backdoor:win32/cycbot.B detected, Now Getting odd reactions

Neoclassix · Nov 22, 2011

Hello: Security essentials just detected above virus, this has happend twice today and I have had a few attacks from other viruses. I have noticed my browser redirects to random sites from google, I have just reinstalled windows from a previous attack that knocked out my internet completely. here are the hijack this and DDS files:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:36:52 PM, on 11/22/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LP\A59C\111.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\28ECC\lvvm.exe
C:\Documents and Settings\Matt\Application Data\CC528\CA0A5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53152
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [111.exe] C:\Program Files\LP\A59C\111.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...Yus&si=&a=8o1RUPdEIGDYi9Ghwty0aA&n=2011012014
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://www.unionconcrod.org/controls/LTOCX14N.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1185892461968
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Closet Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://www.unionconcrod.org/controls/prntpro2.CAB
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} (ERViewerOCX Control) - http://96.252.133.84/MP4DVR.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 15058 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Matt at 15:51:14 on 2011-11-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.396 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LP\A59C\111.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\28ECC\lvvm.exe
C:\Documents and Settings\Matt\Application Data\CC528\CA0A5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:53152
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uWinlogon: Shell=explorer.exe,c:\documents and settings\matt\application data\cc528\CA0A5.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [111.exe] c:\program files\lp\a59c\111.exe
StartupFolder: c:\docume~1\matt\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Search - http://edits.mywebsearch.com/toolba...Yus&si=&a=8o1RUPdEIGDYi9Ghwty0aA&n=2011012014
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.unionconcrod.org/controls/LTOCX14N.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo1.walgreens.com/WalgreensActivia.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185892461968
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.unionconcrod.org/controls/prntpro2.CAB
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F92211F4-3913-4DC2-A275-756374D848B0} - hxxp://96.252.133.84/MP4DVR.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{DB0412ED-37E1-4AC0-90B0-1F34F8507006} : DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]
R1 MpKsl41f0657a;MpKsl41f0657a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{299049e6-e883-4021-9127-113791cd5207}\MpKsl41f0657a.sys [2011-11-22 28752]
R1 MpKsl5d909b0e;MpKsl5d909b0e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{299049e6-e883-4021-9127-113791cd5207}\MpKsl5d909b0e.sys [2011-11-22 28752]
S1 MpKsl62243e8c;MpKsl62243e8c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3c6bdab-549e-4370-80e1-cff23bb69ec0}\mpksl62243e8c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3c6bdab-549e-4370-80e1-cff23bb69ec0}\MpKsl62243e8c.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-24 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-24 136176]
S3 SKYSCOUT;Celestron SkyScout driver;c:\windows\system32\drivers\UsbScout.sys [2008-5-26 20480]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-8 24652]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-11-22 20:36:27 388096 ----a-r- c:\documents and settings\matt\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-22 19:00:29 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{299049e6-e883-4021-9127-113791cd5207}\MpKsl41f0657a.sys
2011-11-22 18:18:00 -------- d-----w- c:\documents and settings\matt\application data\CC528
2011-11-22 14:32:44 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{299049e6-e883-4021-9127-113791cd5207}\MpKsl5d909b0e.sys
2011-11-22 14:32:28 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{299049e6-e883-4021-9127-113791cd5207}\offreg.dll
2011-11-22 04:55:52 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{299049e6-e883-4021-9127-113791cd5207}\mpengine.dll
2011-11-21 21:36:09 -------- d-----w- c:\program files\28ECC
2011-11-21 21:35:29 -------- d-----w- c:\program files\LP
2011-11-15 02:12:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 02:10:13 -------- d-----w- c:\documents and settings\matt\local settings\application data\PCHealth
2011-11-15 01:09:53 -------- d-----w- c:\windows\Temp99BCC305-EB38-5FD5-7FC0-6433AA13544D-Signatures
2011-11-14 19:05:59 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll
2011-11-14 19:04:59 514587 -c--a-w- c:\windows\system32\dllcache\edb500.dll
2011-11-14 18:56:54 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2011-11-14 18:27:34 86016 ----a-w- c:\windows\system32\sl_anet.acm
2011-11-14 18:26:56 9216 -c--a-w- c:\windows\system32\dllcache\wshatm.dll
2011-11-14 18:25:59 9936 -c--a-w- c:\windows\system32\dllcache\lzexpand.dll
2011-11-14 13:51:03 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-11-14 13:44:24 85020 -c--a-w- c:\windows\system32\dllcache\dgsetup.dll
2011-11-14 13:44:24 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-11-14 13:44:24 176157 -c--a-w- c:\windows\system32\dllcache\dgrpsetu.dll
2011-11-14 13:44:23 2577 ------w- c:\windows\system32\CONFIG.TMP
2011-11-14 13:44:23 15360 -c--a-w- c:\windows\system32\dllcache\taskman.exe
2011-10-29 03:32:54 -------- d-----w- C:\ucd
.
==================== Find3M ====================
.
2011-10-17 14:36:17 0 ---ha-w- c:\documents and settings\matt\ciomkugcqs.tmp
2011-10-16 00:00:30 0 ----a-w- c:\documents and settings\matt\0.47733835981779005.exe
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 15:51:32.06 ===============

Not sure about the GMER file, I ran it but it kept crashing. Any help would be greatly appreciated I do not want to lose my internet and have to start this process all over again.

Thank-you
Matt

oldman960 · Nov 23, 2011

Hi Neoclassix, welcome to the forum.

To make cleaning this machine easier

Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Open hijackthis, do a system scan only and checkmark these lines, if present

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53152

Close ALL other windows/browsers and click Fix Checked. Answer Yes if prompted. Close HJT.

Open your Internet Explorer:

At the top click Tools, click Internet Options
On the Connections Tab click Lan Settings
Uncheck use a proxy server

For FireFox it's

Tools > Options
Click the Advanced button
Click the Network tab
In the connections section click the Settings button
Check mark No Proxy
OK your way out.

Download aswMBR.exe to your desktop.
Double click aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post back with

aswmbr log
mbr.zip (attached)

Please tell me all the symptoms you are experiencing.

Neoclassix · Nov 23, 2011

Hi Oldman960 - First let me thank-you for helping me with this. Second - Do not know how, but you have already made a difference. This morning I could not get on the internet. I had to get your message from my laptop. I did notice when I tried to open my browser I could not go to my home page, but it would let me go to any HTTPS site (banking, ebay sign in, etc...) and NO I did not sign into any of these sites. Ok, other symptoms include, browser redirects to various sites from a google search. security essentials finds questionable files including...111.exe, and another I cannot recall. I have been attacked by 13 viruses since Oct. 26 Ican paste descriptions if needed.
Here are the reports you have requested.
Thanks again.
Matt

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-23 13:43:21
-----------------------------
13:43:21.781 OS Version: Windows 5.1.2600 Service Pack 3
13:43:21.781 Number of processors: 2 586 0x401
13:43:21.781 ComputerName: COMPUTER UserName: Matt
13:43:22.484 Initialize success
13:44:24.078 AVAST engine defs: 11112301
13:44:29.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
13:44:29.000 Disk 0 Vendor: WDC_WD2500JD-98HBB0 08.02D08 Size: 238475MB BusType: 3
13:44:31.031 Disk 0 MBR read successfully
13:44:31.031 Disk 0 MBR scan
13:44:31.078 Disk 0 Windows XP default MBR code
13:44:31.093 Disk 0 scanning sectors +488392065
13:44:31.203 Disk 0 scanning C:\WINDOWS\system32\drivers
13:44:53.671 Service scanning
13:44:54.125 Service MpKslcf9fe73f C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF552178-ABD5-4083-BD70-61B99F0C414F}\MpKslcf9fe73f.sys **LOCKED** 32
13:44:54.765 Modules scanning
13:45:01.171 Disk 0 trace - called modules:
13:45:01.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:45:01.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87140ab8]
13:45:01.203 3 CLASSPNP.SYS[f75f0fd7] -> nt!IofCallDriver -> \Device\00000072[0x8717ee00]
13:45:01.203 5 ACPI.sys[f7467620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x8714cd98]
13:45:01.906 AVAST engine scan C:\WINDOWS
13:45:23.203 AVAST engine scan C:\WINDOWS\system32
13:48:58.531 AVAST engine scan C:\WINDOWS\system32\drivers
13:49:26.406 AVAST engine scan C:\Documents and Settings\Matt
13:52:05.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Matt\Desktop\MBR.dat"
13:52:05.703 The log file has been saved successfully to "C:\Documents and Settings\Matt\Desktop\aswMBR.txt"

oldman960 · Nov 23, 2011

Hi Neoclassix,

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:
Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs[/url]
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combo fix log.

How's the computer?

Neoclassix · Nov 23, 2011

Oldman960:
Combofix log pasted, so far so good...hey I see microsoft firewall is back...have not seen that for MONTHS!
thanks

ComboFix 11-11-23.03 - Matt 11/23/2011 20:59:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.646 [GMT -5:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\Matt\0.47733835981779005.exe
c:\documents and settings\Matt\ciomkugcqs.tmp
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\00145A44.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\image activex object
c:\program files\LP
c:\program files\LP\A59C\19.tmp
c:\program files\LP\A59C\1B.tmp
c:\program files\LP\A59C\5.tmp
c:\program files\LP\A59C\6.tmp
c:\program files\LP\A59C\7.exe
c:\program files\LP\A59C\7.tmp
c:\program files\LP\A59C\8.exe
c:\program files\LP\A59C\8.tmp
c:\program files\LP\A59C\92.tmp
c:\program files\LP\A59C\94.tmp
c:\program files\LP\A59C\A.tmp
c:\program files\LP\A59C\E.tmp
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFTBPR.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\000550A8
c:\program files\MyWebSearch\bar\Cache\00055A9B
c:\program files\MyWebSearch\bar\Cache\000568A4
c:\program files\MyWebSearch\bar\Cache\181A76EA.bin
c:\program files\MyWebSearch\bar\Cache\181A7813.bin
c:\program files\MyWebSearch\bar\Cache\181A78DE.bmp
c:\program files\MyWebSearch\bar\Cache\23019F89
c:\program files\MyWebSearch\bar\Cache\2301A20A
c:\program files\MyWebSearch\bar\Cache\2301A46B.bin
c:\program files\MyWebSearch\bar\Cache\2301A584.bmp
c:\program files\MyWebSearch\bar\Cache\2301A601.bin
c:\program files\MyWebSearch\bar\Cache\2301A7A7.bin
c:\program files\MyWebSearch\bar\Cache\2301A824
c:\program files\MyWebSearch\bar\Cache\2301A8FF.exe
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\8_step1.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\bkez.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkgr.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkgs.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bklf.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkrg.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzc.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzl.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzn.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzq.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzr.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzu.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzv.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzw.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2d.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2r.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3d.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3r.png
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut4.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut4b.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut4c.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shield.png
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\setups\My Web Search Installer.exe
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\basis.xml.temp
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\windows\$NtUninstallKB34544$
c:\windows\$NtUninstallKB34544$\1582094524\@
c:\windows\$NtUninstallKB34544$\1582094524\bckfg.tmp
c:\windows\$NtUninstallKB34544$\1582094524\cfg.ini
c:\windows\$NtUninstallKB34544$\1582094524\Desktop.ini
c:\windows\$NtUninstallKB34544$\1582094524\keywords
c:\windows\$NtUninstallKB34544$\1582094524\kwrd.dll
c:\windows\$NtUninstallKB34544$\1582094524\L\emmnmoug
c:\windows\$NtUninstallKB34544$\1582094524\lsflt7.ver
c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
c:\windows\$NtUninstallKB34544$\482944010
c:\windows\CSC\d6
c:\windows\kb835221.exe
c:\windows\system32\%SYSTE~1
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsmedia10-kb886612-x86-enu.exe
c:\windows\windowsxp-kb834707-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxpmediacenter2005-kb873369-enu.exe
K:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 02:18 . 2011-11-24 02:18 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF552178-ABD5-4083-BD70-61B99F0C414F}\offreg.dll
2011-11-23 15:37 . 2011-10-18 06:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF552178-ABD5-4083-BD70-61B99F0C414F}\mpengine.dll
2011-11-22 20:36 . 2011-11-22 20:36 388096 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-22 18:18 . 2011-11-23 15:49 -------- d-----w- c:\documents and settings\Matt\Application Data\CC528
2011-11-21 21:36 . 2011-11-23 15:49 -------- d-----w- c:\program files\28ECC
2011-11-15 04:42 . 2011-11-15 04:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-11-15 02:12 . 2011-11-15 02:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 02:10 . 2011-11-15 02:10 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\PCHealth
2011-11-15 01:09 . 2011-11-15 01:09 -------- d-----w- c:\windows\Temp99BCC305-EB38-5FD5-7FC0-6433AA13544D-Signatures
2011-11-14 23:51 . 2011-11-14 23:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-11-14 19:12 . 2011-11-14 19:12 -------- d-----w- c:\documents and settings\Home
2011-11-14 19:09 . 2011-11-14 19:09 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2011-11-14 19:08 . 2011-11-14 19:08 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2011-11-14 19:06 . 2001-08-18 03:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-11-14 19:06 . 2001-08-18 03:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-11-14 19:06 . 2001-08-18 03:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-11-14 19:06 . 2001-08-18 03:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-11-14 19:04 . 2004-08-10 12:00 514587 -c--a-w- c:\windows\system32\dllcache\edb500.dll
2011-11-14 18:56 . 2004-08-10 12:00 28672 ----a-w- c:\program files\Messenger\custsat.dll
2011-11-14 18:27 . 2009-09-01 14:46 282654 ----a-w- c:\windows\system32\msaud32.acm
2011-11-14 18:26 . 2008-05-09 10:53 90112 ----a-w- c:\windows\system32\wshext.dll
2011-11-14 18:25 . 2010-12-20 17:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-14 13:51 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-11-14 13:44 . 2004-08-10 12:00 85020 -c--a-w- c:\windows\system32\dllcache\dgsetup.dll
2011-11-14 13:44 . 2004-08-10 12:00 176157 -c--a-w- c:\windows\system32\dllcache\dgrpsetu.dll
2011-11-14 13:44 . 2004-08-10 12:00 2577 ------w- c:\windows\system32\CONFIG.TMP
2011-11-14 13:43 . 2011-11-14 19:12 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2011-11-14 13:43 . 2011-11-14 19:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2011-10-29 03:32 . 2011-10-29 03:32 -------- d-----w- C:\ucd
2011-10-27 05:14 . 2011-10-27 05:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-10-27 05:13 . 2011-10-27 05:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-27 04:23 . 2011-10-27 04:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 06:28 . 2010-05-30 03:23 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-10 14:22 . 2004-12-01 19:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-26 16:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-12-01 18:28 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-12-01 18:28 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\documents and settings\Matt\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP LaserJet Director.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk
backup=c:\windows\pss\HP LaserJet Director.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-10-22 01:44 2744832 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-09-29 12:15 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 12:04 59392 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7800 Series]
2005-04-07 04:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 23:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP AutoIndexer]
2001-02-19 18:36 77824 ----a-w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP SchedIndexer]
2001-02-19 18:36 86016 ----a-w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 06:06 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Phase One Media Reader]
2006-10-26 16:49 229376 ----a-w- c:\progra~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-10-21 22:20 77824 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2007-08-31 16:34 100056 ----a-w- c:\progra~1\SYMNET~1\SNDMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony\\vaio media 3.1\\Vc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
S1 MpKsl62243e8c;MpKsl62243e8c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3C6BDAB-549E-4370-80E1-CFF23BB69EC0}\MpKsl62243e8c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3C6BDAB-549E-4370-80E1-CFF23BB69EC0}\MpKsl62243e8c.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/24/2010 9:51 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/24/2010 9:51 AM 136176]
S3 SKYSCOUT;Celestron SkyScout driver;c:\windows\system32\drivers\UsbScout.sys [5/26/2008 2:01 PM 20480]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/8/2007 8:57 AM 24652]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cca328a16af564.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 14:51]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cca328a478f8b4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 14:51]
.
2011-11-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-11-24 c:\windows\Tasks\User_Feed_Synchronization-{ADD53ACD-06AB-484B-81C7-6BDFD5B5F84E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.unionconcrod.org/controls/LTOCX14N.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.unionconcrod.org/controls/prntpro2.CAB
DPF: {F92211F4-3913-4DC2-A275-756374D848B0} - hxxp://96.252.133.84/MP4DVR.cab
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-eFax 4 - c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
MSConfigStartUp-gStart - c:\garmin\gStart.exe
MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 21:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2516)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-11-23 21:28:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-24 02:28
.
Pre-Run: 99,270,885,376 bytes free
Post-Run: 100,418,117,632 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5A2D4F2FF0F264307E4EB472B0D86DB1

oldman960 · Nov 24, 2011

Hi Neoclassix,

Please follow all previous instructions regarding security programs.

Open a new Notepad session

Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code:

Folder::
c:\documents and settings\Matt\Application Data\CC528
c:\program files\28ECC

In the notepad

Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Next

Please make an uninstall list

Start HijackThis
Click the Config button
Click the Misc Tools button
Click the Open Uninstall Manager button.
Click the Save list button and save it to your desktop.

When you press Save, a notepad will open with the contents. Copy/paste the contents of the notepad file in your next reply.

Please post back with

combofix log
uninstall list

How's the computer?

Neoclassix · Nov 24, 2011

Combo Fix:

ComboFix 11-11-24.01 - Matt 11/24/2011 13:58:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.543 [GMT -5:00]
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matt\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Matt\Application Data\CC528
c:\documents and settings\Matt\Application Data\CC528\8ECC.C52
c:\program files\28ECC
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 02:30 . 2011-11-24 02:30 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F4917D5-FCC9-4110-BFAB-50302DEE9EB5}\MpKsl953c2f44.sys
2011-11-24 02:30 . 2011-11-24 02:30 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F4917D5-FCC9-4110-BFAB-50302DEE9EB5}\offreg.dll
2011-11-24 02:30 . 2011-10-18 06:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F4917D5-FCC9-4110-BFAB-50302DEE9EB5}\mpengine.dll
2011-11-22 20:36 . 2011-11-22 20:36 388096 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-15 04:42 . 2011-11-15 04:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-11-15 02:12 . 2011-11-15 02:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 02:10 . 2011-11-15 02:10 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\PCHealth
2011-11-15 01:09 . 2011-11-15 01:09 -------- d-----w- c:\windows\Temp99BCC305-EB38-5FD5-7FC0-6433AA13544D-Signatures
2011-11-14 23:51 . 2011-11-14 23:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-11-14 19:12 . 2011-11-14 19:12 -------- d-----w- c:\documents and settings\Home
2011-11-14 19:09 . 2011-11-14 19:09 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2011-11-14 19:08 . 2011-11-14 19:08 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2011-11-14 19:06 . 2001-08-18 03:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-11-14 19:06 . 2001-08-18 03:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-11-14 19:06 . 2001-08-18 03:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-11-14 19:06 . 2001-08-18 03:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-11-14 19:04 . 2004-08-10 12:00 514587 -c--a-w- c:\windows\system32\dllcache\edb500.dll
2011-11-14 18:56 . 2004-08-10 12:00 28672 ----a-w- c:\program files\Messenger\custsat.dll
2011-11-14 18:27 . 2009-09-01 14:46 282654 ----a-w- c:\windows\system32\msaud32.acm
2011-11-14 18:26 . 2008-05-09 10:53 90112 ----a-w- c:\windows\system32\wshext.dll
2011-11-14 18:25 . 2010-12-20 17:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-14 13:51 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-11-14 13:44 . 2004-08-10 12:00 85020 -c--a-w- c:\windows\system32\dllcache\dgsetup.dll
2011-11-14 13:44 . 2004-08-10 12:00 176157 -c--a-w- c:\windows\system32\dllcache\dgrpsetu.dll
2011-11-14 13:44 . 2004-08-10 12:00 2577 ------w- c:\windows\system32\CONFIG.TMP
2011-11-14 13:43 . 2011-11-14 19:12 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2011-11-14 13:43 . 2011-11-14 19:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2011-10-29 03:32 . 2011-10-29 03:32 -------- d-----w- C:\ucd
2011-10-27 05:14 . 2011-10-27 05:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-10-27 05:13 . 2011-10-27 05:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-10-27 04:23 . 2011-10-27 04:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 06:28 . 2010-05-30 03:23 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-10 14:22 . 2004-12-01 19:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-26 16:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-12-01 18:28 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-12-01 18:28 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\documents and settings\Matt\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP LaserJet Director.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk
backup=c:\windows\pss\HP LaserJet Director.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=c:\windows\pss\Personal Coach.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-10-22 01:44 2744832 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-09-29 12:15 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 12:04 59392 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7800 Series]
2005-04-07 04:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 23:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP AutoIndexer]
2001-02-19 18:36 77824 ----a-w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP SchedIndexer]
2001-02-19 18:36 86016 ----a-w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 06:06 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Phase One Media Reader]
2006-10-26 16:49 229376 ----a-w- c:\progra~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-10-21 22:20 77824 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2007-08-31 16:34 100056 ----a-w- c:\progra~1\SYMNET~1\SNDMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony\\vaio media 3.1\\Vc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R1 MpKsl953c2f44;MpKsl953c2f44;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F4917D5-FCC9-4110-BFAB-50302DEE9EB5}\MpKsl953c2f44.sys [11/23/2011 9:30 PM 28752]
S1 MpKsl62243e8c;MpKsl62243e8c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3C6BDAB-549E-4370-80E1-CFF23BB69EC0}\MpKsl62243e8c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3C6BDAB-549E-4370-80E1-CFF23BB69EC0}\MpKsl62243e8c.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/24/2010 9:51 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/24/2010 9:51 AM 136176]
S3 SKYSCOUT;Celestron SkyScout driver;c:\windows\system32\drivers\UsbScout.sys [5/26/2008 2:01 PM 20480]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/8/2007 8:57 AM 24652]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL953C2F44
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cca328a16af564.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 14:51]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cca328a478f8b4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 14:51]
.
2011-11-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-11-24 c:\windows\Tasks\User_Feed_Synchronization-{ADD53ACD-06AB-484B-81C7-6BDFD5B5F84E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.unionconcrod.org/controls/LTOCX14N.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.unionconcrod.org/controls/prntpro2.CAB
DPF: {F92211F4-3913-4DC2-A275-756374D848B0} - hxxp://96.252.133.84/MP4DVR.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-24 14:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2011-11-24 14:17:24
ComboFix-quarantined-files.txt 2011-11-24 19:17
ComboFix2.txt 2011-11-24 02:28
.
Pre-Run: 100,380,147,712 bytes free
Post-Run: 100,393,037,824 bytes free
.
- - End Of File - - AE35917E3E758ABCCCBE0C588D06748A

Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Flash Video Encoder
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 8.3.1
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Agere Systems PCI Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon EOS 5D WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon EOS-1D Mark II N WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon iP90
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.6
Canon Utilities EOS Capture 1.5
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3/E4 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Capture One LE 3.7.6
CDDRV_Installer
Celestron SkyScout
Chinese Traditional Fonts Support For Adobe Reader 8
Cisco Connect
Click to DVD 2.0.02 Menu Data
Click to DVD 2.4.10
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Coupon Printer for Windows
DesignPro 5.0 Limited Edition
DivX
DVgate Plus
EPSON CX 7800 Guide
EPSON Printer Software
EPSON Scan
Family Feud
Family Tree Maker 2005
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP LaserJet 3200 Uninstaller
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 17
KhalInstallWrapper
LabelCreator Pro
Logitech SetPoint
Mavis Beacon Teaches Typing 15
Memory Stick Formatter
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MONOPOLY HERE & NOW EDITION
Movielink eHome version 1.1
MSXML 4.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.7.00
OpenOffice.org Installer 1.0
PDF Settings
PictureGear Studio 2.0
QuickTime
RealArcade
Realtek High Definition Audio Driver
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype 5.0
Sonic Encoders
Sonic RecordNow!
SonicStage 4.3
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony Download Taxi 1.5.0.0
Sony TV Tuner Library 1.0
Sony Video Shared Library
Tri-Peaks Solitiare To Go
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
VAIO Control Center
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Original Screen Saver VAIO Scene HD Normal Contents
VAIO Original Screen Saver ver.1.1.01
VAIO Registration
VAIO Structure Wallpaper
VAIO Survey Standalone
VAIO Update 3
VC User CRT71 RTL X86 ---
VC User MFC71 RTL X86 ---
Viewpoint Media Player
Welcome to VAIO life
WIDCOMM Bluetooth Software
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahtzee Download Edition

Happy Thanksgiving!!! Hope you enjoy your day!

oldman960 · Nov 24, 2011

HI Neoclassix,

Happy Thanksgiving!!! Hope you enjoy your day!

Happy Thanksgiving to you too. Had Turkey day last month.

How's the computer?

Your java is out of date.

Click your start button, open Control panel > add/remove programs and uninstall

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 11

Do not uninstall Java(TM) 6 Update 17

Next

Click your start button, open Control panel

Locate the Java icon (it looks like a coffee cup)
double click it to open it
click the Update tab
Click update now

Next

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Next

Download and save to your desktop Malwarebytes Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with the MBAM log.
Thanks

Neoclassix · Nov 25, 2011

Here you go Oldman960...So far so good??? seems to be running ALOT smoother than ever!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8237
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11/25/2011 8:37:03 AM
mbam-log-2011-11-25 (08-37-03).txt
Scan type: Quick scan
Objects scanned: 265158
Time elapsed: 10 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{BFC48A4D-75B9-455B-A4C3-9DC3F940B245} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4040A92C-93F0-49B4-9DD0-93E1887E724A} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CMaidCtlApp.MaidCtrl.1 (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\DOWNLOADED PROGRAM FILES\CMAIDCTL.OCX (Adware.ClosetMaid) -> Value: CMAIDCTL.OCX -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\downloaded program files\CMAIDCTL.OCX (Adware.ClosetMaid) -> Quarantined and deleted successfully.

oldman960 · Nov 25, 2011

Hi Neoclassix,

Yep, so far so good.

One more scan to check our handiwork.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Go here to run an online scannner from
ESET

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Anti
virus software.

After the ESET scan please rerun DDS and post the DDS.txt.

Please post back with

ESET log if one was produced
DDS.txt

Any remaining issues?

Thanks

Neoclassix · Nov 25, 2011

Eset Log:

C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\npckimddijpniijmjjkloplcmbmhphpa\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Program Files\LP\A59C\7.exe.vir a variant of Win32/Kryptik.VZB trojan
C:\Qoobox\Quarantine\C\Program Files\LP\A59C\8.exe.vir a variant of Win32/Kryptik.VZB trojan
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3TPINST.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\setups\My Web Search Installer.exe.vir a variant of Win32/Toolbar.MyWebSearch.K application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP2\A0009509.exe Win32/Cycbot.AK trojan
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP2\A0009510.exe Win32/Cycbot.AK trojan
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP2\A0011562.exe a variant of Win32/Kryptik.VZB trojan
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0011605.exe Win32/Cycbot.AK trojan
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0011609.exe a variant of Win32/Kryptik.VZB trojan
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012267.exe a variant of Win32/Kryptik.VZB trojan
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012268.exe a variant of Win32/Kryptik.VZB trojan
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012269.DLL Win32/Toolbar.MyWebSearch.H application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012270.DLL a variant of Win32/Toolbar.MyWebSearch.I application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012273.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012274.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012275.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012277.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012278.DLL Win32/Adware.FunWeb application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012279.DLL Win32/Adware.FunWeb application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012280.DLL Win32/Toolbar.MyWebSearch.G application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012281.DLL Win32/Toolbar.MyWebSearch.B application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012282.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012283.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012284.DLL Win32/Adware.FunWeb application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012285.SCR Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012286.DLL Win32/Toolbar.MyWebSearch.G application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012287.DLL Win32/Toolbar.MyWebSearch.D application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012288.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012289.EXE Win32/Adware.FunWeb application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012290.DLL Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012292.DLL Win32/Toolbar.MyWebSearch.H application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012293.DLL a variant of Win32/Toolbar.MyWebSearch.I application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012295.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012296.DLL Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012297.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012299.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012300.DLL Win32/Toolbar.MyWebSearch.J application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012301.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012302.DLL Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012303.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012304.EXE Win32/Toolbar.MyWebSearch.J application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012305.EXE Win32/Toolbar.MyWebSearch.I application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012306.DLL a variant of Win32/Toolbar.MyWebSearch.I application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012307.DLL a variant of Win32/Toolbar.MyWebSearch.K application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012308.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012309.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012310.DLL Win32/Toolbar.MyWebSearch.J application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012311.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012312.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012313.EXE Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012314.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012315.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012324.exe a variant of Win32/Toolbar.MyWebSearch.K application

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Matt at 15:16:19 on 2011-11-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.320 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\matt\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.unionconcrod.org/controls/LTOCX14N.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo1.walgreens.com/WalgreensActivia.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185892461968
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.unionconcrod.org/controls/prntpro2.CAB
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F92211F4-3913-4DC2-A275-756374D848B0} - hxxp://96.252.133.84/MP4DVR.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{DB0412ED-37E1-4AC0-90B0-1F34F8507006} : DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]
R1 MpKslefb2123c;MpKslefb2123c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1761c362-cc95-402d-8701-649e99eab58f}\MpKslefb2123c.sys [2011-11-25 28752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-25 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-25 22216]
S1 MpKsl62243e8c;MpKsl62243e8c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3c6bdab-549e-4370-80e1-cff23bb69ec0}\mpksl62243e8c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3c6bdab-549e-4370-80e1-cff23bb69ec0}\MpKsl62243e8c.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-24 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-24 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SKYSCOUT;Celestron SkyScout driver;c:\windows\system32\drivers\UsbScout.sys [2008-5-26 20480]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-8 24652]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-11-25 20:16:06 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1761c362-cc95-402d-8701-649e99eab58f}\MpKslefb2123c.sys
2011-11-25 20:16:03 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1761c362-cc95-402d-8701-649e99eab58f}\offreg.dll
2011-11-25 20:15:52 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1761c362-cc95-402d-8701-649e99eab58f}\mpengine.dll
2011-11-25 18:24:31 -------- d-----w- c:\program files\ESET
2011-11-25 13:24:27 -------- d-----w- c:\documents and settings\matt\application data\Malwarebytes
2011-11-25 13:24:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-25 13:24:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 13:24:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-25 13:03:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-24 01:47:21 -------- d-sha-r- C:\cmdcons
2011-11-24 01:44:33 98816 ----a-w- c:\windows\sed.exe
2011-11-24 01:44:33 518144 ----a-w- c:\windows\SWREG.exe
2011-11-24 01:44:33 256000 ----a-w- c:\windows\PEV.exe
2011-11-24 01:44:33 208896 ----a-w- c:\windows\MBR.exe
2011-11-22 20:36:27 388096 ----a-r- c:\documents and settings\matt\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-15 02:12:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 02:10:13 -------- d-----w- c:\documents and settings\matt\local settings\application data\PCHealth
2011-11-15 01:09:53 -------- d-----w- c:\windows\Temp99BCC305-EB38-5FD5-7FC0-6433AA13544D-Signatures
2011-11-14 19:05:59 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll
2011-11-14 19:04:59 514587 -c--a-w- c:\windows\system32\dllcache\edb500.dll
2011-11-14 18:56:54 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
2011-11-14 18:27:34 86016 ----a-w- c:\windows\system32\sl_anet.acm
2011-11-14 18:26:56 9216 -c--a-w- c:\windows\system32\dllcache\wshatm.dll
2011-11-14 18:25:59 9936 -c--a-w- c:\windows\system32\dllcache\lzexpand.dll
2011-11-14 13:51:03 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-11-14 13:44:24 85020 -c--a-w- c:\windows\system32\dllcache\dgsetup.dll
2011-11-14 13:44:24 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-11-14 13:44:24 176157 -c--a-w- c:\windows\system32\dllcache\dgrpsetu.dll
2011-11-14 13:44:23 15360 -c--a-w- c:\windows\system32\dllcache\taskman.exe
2011-10-29 03:32:54 -------- d-----w- C:\ucd
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 15:17:48.65 ===============

Where in Canada are you? I use to live in Calgary...

oldman960 · Nov 25, 2011

Hi Neoclassix,

West Coast.

All the ESET dections except one are either files we have quarantined or old System Restore points. These will be removed when we remove the tools.

We'll remove the other detection and if everythong is ok we'l clean up the tools after you post back.

Download OTL to your desktop.

Next, Double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

Code:

:Services
 
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"=-
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=-
[-HKEY_CLASSES_ROOT\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}]
[-HKEY_CLASSES_ROOT\TYPELIB\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}]
[-HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}]
[-HKEY_CLASSES_ROOT\TYPELIB\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}]
 
:Files
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\npckimddijpniijmjjkloplcmbmhphpa
 
:Commands
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer

Please post the fix OTL log.

Neoclassix · Nov 25, 2011

Oldtimer960 - West is best, the mountains are the nicest anywhere, I miss going to Banff and Lake Louise on the weekends for fishing and skiing.

Anyway....Here is the log, I hope it looks good to you. so far I have not really driven it hard (banking, ebay, email etc...have been avoided on this machine) I am concerned about my laptop, I have transfered files from this machine to it in the past, I would not want to run into this issue with it. If there is any part of this process you would recommend me running on it I would appreciate any input.

All processes killed
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_CLASSES_ROOT\TYPELIB\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_CLASSES_ROOT\TYPELIB\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
========== FILES ==========
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\npckimddijpniijmjjkloplcmbmhphpa folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Home
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matt
->Temp folder emptied: 172263 bytes
->Temporary Internet Files folder emptied: 14879289 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 566 bytes

User: NetworkService
->Temp folder emptied: 4602 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Rebekah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb

Error: Unable to interpret <[createrestorepoint> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 11252011_200949
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Matt\Local Settings\Temp\~DF2AB8.tmp not found!
File\Folder C:\Documents and Settings\Matt\Local Settings\Temp\~DF2AC4.tmp not found!
File\Folder C:\Documents and Settings\Matt\Local Settings\Temp\~DF2B7F.tmp not found!
File\Folder C:\Documents and Settings\Matt\Local Settings\Temp\~DF2B8B.tmp not found!
File\Folder C:\Documents and Settings\Matt\Local Settings\Temp\~DF2CB8.tmp not found!
File\Folder C:\Documents and Settings\Matt\Local Settings\Temp\~DF2CC4.tmp not found!
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\JEMMN0SM\2659936541[1].html moved successfully.
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\G099BGM1\1028064-backdoor-win32-cycbot-b-detected[2].html moved successfully.
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\FJFBHX5K\si[1].htm moved successfully.
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\88GCVGMX\1499869[1].htm moved successfully.
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...

oldman960 · Nov 26, 2011

Hi Neoclassix,

You can post an OTL log and we can have a quick look at your other computer.

From your desktop, please delete, if present

any notepads/logs that we created
DDS.scr
mbr.dat
mbr.zip
aswMBR.exe

Next
Click the Start button, click Run. Copy and paste the following line into the run box and click OK

Combofix /uninstall

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep it updated and use it regularly.

You can also keep TFC

Updates and upgrades

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 8.3.1 first. Be sure to move any PDF documents to another folder first though.

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Add a firewall and a resident antispyware program to what you have.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)

For resident antispware program I suggest either
Spybot (with Teatimer enabled)

OR

Winpatrol

You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.
Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.

-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us][color=blue"]Windows Update Site [/color][/url](using Internet Explorer) and download and install all critical updates on a regular basis

- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System > Automatic Updates tab

- Keep your antivirus program updated, as well as any other security programs you have.

-More tips and programs can be found HERE

Please post back if you have any problems with these steps. You can also post an OTL log from your other computer.
Thanks

Neoclassix · Nov 29, 2011

Oldtimer960:

Sorry for delay in reply, My main system seems to be fine, thank-you! I downloaded OTL on my laptop, but it will not run for me. I tried the scan now and the quick scan. Both went to the scanning modules message then went into no response mode. I am running Vista on my laptop, does this make a difference?

backdoor:win32/cycbot.B detected, Now Getting odd reactions

Neoclassix

Attachments

oldman960

Neoclassix

Attachments

oldman960

Neoclassix

oldman960

Neoclassix

oldman960

Neoclassix

oldman960

Neoclassix

oldman960

Neoclassix

oldman960

Neoclassix

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Welcome to Tech Support Guy!

Latest posts

Staff online

Members online