====================

2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-09 14:18 47,044 a---h--- c:\windows\system32\mlfcache.dat
2009-03-21 07:06 989,696 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 18:14 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2006-09-17 21:20 232 -c--hr-- c:\program files\common files\winsoftware
2006-09-17 21:20 226 -c--hr-- c:\program files\common files\ucontrol
2006-09-17 21:20 226 -c--hr-- c:\program files\common files\sogou pxp
2006-09-17 21:20 232 -c--hr-- c:\program files\common files\wqzq
2006-09-17 21:20 230 -c--hr-- c:\program files\common files\msiets
2006-09-17 21:20 230 -c--hr-- c:\program files\common files\btlink
2006-09-17 21:20 248 -c--hr-- c:\program files\common files\eacceleration
2006-09-17 21:20 236 -c--hr-- c:\program files\common files\psd tools
2006-09-17 21:20 228 -c--hr-- c:\program files\common files\gmt
2006-09-17 21:20 228 -c--hr-- c:\program files\common files\cmeii

============= FINISH: 15:11:39.51 ===============

[AdvancedSetup]

[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Yes to allow ComboFix to continue scanning for malware.
  
• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

[/indent]

[pattycake]

I downloaded "ComboFix" to the desktop and read all of the directions. It then installed the Windows Recovery Console. It did run a scan but I could never locate the report... It would say "deleting folders" and then restart my computer but there was never a report anywhere. I tried a "search" last night and let it run all night...it was still searching this a.m. I tried downloading and installing ComboFix from another of the suggested sites, with the same results.. What to do??

[AdvancedSetup]

It should be right there at the top of C:\

C:\ComboFix.txt

Start NOTEPAD and do File/Open and go to the top of your C: volume and see if you can find it or one with Combofix in the name and post that.

[AdvancedSetup]

Please let me know what's going on or if you need to run a different scanner.

If you can not find this log file then please run this AV scanner.


Please download to your Desktop: Dr.Web CureIt

• After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  
• Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click on the Complete scan radio button.
  
• Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  
• Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  
• On the File types tab ensure you select All files
  
• Click on the Actions tab and set the following:
  
  • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    
  • Infected packages Archive = Move, E-mails = Report, Containers = Move
    
  • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    
  • Do not change the Rename extension - default is: #??
    
  • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    
  • Leave prompt on Action checked
• On the Log file tab leave the Log to file checked.
  
• Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log
  
• Log mode = Append
  
• Encoding = ANSI
  
• Details Leave Names of file packers and Statistics checked.
  
• Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.
  
• On the General tab leave the Scan Priority on High
  
• Click the Apply button at the bottom, and then the OK button.
  
• On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.
  
• In this mode it will scan Boot sectors of all disks, All removable media, and all local drives
  
• The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.
  
• When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.
  
• Click 'Yes to all' if it asks if you want to cure/move the files.
  
• This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
  
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.
  [indent][/indent]

[AdvancedSetup]

Getting lonely here.... please post an update so I know you're still with us.

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.