Jump to content

A1042nd

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi! My computer seems to be infected - web pages load slowly or not at all, using IE, Chrome, or Firefox. Yellow triangle with exclamation point shows up occasionally in lower right, but disappears when I try to click on it. Ran MBAM several days ago, and it found several issues. Here are those logs: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.04.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Aaron :: MAIN [administrator] 2/4/2012 9:44:59 PM mbam-log-2012-02-04 (21-44-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 268561 Time elapsed: 17 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Documents and Settings\Aaron\My Documents\Downloads\WhiteSmokeInstaller_9128 (1).exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Aaron\My Documents\Downloads\WhiteSmokeInstaller_9128.exe (Adware.Agent) -> Quarantined and deleted successfully. (end) Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.04.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Addie Jo :: MAIN [administrator] 2/4/2012 10:13:36 PM mbam-log-2012-02-04 (22-13-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 267385 Time elapsed: 5 hour(s), 48 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|MicrosoftWindows (Trojan.Agent.MSGen) -> Data: C:\Documents and Settings\Addie Jo\Application Data\windows32.exe -> Quarantined and deleted successfully. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load|MicrosoftWindows (Trojan.Agent) -> Data: C:\Documents and Settings\Addie Jo\Application Data\windows32.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I now run an updated version of MBAM on all users, and get no detections, but web pages still don't load right. Here are the dds and attach text files: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Mommy at 18:47:30 on 2012-02-12 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.347 [GMT -6:00] . AV: Outpost Security Suite *Disabled/Updated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: Outpost Security Suite *Enabled* . ============== Running Processes =============== . C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe svchost.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Mommy\Start Menu\Programs\Startup\hpqtra08.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Avira\AntiVir Desktop\avwsc.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost security suite free\feedback.exe" /dump:os_startup mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "f:\clara's documents\itunes\iTunesHelper.exe" mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe StartupFolder: c:\documents and settings\mommy\start menu\programs\startup\hpqtra08.exe uPolicies-explorer: <NO NAME> = uPolicies-explorer: NoInstrumentation = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 216.165.129.158 192.168.1.1 TCP: Interfaces\{531789D3-E103-4B2C-80B3-D76844EF54D8} : NameServer = 216.165.129.157,134.215.200.126 TCP: Interfaces\{531789D3-E103-4B2C-80B3-D76844EF54D8} : DhcpNameServer = 216.165.129.158 216.170.153.146 192.168.1.1 TCP: Interfaces\{E9E8F4B1-F28F-4825-AC92-43AA02F4EBA7} : DhcpNameServer = 192.168.0.1 216.165.129.158 192.168.1.1 Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mommy\application data\mozilla\firefox\profiles\2tbacho0.default\ FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: f:\clara's documents\itunes\mozilla plugins\npitunes.dll . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-24 36000] R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2011-4-29 708760] R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2011-4-29 2072592] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-30 497496] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-24 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-24 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-24 74640] R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-9-11 820568] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2011-4-29 34280] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2011-4-29 267624] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-25 136176] S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800] S3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2011-4-29 70160] S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\drivers\bulk503.sys --> c:\windows\system32\drivers\Bulk503.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-25 136176] S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\drivers\iso503.sys --> c:\windows\system32\drivers\ISO503.SYS [?] S3 Kinetic Books License Service;Kinetic Books License Service;c:\program files\common files\kinetic books shared\service\KineticBooksLicenseService.exe [2011-10-31 79360] S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-9-11 30368] S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-9-11 16080] S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2011-4-29 242040] S3 VBFilt;VBFilt;c:\windows\system32\filt\VBFilt.dll [2011-4-29 34096] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-18 14336] S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-9-11 239600] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-29 24652] . =============== Created Last 30 ================ . 2012-02-12 01:15:08 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-02-05 18:46:10 98816 ----a-w- c:\windows\sed.exe 2012-02-05 18:46:10 518144 ----a-w- c:\windows\SWREG.exe 2012-02-05 18:46:10 256000 ----a-w- c:\windows\PEV.exe 2012-02-05 18:46:10 208896 ----a-w- c:\windows\MBR.exe 2012-02-01 18:14:17 -------- d-----w- c:\documents and settings\all users\application data\Garmin 2012-02-01 17:29:52 -------- d-----w- c:\documents and settings\mommy\application data\Garmin 2012-02-01 17:24:37 -------- d-----w- c:\program files\Garmin GPS Plugin 2012-02-01 16:43:49 -------- d-----w- c:\windows\system32\winrm 2012-02-01 16:43:48 -------- d-----w- c:\windows\system32\GroupPolicy 2012-02-01 16:43:13 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2012-01-30 15:17:11 -------- d-----w- c:\program files\Garmin 2012-01-28 21:11:36 -------- d-----w- c:\program files\iPod 2012-01-28 20:55:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2012-01-28 20:55:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2012-01-28 20:55:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2012-01-28 20:55:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2012-01-28 20:55:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2012-01-28 20:55:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2012-01-28 20:55:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll . ==================== Find3M ==================== . 2012-02-08 02:44:11 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-29 03:55:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-11-29 03:55:42 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll . ============= FINISH: 18:49:57.20 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 3/16/2003 2:33:46 PM System Uptime: 2/11/2012 6:44:23 PM (24 hours ago) . Motherboard: Intel Corporation | | D845PT Processor: Intel® Pentium® 4 CPU 1.70GHz | J1E1 | 1694/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 19 GiB total, 0.837 GiB free. D: is CDROM () F: is FIXED (NTFS) - 298 GiB total, 194.175 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318} Description: U.S. Robotics 56K Fax Win Device ID: PCI\VEN_12B9&DEV_1007&SUBSYS_00C212B9&REV_00\4&1351887D&0&60F0 Manufacturer: U.S. Robotics Corporation Name: U.S. Robotics 56K Fax Win #2 PNP Device ID: PCI\VEN_12B9&DEV_1007&SUBSYS_00C212B9&REV_00\4&1351887D&0&60F0 Service: Modem . Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&268D196D&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&268D196D&0 Service: i8042prt . ==== System Restore Points =================== . RP253: 2/1/2012 5:11:36 PM - System Checkpoint RP254: 2/2/2012 9:58:34 AM - System Checkpoint RP255: 2/3/2012 10:00:38 AM - System Checkpoint RP256: 2/4/2012 10:27:46 AM - System Checkpoint RP257: 2/5/2012 10:50:23 AM - System Checkpoint RP258: 2/5/2012 11:55:58 AM - Removed Java 6 Update 3 RP259: 2/5/2012 10:34:02 PM - Software Distribution Service 3.0 RP260: 2/6/2012 11:57:08 PM - System Checkpoint RP261: 2/8/2012 12:46:07 AM - System Checkpoint RP262: 2/9/2012 1:37:49 AM - System Checkpoint RP263: 2/10/2012 2:33:05 AM - System Checkpoint RP264: 2/11/2012 2:37:40 AM - System Checkpoint RP265: 2/12/2012 2:12:31 PM - System Checkpoint . ==== Installed Programs ====================== . 1600 1600_Help 1600Trb Abacast Distributed On-Demand Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Album 2.0 Starter Edition Adobe Reader X (10.1.2) Adobe Shockwave Player 11 Advanced SystemCare 5 AIM 7 AiO_Scan AiOSoftware Apple Application Support Apple Mobile Device Support Apple Software Update ATI Display Driver Avira Free Antivirus Bonjour BufferChm Carbonite Online Backup Setup CCleaner Compatibility Pack for the 2007 Office system Conexant HSF V92 56K Data Fax PCI Modem Critical Update for Windows Media Player 11 (KB959772) Dell Solution Center Destinations Director Download Updater (AOL LLC) Dual Mode Camera Easy CD Creator 5 Basic Family Tree Maker 7.5 Fax FirstClass® Client Free M4a to MP3 Converter 6.2 Frog Frenzy 1 Garmin Communicator Plugin Garmin Lifetime Updater Garmin USB Drivers Garmin WebUpdater Google Chrome Google Toolbar for Internet Explorer Google Update Helper Google Updater Haali Media Splitter Help and Support Customization Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Hoyle Card Games HP Image Zone 4.7 HP Image Zone Express HP Product Assistant HP PSC & OfficeJet 4.7 HP Update HPSystemDiagnostics InstantShareAlert Intel Application Accelerator IObit Malware Fighter iTunes Java Auto Updater Java DB 10.5.3.0 Java 6 Update 24 Java 6 Update 5 Kinetic Books Licensing (Shared Components) Linksys EasyLink Advisor Logger Pro 3.8.4 LP_Flash Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Encarta Encyclopedia Standard 2002 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2002 Microsoft Money 2002 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office 97, Professional Edition Microsoft Office File Validation Add-In Microsoft Office PowerPoint 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Word 2002 Microsoft Works 2002 Setup Launcher Microsoft Works 6.0 Microsoft Works Suite Add-in for Microsoft Word Modem Helper Mozilla Firefox 10.0.1 (x86 en-US) Mozilla Sunbird (0.9) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB925673) MUSICMATCH Jukebox oggcodecs 0.71.0946 OpenAL Outpost Security Suite 7.1.1 PhoneTools Picasa 3 Principles of Physics PRO200WL ProductContext Pure Networks Platform QFolder QuickTime Readme RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Scan ScannerCopy Schoolhouse Rock Thinking Games Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shockwave Player Sibelius Scorch (ActiveX Only) Sierra Utilities Sound Blaster Live! Value SpywareBlaster 4.4 Star Wars®: Knights of the Old Republic Stop the Morbuzakh (remove only) TeamViewer 5 The Zondervan NIV Bible TI Connect 1.6 TrayApp U.S. Robotics ControlCenter U.S. Robotics Modem Identification Wizard Uninstall Dual Mode Camera (ST606) Unity Web Player Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Viewpoint Media Player VoiceOver Kit WavePad Sound Editor WebEx Support Manager for Internet Explorer WebFldrs XP WebReg Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Movie Maker 2.0 Windows Presentation Foundation Windows XP Service Pack 3 Works Suite OS Pack Works Synchronization XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 2/12/2012 1:37:17 AM, error: Service Control Manager [7024] - The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010). 2/11/2012 7:00:57 PM, error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s). 2/11/2012 7:00:51 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 2/11/2012 7:00:41 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 2/11/2012 6:49:13 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting. . ==== End Of File =========================== Thanks for any help you can give me!
  2. Hi! I did all the uninstalling and updating that you recommended. Everything is running well, and there are no remaining issues that I am aware of. Thanks for your help!
  3. Hi! Sorry I forgot the combofix log last time. To all appearances, the computer is running normally now. The search engine redirecting is no longer an issue. I believe that following your instructions from April 18 repaired the problem. Here is the Combofix log, the ESET log (I stopped the scan when it had finished the C drive and was scanning our external hard drive), and the Security Check log. ComboFix 11-04-19.01 - Mommy 04/19/2011 14:50:31.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.293 [GMT -5:00] Running from: C:\Documents and Settings\Mommy\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Mommy\Desktop\CFScript.txt AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FILE :: "c:\windows\system32\drivers\aywiy.sys" ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=b68366a584690740b059fc23aad7324d # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-23 04:16:49 # local_time=2011-04-23 11:16:49 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1026 16777214 0 2 44518926 44518926 0 0 # compatibility_mode=1280 16777175 100 0 30771 30771 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=109527 # found=0 # cleaned=0 # scan_time=10190 Results of screen317's Security Check version 0.99.10 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 Kaspersky Internet Security 2011 ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java DB 10.5.3.0 Java 6 Update 24 Java 6 Update 3 Java SE Development Kit 6 Update 23 Out of date Java installed! Adobe Flash Player Adobe Reader 9.4.3 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Kaspersky Lab Kaspersky Internet Security 2011 avp.exe Kaspersky Lab Kaspersky Internet Security 2011 klwtblfs.exe ``````````End of Log````````````
  4. Hi! Here are the logs for MBAM, Combofix, and DDS. The "Numlock" script I think is something that I did years ago as the only way I could find to get the numbers lock to come on by default on boot up. We could make that go away without sadness if we needed to. I've zipped it and attached it for you to look at. Thanks for your help! Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6399 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/19/2011 10:04:53 AM mbam-log-2011-04-19 (10-04-53).txt Scan type: Quick scan Objects scanned: 226118 Time elapsed: 14 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 11-04-19.01 - Mommy 04/19/2011 14:50:31.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.293 [GMT -5:00] Running from: C:\Documents and Settings\Mommy\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Mommy\Desktop\CFScript.txt AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FILE :: "c:\windows\system32\drivers\aywiy.sys" . DDS (Ver_11-03-05.01) - NTFSx86 Run by Mommy at 15:46:42.90 on Tue 04/19/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.205 [GMT -5:00] . AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe C:\Documents and Settings\Mommy\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe" mRun: [combofix] c:\combofix\cf30719.cfxxe /c c:\combofix\Combobatch.bat mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uPolicies-explorer: <NO NAME> = IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} DPF: JT's Blocks - hxxp://download.games.yahoo.com/games/clients/y/blt1_x.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: Toki Toki Boom - hxxp://download.games.yahoo.com/games/clients/y/vto_x.cab DPF: Yahoo! Chess - hxxp://download.games.yahoo.com/games/clients/y/ct2_x.cab DPF: Yahoo! Gin - hxxp://download.games.yahoo.com/games/clients/y/nt1_x.cab DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/pote_x.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298778219171 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} - hxxp://c.ancestry.com/MFInstall/MFInstall.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - TCP: {531789D3-E103-4B2C-80B3-D76844EF54D8} = 216.165.129.157,134.215.200.126 Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: klogon - c:\windows\system32\klogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-4-12 475736] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472] S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\drivers\bulk503.sys --> c:\windows\system32\drivers\Bulk503.sys [?] S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\drivers\iso503.sys --> c:\windows\system32\drivers\ISO503.SYS [?] . =============== Created Last 30 ================ . 2011-04-19 19:42:58 -------- d-s---w- C:\ComboFix 2011-04-15 13:46:46 -------- d-sha-r- C:\cmdcons 2011-04-15 13:06:22 98816 ----a-w- c:\windows\sed.exe 2011-04-15 13:06:22 89088 ----a-w- c:\windows\MBR.exe 2011-04-15 13:06:22 256512 ----a-w- c:\windows\PEV.exe 2011-04-15 13:06:22 161792 ----a-w- c:\windows\SWREG.exe 2011-04-12 12:56:03 97859 ----a-w- c:\windows\system32\drivers\klick.dat 2011-04-12 12:56:03 115267 ----a-w- c:\windows\system32\drivers\klin.dat 2011-04-12 12:54:11 -------- d-----w- c:\program files\Kaspersky Lab 2011-04-12 12:54:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab 2011-04-12 12:46:38 -------- d-----w- C:\kleaner.tmp 2011-04-12 12:24:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files 2011-04-09 13:12:22 -------- d-----w- c:\program files\CCleaner 2011-04-08 18:18:03 -------- d-----w- c:\docume~1\mommy\applic~1\SUPERAntiSpyware.com 2011-04-08 18:18:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2011-04-08 18:17:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-04-07 01:10:59 -------- d-----w- c:\docume~1\mommy\locals~1\applic~1\{71078740-CEDC-4130-9508-FA335982D15E} 2011-04-07 00:53:29 0 ----a-w- c:\windows\Gkiqofusocacez.bin 2011-04-06 23:29:28 90112 --sha-r- c:\windows\system32\riched32U.dll 2011-03-28 05:25:53 -------- d-----w- c:\program files\iPod 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-03-28 05:22:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-03-28 05:18:09 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-03-28 05:18:09 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-03-28 05:17:03 -------- d-----w- c:\program files\Bonjour 2011-03-21 03:42:54 -------- d-----w- c:\program files\common files\Software Update Utility . ==================== Find3M ==================== . 2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll 2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-03 01:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll . ============= FINISH: 15:56:29.40 ===============
  5. Hi! Here is the Combofix log, and a fresh DDS log. ComboFix 11-04-14.03 - Mommy 04/15/2011 8:50.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.343 [GMT -5:00] Running from: c:\documents and settings\Mommy\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Aaron\Local Settings\Application Data\{ED7F8F61-8649-473B-A997-4190BCA81413} c:\documents and settings\Aaron\Local Settings\Application Data\{ED7F8F61-8649-473B-A997-4190BCA81413}\chrome.manifest c:\documents and settings\Aaron\Local Settings\Application Data\{ED7F8F61-8649-473B-A997-4190BCA81413}\chrome\content\_cfg.js c:\documents and settings\Aaron\Local Settings\Application Data\{ED7F8F61-8649-473B-A997-4190BCA81413}\chrome\content\overlay.xul c:\documents and settings\Aaron\Local Settings\Application Data\{ED7F8F61-8649-473B-A997-4190BCA81413}\install.rdf c:\documents and settings\Addie Jo\WINDOWS c:\documents and settings\Daddy\WINDOWS c:\documents and settings\Mommy\WINDOWS C:\Install.exe C:\t.txt c:\windows\desktop c:\windows\desktop\Instal~1.lnk c:\windows\p73467113.exe c:\windows\p7346712213.exe c:\windows\system\oeminfo.ini c:\windows\system32\rnaph.dll F:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Parameters . . ((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 ))))))))))))))))))))))))))))))) . . 2011-04-12 12:56 . 2011-04-12 13:53 115267 ----a-w- c:\windows\system32\drivers\klin.dat 2011-04-12 12:56 . 2011-04-12 13:53 97859 ----a-w- c:\windows\system32\drivers\klick.dat 2011-04-12 12:54 . 2011-04-15 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2011-04-12 12:54 . 2011-04-12 12:54 -------- d-----w- c:\program files\Kaspersky Lab 2011-04-12 12:46 . 2011-04-12 12:46 -------- d-----w- C:\kleaner.tmp 2011-04-12 12:24 . 2011-04-12 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2011-04-09 13:12 . 2011-04-09 13:12 -------- d-----w- c:\program files\CCleaner 2011-04-08 18:18 . 2011-04-08 18:18 -------- d-----w- c:\documents and settings\Mommy\Application Data\SUPERAntiSpyware.com 2011-04-08 18:18 . 2011-04-08 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-04-08 18:17 . 2011-04-08 18:18 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-04-07 01:10 . 2011-04-07 01:10 -------- d-----w- c:\documents and settings\Mommy\Local Settings\Application Data\{71078740-CEDC-4130-9508-FA335982D15E} 2011-04-07 00:53 . 2011-04-07 12:04 0 ----a-w- c:\windows\Gkiqofusocacez.bin 2011-04-07 00:04 . 2011-04-09 05:04 -------- d--h--w- c:\documents and settings\Aaron\Application Data\Yhbu 2011-04-07 00:04 . 2011-04-07 00:10 -------- d--h--w- c:\documents and settings\Aaron\Application Data\Ymqi 2011-04-06 23:29 . 2011-04-06 23:29 90112 --sha-r- c:\windows\system32\riched32U.dll 2011-03-31 16:50 . 2011-03-31 16:50 -------- d--h--w- c:\documents and settings\Aaron\Application Data\IObit 2011-03-31 16:27 . 2011-03-31 16:27 -------- d-----w- c:\documents and settings\Addie Jo\Application Data\IObit 2011-03-21 03:42 . 2011-03-21 03:42 -------- d-----w- c:\program files\Common Files\Software Update Utility . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2003-03-20 05:53 270848 ------w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2003-03-20 05:48 186880 ------w- c:\windows\system32\encdec.dll 2011-02-03 03:40 . 2010-07-26 00:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-03 01:19 . 2008-02-02 17:06 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2003-03-20 05:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2003-03-20 05:35 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2003-03-20 06:17 439296 ----a-w- c:\windows\system32\shimgvw.dll . <pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\Creative\ShareDLL\CtNotify .exe c:\program files\iTunes\iTunesHelper .exe c:\program files\QuickTime\QTTask .exe c:\program files\real\realplayer\Update\realsched .exe c:\windows\SYSTEM32\rundll32 .exe </pre> . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [N/A] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856] . c:\documents and settings\Daddy\Start Menu\Programs\Startup\ numlock.vbs [2006-2-4 75] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKLM\~\startupfolder\C:^Documents and Settings^Mommy^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] path=c:\documents and settings\Mommy\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY] c:\progra~1\AVG\AVG9\avgtray.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] c:\program files\QuickTime\qttask.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-21 22:24 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) "ose"=3 (0x3) "nmservice"=2 (0x2) "LinksysUpdater"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "gusvc"=2 (0x2) "FreeAgentGoNext Service"=2 (0x2) "Creative Service for CDROM Access"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\juno\\bin\\juno.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Documents and Settings\\Daddy\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"= "c:\\Documents and Settings\\Daddy\\Local Settings\\Application Data\\AbacastDistributedOnDemand\\Node\\11\\AbacastDistributedOnDemand.exe"= "c:\\Program Files\\Mozilla Sunbird\\sunbird.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service . R1 kl2;kl2;c:\windows\SYSTEM32\DRIVERS\kl2.sys [6/9/2010 4:43 PM 11352] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\SYSTEM32\DRIVERS\klim5.sys [5/7/2010 11:06 AM 32856] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\SYSTEM32\DRIVERS\klmouflt.sys [11/2/2009 7:27 PM 19472] S0 tmuyxp;tmuyxp;c:\windows\system32\drivers\aywiy.sys --> c:\windows\system32\drivers\aywiy.sys [?] S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\Drivers\Bulk503.sys --> c:\windows\system32\Drivers\Bulk503.sys [?] S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\Drivers\ISO503.SYS --> c:\windows\system32\Drivers\ISO503.SYS [?] S3 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 2:43 PM 204800] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/29/2009 2:55 PM 24652] . Contents of the 'Scheduled Tasks' folder . 2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2011-04-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 22:22] . 2011-04-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-516116760-3508293876-2501954535-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-516116760-3508293876-2501954535-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-516116760-3508293876-2501954535-1008.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-516116760-3508293876-2501954535-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-516116760-3508293876-2501954535-1013.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-516116760-3508293876-2501954535-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-516116760-3508293876-2501954535-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-516116760-3508293876-2501954535-1008.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-516116760-3508293876-2501954535-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-516116760-3508293876-2501954535-1013.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33] . 2011-04-15 c:\windows\Tasks\User_Feed_Synchronization-{8479C25A-BA42-4C5F-BB6F-46F4E1C6F31B}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . 2011-01-02 c:\windows\Tasks\wavepadShakeIcon.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-09-11 14:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: {531789D3-E103-4B2C-80B3-D76844EF54D8} = 216.165.129.157,134.215.200.126 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} - hxxp://c.ancestry.com/MFInstall/MFInstall.cab . - - - - ORPHANS REMOVED - - - - . AddRemove-Creative News - c:\program files\Creative\News\CTNews.isu AddRemove-HijackThis - c:\documents and settings\Mommy\Local Settings\Temporary Internet Files\Content.IE5\NN5JZ13D\HijackThis.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-15 09:29 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,69,3d,80,b2,be,8e,44,8a,06,c6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,69,3d,80,b2,be,8e,44,8a,06,c6,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(808) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3148) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\System32\MsPMSPSv.exe c:\windows\system32\devldr32.exe . ************************************************************************** . Completion time: 2011-04-15 09:45:43 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-15 14:45 . Pre-Run: 250,920,960 bytes free Post-Run: 1,173,733,376 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 686EE8C0D75A474DA64E501A027B8448 . DDS (Ver_11-03-05.01) - NTFSx86 Run by Mommy at 14:12:16.75 on Fri 04/15/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.275 [GMT -5:00] . AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\explorer.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Mommy\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No File TB: {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - No File TB: {5A074B29-F830-49DE-A31B-5BB9D7F6B407} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe" dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uPolicies-explorer: <NO NAME> = IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} DPF: JT's Blocks - hxxp://download.games.yahoo.com/games/clients/y/blt1_x.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: Toki Toki Boom - hxxp://download.games.yahoo.com/games/clients/y/vto_x.cab DPF: Yahoo! Chess - hxxp://download.games.yahoo.com/games/clients/y/ct2_x.cab DPF: Yahoo! Gin - hxxp://download.games.yahoo.com/games/clients/y/nt1_x.cab DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/pote_x.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298778219171 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} - hxxp://c.ancestry.com/MFInstall/MFInstall.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - TCP: {531789D3-E103-4B2C-80B3-D76844EF54D8} = 216.165.129.157,134.215.200.126 Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: klogon - c:\windows\system32\klogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-4-12 475736] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472] S0 tmuyxp;tmuyxp;c:\windows\system32\drivers\aywiy.sys --> c:\windows\system32\drivers\aywiy.sys [?] S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\drivers\bulk503.sys --> c:\windows\system32\drivers\Bulk503.sys [?] S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\drivers\iso503.sys --> c:\windows\system32\drivers\ISO503.SYS [?] S3 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-29 24652] . =============== Created Last 30 ================ . 2011-04-15 13:46:46 -------- d-sha-r- C:\cmdcons 2011-04-15 13:06:22 98816 ----a-w- c:\windows\sed.exe 2011-04-15 13:06:22 89088 ----a-w- c:\windows\MBR.exe 2011-04-15 13:06:22 256512 ----a-w- c:\windows\PEV.exe 2011-04-15 13:06:22 161792 ----a-w- c:\windows\SWREG.exe 2011-04-12 12:56:03 97859 ----a-w- c:\windows\system32\drivers\klick.dat 2011-04-12 12:56:03 115267 ----a-w- c:\windows\system32\drivers\klin.dat 2011-04-12 12:54:11 -------- d-----w- c:\program files\Kaspersky Lab 2011-04-12 12:54:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab 2011-04-12 12:46:38 -------- d-----w- C:\kleaner.tmp 2011-04-12 12:24:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files 2011-04-09 13:12:22 -------- d-----w- c:\program files\CCleaner 2011-04-08 18:18:03 -------- d-----w- c:\docume~1\mommy\applic~1\SUPERAntiSpyware.com 2011-04-08 18:18:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2011-04-08 18:17:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-04-07 01:10:59 -------- d-----w- c:\docume~1\mommy\locals~1\applic~1\{71078740-CEDC-4130-9508-FA335982D15E} 2011-04-07 00:53:29 0 ----a-w- c:\windows\Gkiqofusocacez.bin 2011-04-06 23:29:28 90112 --sha-r- c:\windows\system32\riched32U.dll 2011-03-28 05:25:53 -------- d-----w- c:\program files\iPod 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-03-28 05:22:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-03-28 05:18:09 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-03-28 05:18:09 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-03-28 05:17:03 -------- d-----w- c:\program files\Bonjour 2011-03-21 03:42:54 -------- d-----w- c:\program files\common files\Software Update Utility . ==================== Find3M ==================== . 2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll 2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-03 01:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll . ============= FINISH: 14:14:20.62 ===============
  6. Hi, Here are fresh logs from the Malwarebytes scan and the DDS scan. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6362 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/14/2011 10:08:09 AM mbam-log-2011-04-14 (10-08-09).txt Scan type: Quick scan Objects scanned: 228430 Time elapsed: 13 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_11-03-05.01) - NTFSx86 Run by Mommy at 10:09:39.90 on Thu 04/14/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.245 [GMT -5:00] . AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\devldr32.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe C:\Documents and Settings\Mommy\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.dellnet.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB: {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No File TB: {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - No File TB: {5A074B29-F830-49DE-A31B-5BB9D7F6B407} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe" dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uPolicies-explorer: <NO NAME> = IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} DPF: JT's Blocks - hxxp://download.games.yahoo.com/games/clients/y/blt1_x.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: Toki Toki Boom - hxxp://download.games.yahoo.com/games/clients/y/vto_x.cab DPF: Yahoo! Chess - hxxp://download.games.yahoo.com/games/clients/y/ct2_x.cab DPF: Yahoo! Gin - hxxp://download.games.yahoo.com/games/clients/y/nt1_x.cab DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/pote_x.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298778219171 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} - hxxp://c.ancestry.com/MFInstall/MFInstall.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - TCP: {531789D3-E103-4B2C-80B3-D76844EF54D8} = 216.165.129.157,134.215.200.126 Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 209.172.52.65 www.google.com Hosts: 209.172.52.66 search.yahoo.com . ============= SERVICES / DRIVERS =============== . R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-4-12 475736] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472] S0 tmuyxp;tmuyxp;c:\windows\system32\drivers\aywiy.sys --> c:\windows\system32\drivers\aywiy.sys [?] S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\drivers\bulk503.sys --> c:\windows\system32\drivers\Bulk503.sys [?] S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\drivers\iso503.sys --> c:\windows\system32\drivers\ISO503.SYS [?] S3 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800] S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-29 24652] . =============== Created Last 30 ================ . 2011-04-12 12:56:03 97859 ----a-w- c:\windows\system32\drivers\klick.dat 2011-04-12 12:56:03 115267 ----a-w- c:\windows\system32\drivers\klin.dat 2011-04-12 12:54:11 -------- d-----w- c:\program files\Kaspersky Lab 2011-04-12 12:54:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab 2011-04-12 12:46:38 -------- d--h--w- C:\kleaner.tmp 2011-04-12 12:24:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files 2011-04-09 13:12:22 -------- d-----w- c:\program files\CCleaner 2011-04-08 18:18:03 -------- d-----w- c:\docume~1\mommy\applic~1\SUPERAntiSpyware.com 2011-04-08 18:18:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2011-04-08 18:17:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-04-07 01:10:59 -------- d-----w- c:\docume~1\mommy\locals~1\applic~1\{71078740-CEDC-4130-9508-FA335982D15E} 2011-04-07 00:53:29 0 ----a-w- c:\windows\Gkiqofusocacez.bin 2011-04-06 23:29:28 90112 --sha-r- c:\windows\system32\riched32U.dll 2011-04-05 23:09:10 28 ----a-w- c:\windows\p7346712213.exe 2011-04-05 02:25:54 28 ----a-w- c:\windows\p73467113.exe 2011-03-28 05:25:53 -------- d-----w- c:\program files\iPod 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-03-28 05:22:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-03-28 05:18:09 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-03-28 05:18:09 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-03-28 05:17:03 -------- d-----w- c:\program files\Bonjour 2011-03-21 03:42:54 -------- d-----w- c:\program files\common files\Software Update Utility . ==================== Find3M ==================== . 2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll 2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-03 01:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll . ============= FINISH: 10:14:47.34 ===============
  7. Hi! I've been infected with something that is redirecting the hyperlinks in our search engines. I have followed the instructions on your "what to do when I'm infected" page. I believe that the original infection was able to be removed by MBAM, but the redirecting continues. Any help you can offer would be great - thanks! Here's the original MBAM log and the most recent one. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6299 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/7/2011 8:32:21 AM mbam-log-2011-04-07 (08-32-21).txt Scan type: Quick scan Objects scanned: 221793 Time elapsed: 14 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 0 Registry Values Infected: 21 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 43 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\expahost.dll (Trojan.Agent.Gen) -> Delete on reboot. c:\WINDOWS\ahacicoj.dll (IPH.Trojan.Hiloti.B) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lvineg (IPH.Trojan.Hiloti.B) -> Value: Lvineg -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE (Malware.Gen) -> Value: CTNOTIFY.EXE -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Disc Detector (Malware.Gen) -> Value: Disc Detector -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher (Malware.Gen) -> Value: Adobe Reader Speed Launcher -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe ARM (Malware.Gen) -> Value: Adobe ARM -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\REAL\REALPLAYER\UPDATE\REALSCHED.EXE (Malware.Gen) -> Value: REALSCHED.EXE -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TkBellExe (Malware.Gen) -> Value: TkBellExe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched (Malware.Gen) -> Value: SunJavaUpdateSched -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QuickTime Task (Malware.Gen) -> Value: QuickTime Task -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iTunesHelper (Malware.Gen) -> Value: iTunesHelper -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cleanhdd (Malware.Gen) -> Value: cleanhdd -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Agent) -> Value: NVIDIA driver monitor -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\expahost.dll (Trojan.Agent.Gen) -> Delete on reboot. c:\WINDOWS\ahacicoj.dll (IPH.Trojan.Hiloti.B) -> Delete on reboot. c:\program files\Creative\ShareDLL\CtNotify.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\program files\common files\Adobe\ARM\1.0\AdobeARM.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\program files\real\realplayer\Update\realsched.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\program files\common files\Java\java update\jusched.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\program files\quicktime\QTTask.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\program files\iTunes\ituneshelper.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\application data\cleanhdd.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\application data\windows32.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\19455796.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\vmoqecwufx .exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\vmoqecwufx.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\SYSTEM32\expahost.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\7a.tmp.exe (Trojan.QHosts) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\7d.tmp.exe (Trojan.QHosts) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\bshn.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\hkstnd.exe (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdk.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdl .exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdl .exe (Malware.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdl .exe (Malware.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdl .exe (Malware.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdl.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdm.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdn.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdo.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdp.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdq.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdr.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdt.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdu.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\local settings\Temp\Kdv.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\temp2019185512642122.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\WINDOWS\Kgejaa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\ntraevi.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\WINDOWS\nvsvc32 .exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\WINDOWS\nvsvc32.exe (Malware.Gen) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\documents and settings\Aaron\application data\cleanhdd.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6299 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/9/2011 8:32:30 AM mbam-log-2011-04-09 (08-32-30).txt Scan type: Quick scan Objects scanned: 223367 Time elapsed: 11 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_11-03-05.01) - NTFSx86 Run by Mommy at 9:52:13.96 on Sat 04/09/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.201 [GMT -5:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Mommy\Local Settings\Temporary Internet Files\Content.IE5\NN5JZ13D\HiJackThis[1].exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Mommy\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.dellnet.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File TB: {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No File TB: {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - No File TB: {5A074B29-F830-49DE-A31B-5BB9D7F6B407} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uPolicies-explorer: <NO NAME> = IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} DPF: JT's Blocks - hxxp://download.games.yahoo.com/games/clients/y/blt1_x.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: Toki Toki Boom - hxxp://download.games.yahoo.com/games/clients/y/vto_x.cab DPF: Yahoo! Chess - hxxp://download.games.yahoo.com/games/clients/y/ct2_x.cab DPF: Yahoo! Gin - hxxp://download.games.yahoo.com/games/clients/y/nt1_x.cab DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/pote_x.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1298778219171 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} - hxxp://c.ancestry.com/MFInstall/MFInstall.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - TCP: {531789D3-E103-4B2C-80B3-D76844EF54D8} = 216.165.129.157,134.215.200.126 Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 209.172.52.65 www.google.com Hosts: 209.172.52.66 search.yahoo.com . ============= SERVICES / DRIVERS =============== . R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-27 216400] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-5-25 29584] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-27 243024] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-11-8 308136] S0 tmuyxp;tmuyxp;c:\windows\system32\drivers\aywiy.sys --> c:\windows\system32\drivers\aywiy.sys [?] S3 Bulk503;Chameleon Mega Digital Camera;c:\windows\system32\drivers\bulk503.sys --> c:\windows\system32\drivers\Bulk503.sys [?] S3 ISO503;Chameleon Mega Video Camera;c:\windows\system32\drivers\iso503.sys --> c:\windows\system32\drivers\ISO503.SYS [?] S3 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-29 24652] . =============== File Associations =============== . .reg=regedit . =============== Created Last 30 ================ . 2011-04-09 13:12:22 -------- d-----w- c:\program files\CCleaner 2011-04-08 18:18:03 -------- d-----w- c:\docume~1\mommy\applic~1\SUPERAntiSpyware.com 2011-04-08 18:18:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2011-04-08 18:17:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-04-07 01:10:59 -------- d-----w- c:\docume~1\mommy\locals~1\applic~1\{71078740-CEDC-4130-9508-FA335982D15E} 2011-04-07 00:53:29 0 ----a-w- c:\windows\Gkiqofusocacez.bin 2011-04-06 23:29:28 90112 --sha-r- c:\windows\system32\riched32U.dll 2011-04-05 23:09:10 28 ----a-w- c:\windows\p7346712213.exe 2011-04-05 02:25:54 28 ----a-w- c:\windows\p73467113.exe 2011-03-28 05:25:53 -------- d-----w- c:\program files\iPod 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-03-28 05:22:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-03-28 05:22:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-03-28 05:18:09 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-03-28 05:18:09 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-03-28 05:17:03 -------- d-----w- c:\program files\Bonjour 2011-03-21 03:42:54 -------- d-----w- c:\program files\common files\Software Update Utility 2011-03-15 13:20:00 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files 2011-03-12 17:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll 2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-03 01:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll . ============= FINISH: 9:54:18.04 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.