13 replies to this topic

[CalFRKZ]

Hi Internet Explorer is redirecting me to urtbk even though I have deleted IE in remove programs. I scanned with Mcafee and found nothing days ago when these problems accord but now it will redirect me and not let me scan at all. Also when I try to put up the firewall it tries to stop me but I still can. Ad-Aware and malwarebytes will not run at all. Spysweeper will but it unable to pick up anything. While I type this a quicktime program as well as two others had to close due to an error.

My responses may be slow cause when IE explorer comes up it will occasionally lock up the PC. I can't run in safemode as I get a blue screen saying there is an error.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:56 PM, on 10/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\UltraDVD\DVDMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Verizon_Installer_UninstallTracking] "C:\DOCUME~1\CECELI~1\LOCALS~1\Temp\IHU51.tmp.exe" /uninstalltrackingvendor=Verizon_Installer
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [UltraDVDMon] "C:\Program Files\UltraDVD\DVDMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jon Howard\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...20Installer.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab57176.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: seyoseje.dll c:\windows\system32\ruzomivu.dll
O21 - SSODL: gehuyikek - {b1ca7d1c-d37f-4ea3-a6d8-83a3b5e32477} - c:\windows\system32\ruzomivu.dll
O22 - SharedTaskScheduler: mujuzedij - {b1ca7d1c-d37f-4ea3-a6d8-83a3b5e32477} - c:\windows\system32\ruzomivu.dll
O23 - Service: 0089591239918587mcinstcleanup - - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: HWCKBNFUUNFOEYKK - Unknown owner - C:\DOCUME~1\JONHOW~1\LOCALS~1\Temp\HWCKBNFUUNFOEYKK.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JDMPTTLW - Unknown owner - C:\DOCUME~1\JONHOW~1\LOCALS~1\Temp\JDMPTTLW.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: UIOFFADZNUM - Unknown owner - C:\DOCUME~1\JONHOW~1\LOCALS~1\Temp\UIOFFADZNUM.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 12881 bytes

[sUBs]

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

Post the log from ComboFix when you've accomplished that.

[CalFRKZ]

ComboFix 09-10-15.01 - Jon Howard 10/15/2009 19:07.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.137 [GMT -4:00]
Running from: c:\documents and settings\Jon Howard\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\Webroot\SPYSWE~1\Backup\ntSVc.ocx
c:\program files\Need2Find
c:\program files\Need2Find\bar\History\search
c:\windows\system32\_003562_.tmp.dll
c:\windows\system32\_003563_.tmp.dll
c:\windows\system32\_003564_.tmp.dll
c:\windows\system32\_003565_.tmp.dll
c:\windows\system32\_003572_.tmp.dll
c:\windows\system32\_003573_.tmp.dll
c:\windows\system32\_003574_.tmp.dll
c:\windows\system32\_003575_.tmp.dll
c:\windows\system32\_003576_.tmp.dll
c:\windows\system32\_003577_.tmp.dll
c:\windows\system32\_003578_.tmp.dll
c:\windows\system32\_003579_.tmp.dll
c:\windows\system32\_003580_.tmp.dll
c:\windows\system32\_003581_.tmp.dll
c:\windows\system32\_003582_.tmp.dll
c:\windows\system32\_003583_.tmp.dll
c:\windows\system32\_003584_.tmp.dll
c:\windows\system32\_003585_.tmp.dll
c:\windows\system32\_003586_.tmp.dll
c:\windows\system32\_003587_.tmp.dll
c:\windows\system32\_003588_.tmp.dll
c:\windows\system32\_003589_.tmp.dll
c:\windows\system32\_003590_.tmp.dll
c:\windows\system32\_003591_.tmp.dll
c:\windows\system32\_003592_.tmp.dll
c:\windows\system32\_003593_.tmp.dll
c:\windows\system32\_003594_.tmp.dll
c:\windows\system32\_003595_.tmp.dll
c:\windows\system32\_003596_.tmp.dll
c:\windows\system32\_003597_.tmp.dll
c:\windows\system32\_003598_.tmp.dll
c:\windows\system32\_003599_.tmp.dll
c:\windows\system32\_003600_.tmp.dll
c:\windows\system32\_003601_.tmp.dll
c:\windows\system32\_003602_.tmp.dll
c:\windows\system32\_003603_.tmp.dll
c:\windows\system32\_003604_.tmp.dll
c:\windows\system32\_003605_.tmp.dll
c:\windows\system32\_003606_.tmp.dll
c:\windows\system32\_003607_.tmp.dll
c:\windows\system32\_003608_.tmp.dll
c:\windows\system32\_003609_.tmp.dll
c:\windows\system32\_003610_.tmp.dll
c:\windows\system32\_003611_.tmp.dll
c:\windows\system32\_003612_.tmp.dll
c:\windows\system32\_003613_.tmp.dll
c:\windows\system32\_003614_.tmp.dll
c:\windows\system32\_003616_.tmp.dll
c:\windows\system32\_003617_.tmp.dll
c:\windows\system32\_003618_.tmp.dll
c:\windows\system32\_003620_.tmp.dll
c:\windows\system32\_003621_.tmp.dll
c:\windows\system32\_003622_.tmp.dll
c:\windows\system32\_003623_.tmp.dll
c:\windows\system32\_003624_.tmp.dll
c:\windows\system32\_003625_.tmp.dll
c:\windows\system32\_003626_.tmp.dll
c:\windows\system32\_003627_.tmp.dll
c:\windows\system32\_003628_.tmp.dll
c:\windows\system32\_003629_.tmp.dll
c:\windows\system32\_003630_.tmp.dll
c:\windows\system32\_003632_.tmp.dll
c:\windows\system32\_003633_.tmp.dll
c:\windows\system32\_003634_.tmp.dll
c:\windows\system32\_003635_.tmp.dll
c:\windows\system32\_003637_.tmp.dll
c:\windows\system32\_003639_.tmp.dll
c:\windows\system32\_003640_.tmp.dll
c:\windows\system32\_003641_.tmp.dll
c:\windows\system32\_003642_.tmp.dll
c:\windows\system32\_003643_.tmp.dll
c:\windows\system32\_003644_.tmp.dll
c:\windows\system32\_003645_.tmp.dll
c:\windows\system32\_003647_.tmp.dll
c:\windows\system32\_003648_.tmp.dll
c:\windows\system32\_003649_.tmp.dll
c:\windows\system32\_003650_.tmp.dll
c:\windows\system32\_003651_.tmp.dll
c:\windows\system32\_003652_.tmp.dll
c:\windows\system32\_003653_.tmp.dll
c:\windows\system32\_003654_.tmp.dll
c:\windows\system32\_003655_.tmp.dll
c:\windows\system32\_003656_.tmp.dll
c:\windows\system32\_003657_.tmp.dll
c:\windows\system32\_003658_.tmp.dll
c:\windows\system32\_003659_.tmp.dll
c:\windows\system32\_003660_.tmp.dll
c:\windows\system32\_003661_.tmp.dll
c:\windows\system32\_003662_.tmp.dll
c:\windows\system32\_003663_.tmp.dll
c:\windows\system32\_003664_.tmp.dll
c:\windows\system32\_003666_.tmp.dll
c:\windows\system32\_003667_.tmp.dll
c:\windows\system32\_003668_.tmp.dll
c:\windows\system32\_003669_.tmp.dll
c:\windows\system32\_003670_.tmp.dll
c:\windows\system32\_003673_.tmp.dll
c:\windows\system32\_003674_.tmp.dll
c:\windows\system32\_003675_.tmp.dll
c:\windows\system32\_003676_.tmp.dll
c:\windows\system32\_003677_.tmp.dll
c:\windows\system32\_003678_.tmp.dll
c:\windows\system32\_003679_.tmp.dll
c:\windows\system32\_003681_.tmp.dll
c:\windows\system32\_003682_.tmp.dll
c:\windows\system32\_003683_.tmp.dll
c:\windows\system32\_003684_.tmp.dll
c:\windows\system32\_003685_.tmp.dll
c:\windows\system32\_003686_.tmp.dll
c:\windows\system32\_003687_.tmp.dll
c:\windows\system32\_003688_.tmp.dll
c:\windows\system32\_003690_.tmp.dll
c:\windows\system32\_003691_.tmp.dll
c:\windows\system32\_003692_.tmp.dll
c:\windows\system32\_003693_.tmp.dll
c:\windows\system32\_003696_.tmp.dll
c:\windows\system32\_003697_.tmp.dll
c:\windows\system32\_003701_.tmp.dll
c:\windows\system32\_003702_.tmp.dll
c:\windows\system32\_003704_.tmp.dll
c:\windows\system32\_003707_.tmp.dll
c:\windows\system32\_003709_.tmp.dll
c:\windows\system32\_003710_.tmp.dll
c:\windows\system32\_003711_.tmp.dll
c:\windows\system32\_003712_.tmp.dll
c:\windows\system32\_003715_.tmp.dll
c:\windows\system32\_003716_.tmp.dll
c:\windows\system32\_003717_.tmp.dll
c:\windows\system32\_003718_.tmp.dll
c:\windows\system32\_003719_.tmp.dll
c:\windows\system32\_003724_.tmp.dll
c:\windows\system32\_003726_.tmp.dll
c:\windows\system32\_005727_.tmp.dll
c:\windows\system32\_005728_.tmp.dll
c:\windows\system32\_005729_.tmp.dll
c:\windows\system32\_005730_.tmp.dll
c:\windows\system32\_005737_.tmp.dll
c:\windows\system32\_005738_.tmp.dll
c:\windows\system32\_005739_.tmp.dll
c:\windows\system32\_005740_.tmp.dll
c:\windows\system32\_005742_.tmp.dll
c:\windows\system32\_005743_.tmp.dll
c:\windows\system32\_005746_.tmp.dll
c:\windows\system32\_005747_.tmp.dll
c:\windows\system32\_005749_.tmp.dll
c:\windows\system32\_005750_.tmp.dll
c:\windows\system32\_005751_.tmp.dll
c:\windows\system32\_005753_.tmp.dll
c:\windows\system32\_005756_.tmp.dll
c:\windows\system32\_005757_.tmp.dll
c:\windows\system32\_005761_.tmp.dll
c:\windows\system32\_005762_.tmp.dll
c:\windows\system32\_005764_.tmp.dll
c:\windows\system32\_005767_.tmp.dll
c:\windows\system32\_005769_.tmp.dll
c:\windows\system32\_005770_.tmp.dll
c:\windows\system32\_005771_.tmp.dll
c:\windows\system32\_005772_.tmp.dll
c:\windows\system32\_005773_.tmp.dll
c:\windows\system32\_005776_.tmp.dll
c:\windows\system32\_005777_.tmp.dll
c:\windows\system32\_005778_.tmp.dll
c:\windows\system32\_005779_.tmp.dll
c:\windows\system32\_005780_.tmp.dll
c:\windows\system32\_005785_.tmp.dll
c:\windows\system32\_005787_.tmp.dll
c:\windows\system32\_005788_.tmp.dll
c:\windows\system32\benituyo.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\geyekrclkxandi.sys
c:\windows\system32\fumepaha.dll
c:\windows\system32\gajukilu.dll
c:\windows\system32\gemewoda.dll
c:\windows\system32\geyekrjaomejmt.dat
c:\windows\system32\geyekroivsaodj.dat
c:\windows\system32\hapoyivu.dll
c:\windows\system32\jabayasa.dll
c:\windows\system32\japidahu.dll
c:\windows\system32\lutayesi.dll
c:\windows\system32\luzabigu.dll
c:\windows\system32\nupikufo.dll
c:\windows\system32\ruzomivu.dll
c:\windows\system32\semefase.dll
c:\windows\system32\vipafiyu.dll
c:\windows\system32\wewidilu.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_geyekrojdjwqro
-------\Service_geyekrojdjwqro


((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-12 22:19 . 2009-10-12 22:19 -------- d-----w- c:\program files\Uniblue
2009-10-12 22:12 . 2009-10-12 22:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-10-07 17:06 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-07 17:06 . 2009-10-07 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-07 17:06 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-07 17:06 . 2009-10-07 17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 14:29 . 2009-10-06 14:29 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\Malwarebytes
2009-10-05 18:31 . 2009-10-05 18:31 -------- d-sh--w- c:\documents and settings\Jon Howard\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 23:49 . 2008-10-17 18:47 -------- d-----w- c:\program files\DNA
2009-10-15 23:49 . 2008-10-17 18:47 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\DNA
2009-10-15 22:18 . 2008-08-07 06:11 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\Skype
2009-10-15 22:17 . 2008-08-07 06:16 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\skypePM
2009-10-02 11:22 . 2007-09-19 20:40 -------- d-----w- c:\program files\Guitar Pro 4
2009-09-26 06:33 . 2009-08-24 18:15 -------- d-----w- c:\program files\Verizon
2009-09-18 03:52 . 2009-05-11 00:30 -------- d-----w- c:\program files\MSN Messenger
2009-09-18 03:29 . 2008-03-05 09:02 -------- d-----w- c:\program files\Windows Live
2009-09-18 03:25 . 2005-04-10 00:37 45072 ----a-w- c:\documents and settings\Jon Howard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 23:06 . 2009-09-15 23:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-15 22:51 . 2007-02-21 00:31 -------- d-----w- c:\program files\McAfee
2009-09-15 20:03 . 2009-09-15 20:03 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\Motive
2009-09-15 04:09 . 2007-02-21 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-12 00:27 . 2008-08-29 00:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-10 07:34 . 2005-04-10 01:41 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\BitTorrent
2009-08-24 23:31 . 2009-08-24 23:31 -------- d-----w- c:\program files\Radialpoint
2009-08-24 23:03 . 2009-08-24 23:03 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\Verizon
2009-08-24 19:20 . 2009-08-24 19:20 -------- d-----w- c:\documents and settings\Cecelia Howard\Application Data\Verizon
2009-08-24 19:20 . 2009-08-24 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
2009-08-24 19:20 . 2009-08-24 19:20 -------- d-----w- c:\program files\Verizon Broadband Firefox Toolbar
2009-08-24 19:18 . 2009-08-24 19:18 -------- d-----w- c:\program files\verizon_broad
2009-08-24 19:18 . 2009-08-24 19:18 -------- d-----w- c:\documents and settings\Cecelia Howard\Application Data\verizon_broad
2009-08-24 18:34 . 2009-08-24 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-08-24 18:29 . 2009-08-24 18:29 -------- d-----w- c:\documents and settings\Cecelia Howard\Application Data\Motive
2009-08-24 18:28 . 2009-08-24 18:24 -------- d-----w- c:\program files\Common Files\Motive
2009-08-05 09:11 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2006-03-26 10:25 . 2006-03-26 10:25 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-03-05 21:02 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 4670968]
"UltraDVDMon"="c:\program files\UltraDVD\DVDMon.exe" [2002-12-25 337920]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-23 21738792]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-27 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-19 155648]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-27 148888]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1154223111\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\rtcshare.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 0089591239918587mcinstcleanup;0089591239918587mcinstcleanup; [x]
R3 cpuz130;cpuz130;c:\docume~1\JONHOW~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]
R3 HWCKBNFUUNFOEYKK;HWCKBNFUUNFOEYKK;c:\docume~1\JONHOW~1\LOCALS~1\Temp\HWCKBNFUUNFOEYKK.exe [x]
R3 JDMPTTLW;JDMPTTLW;c:\docume~1\JONHOW~1\LOCALS~1\Temp\JDMPTTLW.exe [x]
R3 UIOFFADZNUM;UIOFFADZNUM;c:\docume~1\JONHOW~1\LOCALS~1\Temp\UIOFFADZNUM.exe [x]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-04-21 29808]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-08-26 92296]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-05-27 1205760]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-21 15:53]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-21 15:53]

2009-10-09 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-09-05 19:40]

2009-10-09 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-09-05 19:40]

2009-10-09 c:\windows\Tasks\wrSpySweeper_L77347054F3874A0CA33EE36BA4FA08CD.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-09-05 19:40]

2009-10-09 c:\windows\Tasks\wrSpySweeper_L77347054F3874A0CA33EE36BA4FA08CD.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-09-05 19:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.msn.com
mSearchAssistant = hxxp://www.google.com/ie
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Search - http://kl.bar.need2f...earch.html?p=KL
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jon Howard\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Jon Howard\Application Data\Mozilla\Firefox\Profiles\7539rho8.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-Verizon_Installer_UninstallTracking - c:\docume~1\CECELI~1\LOCALS~1\Temp\IHU51.tmp.exe
SharedTaskScheduler-{347ac899-800e-4418-a963-8011189f6f2e} - c:\windows\system32\japidahu.dll
SharedTaskScheduler-{fdefc84f-ec22-4060-836d-9c784e31e782} - c:\windows\system32\ruzomivu.dll
SSODL-tonulifel-{347ac899-800e-4418-a963-8011189f6f2e} - c:\windows\system32\japidahu.dll
SSODL-nutededek-{fdefc84f-ec22-4060-836d-9c784e31e782} - c:\windows\system32\ruzomivu.dll
Notify-dimsntfy - (no file)
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 19:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3472)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\wanmpsvc.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Webroot\Spy Sweeper\SSU.exe
.
**************************************************************************
.
Completion time: 2009-10-15 20:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-16 00:25

Pre-Run: 4,634,718,208 bytes free
Post-Run: 5,755,551,744 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

417 --- E O F --- 2009-09-10 07:29

[sUBs]

Open NOTEPAD and copy/paste the text in the quotebox below into it:

DRIVER::
cpuz130
HWCKBNFUUNFOEYKK
JDMPTTLW
UIOFFADZNUM

Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingc...e.php?channel=4


---------------


ESET Online Scanner

• Please go to the following link ESET Online Scanner Link
  
• Tick the box YES, I accept the Terms Of Use
  
• Click the Start button
  
• Now click the Install button
  
• Click Start
  
  The scanner engine will initialise and update
  
  
• Do Not tick the box Remove found threats
  
• Click the Scan button
  
  The scan will now run, please be patient
  
  
• When the scan finishes click the Details tab
  
• Copy and paste the contents of the C:\Program Files\EsetOnlineScanner\log.txt back here.

---------------


In your next post, please include fresh logs from:

• Online scan
  
• ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[CalFRKZ]

There is no zip file in the quarantine folder. There is catchme notepad files but nothing else.

Also when the PC would restart after scanning I would get the message catchme.cfxxe could not be initialized due to restart.

I haven't scanned with the next program cause I thought it would mess up the results of the combofix zip file you wanted. Here are my results from my last scan.

ComboFix 09-10-15.03 - Jon Howard 10/15/2009 21:13.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.160 [GMT -4:00]
Running from: c:\documents and settings\Jon Howard\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jon Howard\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ130
-------\Legacy_HWCKBNFUUNFOEYKK
-------\Legacy_JDMPTTLW
-------\Legacy_UIOFFADZNUM
-------\Service_cpuz130
-------\Service_HWCKBNFUUNFOEYKK
-------\Service_JDMPTTLW
-------\Service_UIOFFADZNUM


((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 )))))))))))))))))))))))))))))))
.

2009-10-16 00:16 . 2009-10-16 00:16 -------- d-----w- c:\windows\LastGood.Tmp
2009-10-12 22:19 . 2009-10-12 22:19 -------- d-----w- c:\program files\Uniblue
2009-10-12 22:12 . 2009-10-12 22:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-10-07 17:06 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-07 17:06 . 2009-10-07 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-07 17:06 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-07 17:06 . 2009-10-07 17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 14:29 . 2009-10-06 14:29 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\Malwarebytes
2009-10-05 18:31 . 2009-10-05 18:31 -------- d-sh--w- c:\documents and settings\Jon Howard\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-16 01:39 . 2008-10-17 18:47 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\DNA
2009-10-15 23:53 . 2008-08-07 06:11 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\Skype
2009-10-15 23:49 . 2008-10-17 18:47 -------- d-----w- c:\program files\DNA
2009-10-15 22:17 . 2008-08-07 06:16 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\skypePM
2009-10-02 11:22 . 2007-09-19 20:40 -------- d-----w- c:\program files\Guitar Pro 4
2009-09-26 06:33 . 2009-08-24 18:15 -------- d-----w- c:\program files\Verizon
2009-09-18 03:52 . 2009-05-11 00:30 -------- d-----w- c:\program files\MSN Messenger
2009-09-18 03:29 . 2008-03-05 09:02 -------- d-----w- c:\program files\Windows Live
2009-09-18 03:25 . 2005-04-10 00:37 45072 ----a-w- c:\documents and settings\Jon Howard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 23:06 . 2009-09-15 23:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-15 22:51 . 2007-02-21 00:31 -------- d-----w- c:\program files\McAfee
2009-09-15 20:03 . 2009-09-15 20:03 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\Motive
2009-09-15 04:09 . 2007-02-21 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-12 00:27 . 2008-08-29 00:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-10 07:34 . 2005-04-10 01:41 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\BitTorrent
2009-08-24 23:31 . 2009-08-24 23:31 -------- d-----w- c:\program files\Radialpoint
2009-08-24 23:03 . 2009-08-24 23:03 -------- d-----w- c:\documents and settings\Jon Howard\Application Data\Verizon
2009-08-24 19:20 . 2009-08-24 19:20 -------- d-----w- c:\documents and settings\Cecelia Howard\Application Data\Verizon
2009-08-24 19:20 . 2009-08-24 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
2009-08-24 19:20 . 2009-08-24 19:20 -------- d-----w- c:\program files\Verizon Broadband Firefox Toolbar
2009-08-24 19:18 . 2009-08-24 19:18 -------- d-----w- c:\program files\verizon_broad
2009-08-24 19:18 . 2009-08-24 19:18 -------- d-----w- c:\documents and settings\Cecelia Howard\Application Data\verizon_broad
2009-08-24 18:34 . 2009-08-24 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-08-24 18:29 . 2009-08-24 18:29 -------- d-----w- c:\documents and settings\Cecelia Howard\Application Data\Motive
2009-08-24 18:28 . 2009-08-24 18:24 -------- d-----w- c:\program files\Common Files\Motive
2009-08-05 09:11 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2006-03-26 10:25 . 2006-03-26 10:25 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-15_23.49.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-16 01:43 . 2009-10-16 01:43 16384 c:\windows\Temp\Perflib_Perfdata_538.dat
+ 2004-05-11 15:02 . 2009-10-16 01:41 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
- 2004-05-11 15:02 . 2009-10-15 22:07 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2004-05-11 15:02 . 2009-10-16 01:41 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2004-05-11 15:02 . 2009-10-15 22:07 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2009-10-16 01:41 . 2009-10-16 01:41 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-03-05 21:02 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 4670968]
"UltraDVDMon"="c:\program files\UltraDVD\DVDMon.exe" [2002-12-25 337920]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-23 21738792]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-27 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-19 155648]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-27 148888]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1154223111\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\SYSTEM32\\rtcshare.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/28/2008 8:02 PM 92296]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/26/2007 4:21 PM 24652]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [3/22/2009 9:23 AM 1205760]
S2 0089591239918587mcinstcleanup;0089591239918587mcinstcleanup; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-21 15:53]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-21 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.msn.com
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Search - http://kl.bar.need2f...earch.html?p=KL
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Jon Howard\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Jon Howard\Application Data\Mozilla\Firefox\Profiles\7539rho8.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 21:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\wanmpsvc.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Webroot\Spy Sweeper\SSU.exe
.
**************************************************************************
.
Completion time: 2009-10-16 22:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-16 02:07
ComboFix2.txt 2009-10-16 00:25

Pre-Run: 5,764,382,720 bytes free
Post-Run: 5,736,943,616 bytes free

213 --- E O F --- 2009-09-10 07:29

[sUBs]

Quote

Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingc...e.php?channel=4

Apologies. I forgotten to remove the above paragraph

[CalFRKZ]

I wasn't sure if do not tick the box meant leave it unchecked or checked. I left it unchecked and just did the scan. The PC is running faster and IE is not popping up anymore when I run firefox. Malware bytes runs now but that might be cause the admin told me to rename it. While this was scanning the first time I wasn't aware Mcafee was still running even though it wasnt on my taskbar and it began deleting trojans which I believe were in the combofix folder. Sometime this morning my PC reset itself so I had to rescan everything. I will run malwarebytes after sending this message. Also McAfee will still not let me select scan it still redirects.

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=d2edccc74fdc81439246b8727cac8ceb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-16 03:48:38
# local_time=2009-10-16 11:48:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5121 21 100 88 170979303906250
# scanned=113697
# found=11
# cleaned=0
# scan_time=9867
C:\Documents and Settings\Jon Howard\Desktop\Anime\sspsetup1_.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Jon Howard\My Documents\Install_AIM.exe Win32/Adware.WBug.A application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gajukilu.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1646\A0253405.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1646\A0253406.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1646\A0253408.dll a variant of Win32/Adware.Virtumonde.NFQ application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1646\A0253410.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1646\A0253411.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1646\A0253412.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1646\A0253414.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1646\A0253415.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I

[sUBs]

C:\Documents and Settings\Jon Howard\Desktop\Anime\sspsetup1_.exe

Please delete the above file.

Quote

I will run malwarebytes after sending this message

Let me know if MBAM finds anything

[CalFRKZ]

I haven't clicked remove selected yet. And I deleted the file you requested.

Malwarebytes' Anti-Malware 1.41
Database version: 2970
Windows 5.1.2600 Service Pack 2

10/16/2009 6:51:46 PM
mbam-log-2009-10-16 (18-51-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 222111
Time elapsed: 3 hour(s), 22 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[sUBs]

Quote

I haven't clicked remove selected yet.

Click it


Of the stuff NOD32 found,

C:\QooBox is ComboFix's quarantine folder. We'll take care of it when we uninstall ComboFix

C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while


----------------------


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

• Uninstall ComboFix ... do not skip this step
  This process will perform some post cleanup measures.
  Do this by going to to Start > Run & typing in ComboFix /U
  
  
  
  
• ANTIVIRUS SOFTWARE
  It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
  
  
• Microsoft Windows Update → http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
  
• http://www.mozilla.o...oducts/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
  
• http://www.aumha.org...erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://www.spywarein...showtopic=60955

After doing all these, your system will be optimised against future threats.
.
Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.

[CalFRKZ]

It won't let me uninstall combofix.

I get an error message saying I may be compromised with the a program called "virut"

McAfee still won't let me scan as it redirects me to my protection status. I also still get a message that will try to block access to my firewall. But I can just close it quickly and activate it anyway. Right now virus protection is disabled to stop interfering with combofix. Is there anything else that I need to turn off?

[sUBs]

Quote

I get an error message saying I may be compromised with the a program called "virut"

That's probably McAfee interfering. Have you considered uninstalling & then re-installing McAfee? It does appear to be damaged by the infection.

[CalFRKZ]

I uninstalled then reinstalled McAfee except it wont complete cause its conflicting with spysweeper telling me to delete it first. Mcafee was 444 days out of date so that may be why something got on the PC.

Combofix /U when typed its unable to find combofix so I guess its deleted.

It wouldn't let me update windows but now I can and have all the updates. Adaware allowed me to update but wouldnt let me run it still so I deleted it. Malware still can't find anything so I maybe I should reinstall it as well.

I think everything is fixed and thanks for the help. I am just wondering can spysweeper can protect me as well as mcafee can.

[sUBs]

I'm not a keen fan of McAfee. Search around our forum and see how many McAfee users there are, looking for help.

SpySweeper isn't an antivirus program. It's an antispyware program meant to compliment an existing antivirus program.