1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

backdoor:win32/cycbot.B detected, Now Getting odd reactions

Discussion in 'Virus & Other Malware Removal' started by Neoclassix, Nov 22, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Neoclassix

    Neoclassix Thread Starter

    Joined:
    Nov 22, 2011
    Messages:
    18
    Hello: Security essentials just detected above virus, this has happend twice today and I have had a few attacks from other viruses. I have noticed my browser redirects to random sites from google, I have just reinstalled windows from a previous attack that knocked out my internet completely. here are the hijack this and DDS files:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:36:52 PM, on 11/22/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\LP\A59C\111.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\28ECC\lvvm.exe
    C:\Documents and Settings\Matt\Application Data\CC528\CA0A5.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53152
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [111.exe] C:\Program Files\LP\A59C\111.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...Yus&si=&a=8o1RUPdEIGDYi9Ghwty0aA&n=2011012014
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://www.unionconcrod.org/controls/LTOCX14N.cab
    O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1185892461968
    O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Closet Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
    O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://www.unionconcrod.org/controls/prntpro2.CAB
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
    O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} (ERViewerOCX Control) - http://96.252.133.84/MP4DVR.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
    O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
    O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    --
    End of file - 15058 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Matt at 15:51:14 on 2011-11-22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.396 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\LP\A59C\111.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\28ECC\lvvm.exe
    C:\Documents and Settings\Matt\Application Data\CC528\CA0A5.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\notepad.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.aol.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = http=127.0.0.1:53152
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: H - No File
    uWinlogon: Shell=explorer.exe,c:\documents and settings\matt\application data\cc528\CA0A5.exe
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe
    mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [111.exe] c:\program files\lp\a59c\111.exe
    StartupFolder: c:\docume~1\matt\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    IE: &Search - http://edits.mywebsearch.com/toolba...Yus&si=&a=8o1RUPdEIGDYi9Ghwty0aA&n=2011012014
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.unionconcrod.org/controls/LTOCX14N.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
    DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo1.walgreens.com/WalgreensActivia.cab
    DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185892461968
    DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
    DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.unionconcrod.org/controls/prntpro2.CAB
    DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
    DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F92211F4-3913-4DC2-A275-756374D848B0} - hxxp://96.252.133.84/MP4DVR.cab
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{DB0412ED-37E1-4AC0-90B0-1F34F8507006} : DhcpNameServer = 65.32.5.111 65.32.5.112
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]
    R1 MpKsl41f0657a;MpKsl41f0657a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{299049e6-e883-4021-9127-113791cd5207}\MpKsl41f0657a.sys [2011-11-22 28752]
    R1 MpKsl5d909b0e;MpKsl5d909b0e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{299049e6-e883-4021-9127-113791cd5207}\MpKsl5d909b0e.sys [2011-11-22 28752]
    S1 MpKsl62243e8c;MpKsl62243e8c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3c6bdab-549e-4370-80e1-cff23bb69ec0}\mpksl62243e8c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3c6bdab-549e-4370-80e1-cff23bb69ec0}\MpKsl62243e8c.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-24 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-24 136176]
    S3 SKYSCOUT;Celestron SkyScout driver;c:\windows\system32\drivers\UsbScout.sys [2008-5-26 20480]
    S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-8 24652]
    .
    =============== File Associations ===============
    .
    .txt=
    .
    =============== Created Last 30 ================
    .
    2011-11-22 20:36:27 388096 ----a-r- c:\documents and settings\matt\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-22 19:00:29 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{299049e6-e883-4021-9127-113791cd5207}\MpKsl41f0657a.sys
    2011-11-22 18:18:00 -------- d-----w- c:\documents and settings\matt\application data\CC528
    2011-11-22 14:32:44 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{299049e6-e883-4021-9127-113791cd5207}\MpKsl5d909b0e.sys
    2011-11-22 14:32:28 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{299049e6-e883-4021-9127-113791cd5207}\offreg.dll
    2011-11-22 04:55:52 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{299049e6-e883-4021-9127-113791cd5207}\mpengine.dll
    2011-11-21 21:36:09 -------- d-----w- c:\program files\28ECC
    2011-11-21 21:35:29 -------- d-----w- c:\program files\LP
    2011-11-15 02:12:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-15 02:10:13 -------- d-----w- c:\documents and settings\matt\local settings\application data\PCHealth
    2011-11-15 01:09:53 -------- d-----w- c:\windows\Temp99BCC305-EB38-5FD5-7FC0-6433AA13544D-Signatures
    2011-11-14 19:05:59 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll
    2011-11-14 19:04:59 514587 -c--a-w- c:\windows\system32\dllcache\edb500.dll
    2011-11-14 18:56:54 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
    2011-11-14 18:27:34 86016 ----a-w- c:\windows\system32\sl_anet.acm
    2011-11-14 18:26:56 9216 -c--a-w- c:\windows\system32\dllcache\wshatm.dll
    2011-11-14 18:25:59 9936 -c--a-w- c:\windows\system32\dllcache\lzexpand.dll
    2011-11-14 13:51:03 21504 ----a-w- c:\windows\system32\hidserv.dll
    2011-11-14 13:44:24 85020 -c--a-w- c:\windows\system32\dllcache\dgsetup.dll
    2011-11-14 13:44:24 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-11-14 13:44:24 176157 -c--a-w- c:\windows\system32\dllcache\dgrpsetu.dll
    2011-11-14 13:44:23 2577 ------w- c:\windows\system32\CONFIG.TMP
    2011-11-14 13:44:23 15360 -c--a-w- c:\windows\system32\dllcache\taskman.exe
    2011-10-29 03:32:54 -------- d-----w- C:\ucd
    .
    ==================== Find3M ====================
    .
    2011-10-17 14:36:17 0 ---ha-w- c:\documents and settings\matt\ciomkugcqs.tmp
    2011-10-16 00:00:30 0 ----a-w- c:\documents and settings\matt\0.47733835981779005.exe
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
    .
    ============= FINISH: 15:51:32.06 ===============

    Not sure about the GMER file, I ran it but it kept crashing. Any help would be greatly appreciated I do not want to lose my internet and have to start this process all over again.

    Thank-you
    Matt
     

    Attached Files:

  2. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi Neoclassix, welcome to the forum.


    To make cleaning this machine easier
    • Please do not uninstall/install any programs unless asked to
      It is more difficult when files/programs are appearing in/disappearing from the logs.
    • Please do not run any scans other than those requested
    • Please follow all instructions in the order posted
    • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
    • Do not attach any logs/reports, etc.. unless specifically requested to do so.
    • If you have problems with or do not understand the instructions, Please ask before continuing.
    • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
    Open hijackthis, do a system scan only and checkmark these lines, if present

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53152

    Close ALL other windows/browsers and click Fix Checked. Answer Yes if prompted. Close HJT.



    Open your Internet Explorer:
    • At the top click Tools, click Internet Options
    • On the Connections Tab click Lan Settings
    • Uncheck use a proxy server

    For FireFox it's
    • Tools > Options
    • Click the Advanced button
    • Click the Network tab
    • In the connections section click the Settings button
    • Check mark No Proxy
    • OK your way out.


    Download aswMBR.exe to your desktop.
    Double click aswMBR.exe to run it

    Click the "Scan" button to start scan
    [​IMG]

    On completion of the scan click save log, save it to your desktop and post in your next reply
    [​IMG]

    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.



    Please post back with
    • aswmbr log
    • mbr.zip (attached)
    Please tell me all the symptoms you are experiencing.
     
  3. Neoclassix

    Neoclassix Thread Starter

    Joined:
    Nov 22, 2011
    Messages:
    18
    Hi Oldman960 - First let me thank-you for helping me with this. Second - Do not know how, but you have already made a difference. This morning I could not get on the internet. I had to get your message from my laptop. I did notice when I tried to open my browser I could not go to my home page, but it would let me go to any HTTPS site (banking, ebay sign in, etc...) and NO I did not sign into any of these sites. Ok, other symptoms include, browser redirects to various sites from a google search. security essentials finds questionable files including...111.exe, and another I cannot recall. I have been attacked by 13 viruses since Oct. 26 Ican paste descriptions if needed.
    Here are the reports you have requested.
    Thanks again.
    Matt

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-23 13:43:21
    -----------------------------
    13:43:21.781 OS Version: Windows 5.1.2600 Service Pack 3
    13:43:21.781 Number of processors: 2 586 0x401
    13:43:21.781 ComputerName: COMPUTER UserName: Matt
    13:43:22.484 Initialize success
    13:44:24.078 AVAST engine defs: 11112301
    13:44:29.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
    13:44:29.000 Disk 0 Vendor: WDC_WD2500JD-98HBB0 08.02D08 Size: 238475MB BusType: 3
    13:44:31.031 Disk 0 MBR read successfully
    13:44:31.031 Disk 0 MBR scan
    13:44:31.078 Disk 0 Windows XP default MBR code
    13:44:31.093 Disk 0 scanning sectors +488392065
    13:44:31.203 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:44:53.671 Service scanning
    13:44:54.125 Service MpKslcf9fe73f C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF552178-ABD5-4083-BD70-61B99F0C414F}\MpKslcf9fe73f.sys **LOCKED** 32
    13:44:54.765 Modules scanning
    13:45:01.171 Disk 0 trace - called modules:
    13:45:01.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    13:45:01.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87140ab8]
    13:45:01.203 3 CLASSPNP.SYS[f75f0fd7] -> nt!IofCallDriver -> \Device\00000072[0x8717ee00]
    13:45:01.203 5 ACPI.sys[f7467620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x8714cd98]
    13:45:01.906 AVAST engine scan C:\WINDOWS
    13:45:23.203 AVAST engine scan C:\WINDOWS\system32
    13:48:58.531 AVAST engine scan C:\WINDOWS\system32\drivers
    13:49:26.406 AVAST engine scan C:\Documents and Settings\Matt
    13:52:05.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Matt\Desktop\MBR.dat"
    13:52:05.703 The log file has been saved successfully to "C:\Documents and Settings\Matt\Desktop\aswMBR.txt"
     

    Attached Files:

    • MBR.zip
      File size:
      513 bytes
      Views:
      1
  4. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi Neoclassix,


    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Download ComboFix from one of these locations:
    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs[/url]
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    [​IMG]
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    [​IMG]
    Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


    Please post back with the combo fix log.

    How's the computer?
     
  5. Neoclassix

    Neoclassix Thread Starter

    Joined:
    Nov 22, 2011
    Messages:
    18
    Oldman960:
    Combofix log pasted, so far so good...hey I see microsoft firewall is back...have not seen that for MONTHS!
    thanks


    ComboFix 11-11-23.03 - Matt 11/23/2011 20:59:59.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.646 [GMT -5:00]
    Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
    c:\documents and settings\Matt\0.47733835981779005.exe
    c:\documents and settings\Matt\ciomkugcqs.tmp
    c:\program files\FunWebProducts
    c:\program files\FunWebProducts\Shared\00145A44.dat
    c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
    c:\program files\image activex object
    c:\program files\LP
    c:\program files\LP\A59C\19.tmp
    c:\program files\LP\A59C\1B.tmp
    c:\program files\LP\A59C\5.tmp
    c:\program files\LP\A59C\6.tmp
    c:\program files\LP\A59C\7.exe
    c:\program files\LP\A59C\7.tmp
    c:\program files\LP\A59C\8.exe
    c:\program files\LP\A59C\8.tmp
    c:\program files\LP\A59C\92.tmp
    c:\program files\LP\A59C\94.tmp
    c:\program files\LP\A59C\A.tmp
    c:\program files\LP\A59C\E.tmp
    c:\program files\MyWebSearch
    c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
    c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3FFTBPR.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3PATCH.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
    c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
    c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
    c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
    c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
    c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
    c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
    c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
    c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
    c:\program files\MyWebSearch\bar\2.bin\INSTALL.RDF
    c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
    c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
    c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
    c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
    c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
    c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
    c:\program files\MyWebSearch\bar\2.bin\M3TPINST.DLL
    c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
    c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
    c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
    c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
    c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
    c:\program files\MyWebSearch\bar\2.bin\MWSUABTN.DLL
    c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
    c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
    c:\program files\MyWebSearch\bar\Cache\000550A8
    c:\program files\MyWebSearch\bar\Cache\00055A9B
    c:\program files\MyWebSearch\bar\Cache\000568A4
    c:\program files\MyWebSearch\bar\Cache\181A76EA.bin
    c:\program files\MyWebSearch\bar\Cache\181A7813.bin
    c:\program files\MyWebSearch\bar\Cache\181A78DE.bmp
    c:\program files\MyWebSearch\bar\Cache\23019F89
    c:\program files\MyWebSearch\bar\Cache\2301A20A
    c:\program files\MyWebSearch\bar\Cache\2301A46B.bin
    c:\program files\MyWebSearch\bar\Cache\2301A584.bmp
    c:\program files\MyWebSearch\bar\Cache\2301A601.bin
    c:\program files\MyWebSearch\bar\Cache\2301A7A7.bin
    c:\program files\MyWebSearch\bar\Cache\2301A824
    c:\program files\MyWebSearch\bar\Cache\2301A8FF.exe
    c:\program files\MyWebSearch\bar\Cache\files.ini
    c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
    c:\program files\MyWebSearch\bar\Game\CHESS.F3S
    c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
    c:\program files\MyWebSearch\bar\History\search3
    c:\program files\MyWebSearch\bar\icons\CM.ICO
    c:\program files\MyWebSearch\bar\icons\MFC.ICO
    c:\program files\MyWebSearch\bar\icons\PSS.ICO
    c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
    c:\program files\MyWebSearch\bar\icons\WB.ICO
    c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
    c:\program files\MyWebSearch\bar\Message\COMMON.F3S
    c:\program files\MyWebSearch\bar\Message\COMMON\8_step1.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\bkez.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkgr.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkgs.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bklf.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkrg.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzc.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzl.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzn.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzq.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzr.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzu.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzv.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzw.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2d.png
    c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2r.png
    c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3d.png
    c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3r.png
    c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\rebut4.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\rebut4b.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\rebut4c.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\shield.png
    c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
    c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
    c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
    c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
    c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
    c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
    c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
    c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
    c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat
    c:\program files\MyWebSearch\bar\Settings\s_pid.dat
    c:\program files\MyWebSearch\bar\setups\My Web Search Installer.exe
    c:\program files\SelectRebates
    c:\program files\SelectRebates\FFToolbar\chrome.manifest
    c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
    c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
    c:\program files\SelectRebates\FFToolbar\install.rdf
    c:\program files\SelectRebates\SahImages\alert.png
    c:\program files\SelectRebates\SahImages\check.png
    c:\program files\SelectRebates\SahImages\close.png
    c:\program files\SelectRebates\SelectAlerts.dat
    c:\program files\SelectRebates\SelectRebates.exe
    c:\program files\SelectRebates\SelectRebates.ini
    c:\program files\SelectRebates\SelectRebatesA.dat
    c:\program files\SelectRebates\SelectRebatesApi.exe
    c:\program files\SelectRebates\SelectRebatesB.dat
    c:\program files\SelectRebates\SelectRebatesBT.dat
    c:\program files\SelectRebates\SelectRebatesDownload.exe
    c:\program files\SelectRebates\SelectRebatesH.dat
    c:\program files\SelectRebates\SelectRebatesUninstall.exe
    c:\program files\SelectRebates\SRebates.dll
    c:\program files\SelectRebates\SRFF3.dll
    c:\program files\SelectRebates\Toolbar\AddtoList.bmp
    c:\program files\SelectRebates\Toolbar\basis.xml
    c:\program files\SelectRebates\Toolbar\Basis.xml.dym
    c:\program files\SelectRebates\Toolbar\basis.xml.temp
    c:\program files\SelectRebates\Toolbar\Blank.bmp
    c:\program files\SelectRebates\Toolbar\CashBack.bmp
    c:\program files\SelectRebates\Toolbar\Coupons.bmp
    c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
    c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
    c:\program files\SelectRebates\Toolbar\icons.bmp
    c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
    c:\program files\SelectRebates\Toolbar\logo.bmp
    c:\program files\SelectRebates\Toolbar\logo_24.bmp
    c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
    c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
    c:\program files\SelectRebates\Toolbar\RightControls.dym
    c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
    c:\program files\SelectRebates\Toolbar\Scissors.bmp
    c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    c:\windows\$NtUninstallKB34544$
    c:\windows\$NtUninstallKB34544$\1582094524\@
    c:\windows\$NtUninstallKB34544$\1582094524\bckfg.tmp
    c:\windows\$NtUninstallKB34544$\1582094524\cfg.ini
    c:\windows\$NtUninstallKB34544$\1582094524\Desktop.ini
    c:\windows\$NtUninstallKB34544$\1582094524\keywords
    c:\windows\$NtUninstallKB34544$\1582094524\kwrd.dll
    c:\windows\$NtUninstallKB34544$\1582094524\L\emmnmoug
    c:\windows\$NtUninstallKB34544$\1582094524\lsflt7.ver
    c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
    c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
    c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
    c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
    c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
    c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
    c:\windows\$NtUninstallKB34544$\482944010
    c:\windows\CSC\d6
    c:\windows\kb835221.exe
    c:\windows\system32\%SYSTE~1
    c:\windows\windows-kb870669-x86-enu.exe
    c:\windows\windowsmedia10-kb886612-x86-enu.exe
    c:\windows\windowsxp-kb834707-x86-enu.exe
    c:\windows\windowsxp-kb884018-x86-enu.exe
    c:\windows\windowsxpmediacenter2005-kb873369-enu.exe
    K:\autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-24 02:18 . 2011-11-24 02:18 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF552178-ABD5-4083-BD70-61B99F0C414F}\offreg.dll
    2011-11-23 15:37 . 2011-10-18 06:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DF552178-ABD5-4083-BD70-61B99F0C414F}\mpengine.dll
    2011-11-22 20:36 . 2011-11-22 20:36 388096 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-22 18:18 . 2011-11-23 15:49 -------- d-----w- c:\documents and settings\Matt\Application Data\CC528
    2011-11-21 21:36 . 2011-11-23 15:49 -------- d-----w- c:\program files\28ECC
    2011-11-15 04:42 . 2011-11-15 04:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2011-11-15 02:12 . 2011-11-15 02:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-15 02:10 . 2011-11-15 02:10 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\PCHealth
    2011-11-15 01:09 . 2011-11-15 01:09 -------- d-----w- c:\windows\Temp99BCC305-EB38-5FD5-7FC0-6433AA13544D-Signatures
    2011-11-14 23:51 . 2011-11-14 23:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
    2011-11-14 19:12 . 2011-11-14 19:12 -------- d-----w- c:\documents and settings\Home
    2011-11-14 19:09 . 2011-11-14 19:09 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
    2011-11-14 19:08 . 2011-11-14 19:08 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
    2011-11-14 19:06 . 2001-08-18 03:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
    2011-11-14 19:06 . 2001-08-18 03:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
    2011-11-14 19:06 . 2001-08-18 03:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
    2011-11-14 19:06 . 2001-08-18 03:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
    2011-11-14 19:04 . 2004-08-10 12:00 514587 -c--a-w- c:\windows\system32\dllcache\edb500.dll
    2011-11-14 18:56 . 2004-08-10 12:00 28672 ----a-w- c:\program files\Messenger\custsat.dll
    2011-11-14 18:27 . 2009-09-01 14:46 282654 ----a-w- c:\windows\system32\msaud32.acm
    2011-11-14 18:26 . 2008-05-09 10:53 90112 ----a-w- c:\windows\system32\wshext.dll
    2011-11-14 18:25 . 2010-12-20 17:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2011-11-14 13:51 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
    2011-11-14 13:44 . 2004-08-10 12:00 85020 -c--a-w- c:\windows\system32\dllcache\dgsetup.dll
    2011-11-14 13:44 . 2004-08-10 12:00 176157 -c--a-w- c:\windows\system32\dllcache\dgrpsetu.dll
    2011-11-14 13:44 . 2004-08-10 12:00 2577 ------w- c:\windows\system32\CONFIG.TMP
    2011-11-14 13:43 . 2011-11-14 19:12 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
    2011-11-14 13:43 . 2011-11-14 19:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS
    2011-10-29 03:32 . 2011-10-29 03:32 -------- d-----w- C:\ucd
    2011-10-27 05:14 . 2011-10-27 05:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-10-27 05:13 . 2011-10-27 05:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-10-27 04:23 . 2011-10-27 04:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-18 06:28 . 2010-05-30 03:23 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-10-10 14:22 . 2004-12-01 19:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-26 16:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41 . 2004-12-01 18:28 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41 . 2004-12-01 18:28 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    .
    c:\documents and settings\Matt\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
    backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP LaserJet Director.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk
    backup=c:\windows\pss\HP LaserJet Director.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
    backup=c:\windows\pss\Personal Coach.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^eFax 4.4.lnk]
    path=c:\documents and settings\Matt\Start Menu\Programs\Startup\eFax 4.4.lnk
    backup=c:\windows\pss\eFax 4.4.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
    path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
    backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2004-10-14 00:00 57344 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    2004-10-22 01:44 2744832 ----a-w- c:\windows\ALCWZRD.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2004-09-29 12:15 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
    2004-07-16 19:17 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2004-08-10 12:04 59392 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7800 Series]
    2005-04-07 04:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    2004-03-17 23:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP AutoIndexer]
    2001-02-19 18:36 77824 ----a-w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP SchedIndexer]
    2001-02-19 18:36 86016 ----a-w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-08-04 06:06 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Phase One Media Reader]
    2006-10-26 16:49 229376 ----a-w- c:\progra~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2004-10-21 22:20 77824 ----a-w- c:\windows\SOUNDMAN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    2007-08-31 16:34 100056 ----a-w- c:\progra~1\SYMNET~1\SNDMon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
    2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Sony\\vaio media 3.1\\Vc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    .
    S1 MpKsl62243e8c;MpKsl62243e8c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3C6BDAB-549E-4370-80E1-CFF23BB69EC0}\MpKsl62243e8c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3C6BDAB-549E-4370-80E1-CFF23BB69EC0}\MpKsl62243e8c.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/24/2010 9:51 AM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/24/2010 9:51 AM 136176]
    S3 SKYSCOUT;Celestron SkyScout driver;c:\windows\system32\drivers\UsbScout.sys [5/26/2008 2:01 PM 20480]
    S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/8/2007 8:57 AM 24652]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
    .
    2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cca328a16af564.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 14:51]
    .
    2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cca328a478f8b4.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 14:51]
    .
    2011-11-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
    .
    2011-11-24 c:\windows\Tasks\User_Feed_Synchronization-{ADD53ACD-06AB-484B-81C7-6BDFD5B5F84E}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.aol.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.unionconcrod.org/controls/LTOCX14N.cab
    DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.unionconcrod.org/controls/prntpro2.CAB
    DPF: {F92211F4-3913-4DC2-A275-756374D848B0} - hxxp://96.252.133.84/MP4DVR.cab
    .
    .
    ------- File Associations -------
    .
    .txt=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-eFax 4 - c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
    MSConfigStartUp-gStart - c:\garmin\gStart.exe
    MSConfigStartUp-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
    AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-23 21:19
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(768)
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll
    .
    - - - - - - - > 'explorer.exe'(2516)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-23 21:28:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-24 02:28
    .
    Pre-Run: 99,270,885,376 bytes free
    Post-Run: 100,418,117,632 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 5A2D4F2FF0F264307E4EB472B0D86DB1
     
  6. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi Neoclassix,

    Please follow all previous instructions regarding security programs.


    Open a new Notepad session
    • Click the Start button, click run
    • in the run box type notepad
    • click ok
    • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
    • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
    Code:
    Folder::
    c:\documents and settings\Matt\Application Data\CC528
    c:\program files\28ECC
    

    In the notepad
    • Click File, Save as..., and set the Save in to your Desktop
    • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
    • Click save
    Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

    This will start ComboFix again.Close all browser/windows first.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
    [​IMG]


    Next


    Please make an uninstall list
    • Start HijackThis
    • Click the Config button
    • Click the Misc Tools button
    • Click the Open Uninstall Manager button.
    • Click the Save list button and save it to your desktop.
    When you press Save, a notepad will open with the contents. Copy/paste the contents of the notepad file in your next reply.



    Please post back with
    • combofix log
    • uninstall list
    How's the computer?
     
  7. Neoclassix

    Neoclassix Thread Starter

    Joined:
    Nov 22, 2011
    Messages:
    18
    Combo Fix:

    ComboFix 11-11-24.01 - Matt 11/24/2011 13:58:57.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.543 [GMT -5:00]
    Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Matt\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Matt\Application Data\CC528
    c:\documents and settings\Matt\Application Data\CC528\8ECC.C52
    c:\program files\28ECC
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-24 02:30 . 2011-11-24 02:30 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F4917D5-FCC9-4110-BFAB-50302DEE9EB5}\MpKsl953c2f44.sys
    2011-11-24 02:30 . 2011-11-24 02:30 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F4917D5-FCC9-4110-BFAB-50302DEE9EB5}\offreg.dll
    2011-11-24 02:30 . 2011-10-18 06:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F4917D5-FCC9-4110-BFAB-50302DEE9EB5}\mpengine.dll
    2011-11-22 20:36 . 2011-11-22 20:36 388096 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-15 04:42 . 2011-11-15 04:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2011-11-15 02:12 . 2011-11-15 02:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-15 02:10 . 2011-11-15 02:10 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\PCHealth
    2011-11-15 01:09 . 2011-11-15 01:09 -------- d-----w- c:\windows\Temp99BCC305-EB38-5FD5-7FC0-6433AA13544D-Signatures
    2011-11-14 23:51 . 2011-11-14 23:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
    2011-11-14 19:12 . 2011-11-14 19:12 -------- d-----w- c:\documents and settings\Home
    2011-11-14 19:09 . 2011-11-14 19:09 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
    2011-11-14 19:08 . 2011-11-14 19:08 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
    2011-11-14 19:06 . 2001-08-18 03:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
    2011-11-14 19:06 . 2001-08-18 03:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
    2011-11-14 19:06 . 2001-08-18 03:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
    2011-11-14 19:06 . 2001-08-18 03:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
    2011-11-14 19:04 . 2004-08-10 12:00 514587 -c--a-w- c:\windows\system32\dllcache\edb500.dll
    2011-11-14 18:56 . 2004-08-10 12:00 28672 ----a-w- c:\program files\Messenger\custsat.dll
    2011-11-14 18:27 . 2009-09-01 14:46 282654 ----a-w- c:\windows\system32\msaud32.acm
    2011-11-14 18:26 . 2008-05-09 10:53 90112 ----a-w- c:\windows\system32\wshext.dll
    2011-11-14 18:25 . 2010-12-20 17:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2011-11-14 13:51 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
    2011-11-14 13:44 . 2004-08-10 12:00 85020 -c--a-w- c:\windows\system32\dllcache\dgsetup.dll
    2011-11-14 13:44 . 2004-08-10 12:00 176157 -c--a-w- c:\windows\system32\dllcache\dgrpsetu.dll
    2011-11-14 13:44 . 2004-08-10 12:00 2577 ------w- c:\windows\system32\CONFIG.TMP
    2011-11-14 13:43 . 2011-11-14 19:12 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
    2011-11-14 13:43 . 2011-11-14 19:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS
    2011-10-29 03:32 . 2011-10-29 03:32 -------- d-----w- C:\ucd
    2011-10-27 05:14 . 2011-10-27 05:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2011-10-27 05:13 . 2011-10-27 05:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-10-27 04:23 . 2011-10-27 04:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-18 06:28 . 2010-05-30 03:23 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-10-10 14:22 . 2004-12-01 19:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-26 16:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41 . 2004-12-01 18:28 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41 . 2004-12-01 18:28 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    .
    c:\documents and settings\Matt\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
    backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP LaserJet Director.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP LaserJet Director.lnk
    backup=c:\windows\pss\HP LaserJet Director.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
    backup=c:\windows\pss\Personal Coach.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^eFax 4.4.lnk]
    path=c:\documents and settings\Matt\Start Menu\Programs\Startup\eFax 4.4.lnk
    backup=c:\windows\pss\eFax 4.4.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
    path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
    backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2004-06-29 13:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2004-10-14 00:00 57344 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    2004-10-22 01:44 2744832 ----a-w- c:\windows\ALCWZRD.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2004-09-29 12:15 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
    2004-07-16 19:17 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2004-08-10 12:04 59392 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7800 Series]
    2005-04-07 04:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    2004-03-17 23:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP AutoIndexer]
    2001-02-19 18:36 77824 ----a-w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP SchedIndexer]
    2001-02-19 18:36 86016 ----a-w- c:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-08-04 06:06 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Phase One Media Reader]
    2006-10-26 16:49 229376 ----a-w- c:\progra~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2004-10-21 22:20 77824 ----a-w- c:\windows\SOUNDMAN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    2007-08-31 16:34 100056 ----a-w- c:\progra~1\SYMNET~1\SNDMon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
    2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Sony\\vaio media 3.1\\Vc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    .
    R1 MpKsl953c2f44;MpKsl953c2f44;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F4917D5-FCC9-4110-BFAB-50302DEE9EB5}\MpKsl953c2f44.sys [11/23/2011 9:30 PM 28752]
    S1 MpKsl62243e8c;MpKsl62243e8c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3C6BDAB-549E-4370-80E1-CFF23BB69EC0}\MpKsl62243e8c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3C6BDAB-549E-4370-80E1-CFF23BB69EC0}\MpKsl62243e8c.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/24/2010 9:51 AM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/24/2010 9:51 AM 136176]
    S3 SKYSCOUT;Celestron SkyScout driver;c:\windows\system32\drivers\UsbScout.sys [5/26/2008 2:01 PM 20480]
    S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/8/2007 8:57 AM 24652]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL953C2F44
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
    .
    2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cca328a16af564.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 14:51]
    .
    2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cca328a478f8b4.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-24 14:51]
    .
    2011-11-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
    .
    2011-11-24 c:\windows\Tasks\User_Feed_Synchronization-{ADD53ACD-06AB-484B-81C7-6BDFD5B5F84E}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.aol.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.unionconcrod.org/controls/LTOCX14N.cab
    DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.unionconcrod.org/controls/prntpro2.CAB
    DPF: {F92211F4-3913-4DC2-A275-756374D848B0} - hxxp://96.252.133.84/MP4DVR.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-24 14:12
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(768)
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    c:\program files\common files\logitech\bluetooth\LBTServ.dll
    .
    Completion time: 2011-11-24 14:17:24
    ComboFix-quarantined-files.txt 2011-11-24 19:17
    ComboFix2.txt 2011-11-24 02:28
    .
    Pre-Run: 100,380,147,712 bytes free
    Post-Run: 100,393,037,824 bytes free
    .
    - - End Of File - - AE35917E3E758ABCCCBE0C588D06748A

    Adobe AIR
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge 1.0
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color Common Settings
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Common File Installer
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash CS3
    Adobe Flash CS3 Professional
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Flash Video Encoder
    Adobe Help Center 1.0
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS2
    Adobe Reader 8.3.1
    Adobe Setup
    Adobe Setup
    Adobe Shockwave Player
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Agere Systems PCI Soft Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 5
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon EOS 5D WIA Driver
    Canon EOS Kiss_N REBEL_XT 350D WIA Driver
    Canon EOS-1D Mark II N WIA Driver
    Canon EOS-1Ds Mark II WIA Driver
    Canon G.726 WMP-Decoder
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon iP90
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.6
    Canon Utilities EOS Capture 1.5
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities Original Data Security Tools
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities WFT-E1/E2/E3/E4 Utility
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Capture One LE 3.7.6
    CDDRV_Installer
    Celestron SkyScout
    Chinese Traditional Fonts Support For Adobe Reader 8
    Cisco Connect
    Click to DVD 2.0.02 Menu Data
    Click to DVD 2.4.10
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    Coupon Printer for Windows
    DesignPro 5.0 Limited Edition
    DivX
    DVgate Plus
    EPSON CX 7800 Guide
    EPSON Printer Software
    EPSON Scan
    Family Feud
    Family Tree Maker 2005
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    High Definition Audio Driver Package - KB835221
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP LaserJet 3200 Uninstaller
    Intel(R) PRO Network Adapters and Drivers
    InterVideo WinDVD 5 for VAIO
    iTunes
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 11
    Java(TM) 6 Update 17
    KhalInstallWrapper
    LabelCreator Pro
    Logitech SetPoint
    Mavis Beacon Teaches Typing 15
    Memory Stick Formatter
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MONOPOLY HERE & NOW EDITION
    Movielink eHome version 1.1
    MSXML 4.0
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OpenMG Limited Patch 4.7-07-14-05-01
    OpenMG Metadata Extractor for Windows Media Player
    OpenMG Secure Module 4.7.00
    OpenOffice.org Installer 1.0
    PDF Settings
    PictureGear Studio 2.0
    QuickTime
    RealArcade
    Realtek High Definition Audio Driver
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype Toolbars
    Skype¬ô 5.0
    Sonic Encoders
    Sonic RecordNow!
    SonicStage 4.3
    SonicStage Mastering Studio Audio Filter Custom Preset
    Sony Certificate PCH
    Sony Download Taxi 1.5.0.0
    Sony TV Tuner Library 1.0
    Sony Video Shared Library
    Tri-Peaks Solitiare To Go
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
    VAIO Control Center
    VAIO Entertainment Platform
    VAIO Help and Support
    VAIO Media 3.1
    VAIO Media Integrated Server 3.1
    VAIO Media Redistribution 3.1
    VAIO Original Screen Saver VAIO Scene HD Normal Contents
    VAIO Original Screen Saver ver.1.1.01
    VAIO Registration
    VAIO Structure Wallpaper
    VAIO Survey Standalone
    VAIO Update 3
    VC User CRT71 RTL X86 ---
    VC User MFC71 RTL X86 ---
    Viewpoint Media Player
    Welcome to VAIO life
    WIDCOMM Bluetooth Software
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10 Hotfix [See KB886612 for more information]
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Yahtzee Download Edition

    Happy Thanksgiving!!! Hope you enjoy your day!
     
  8. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    HI Neoclassix,

    Happy Thanksgiving to you too. Had Turkey day last month. ;)

    How's the computer?

    Your java is out of date.

    Click your start button, open Control panel > add/remove programs and uninstall


    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 11


    Do not uninstall Java(TM) 6 Update 17


    Next


    Click your start button, open Control panel
    • Locate the Java icon (it looks like a coffee cup)
    • double click it to open it
    • click the Update tab
    • Click update now

    Next

    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    Next

    Download and save to your desktop Malwarebytes Anti-Malware

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Please post back with the MBAM log.
    Thanks
     
  9. Neoclassix

    Neoclassix Thread Starter

    Joined:
    Nov 22, 2011
    Messages:
    18
    Here you go Oldman960...So far so good??? seems to be running ALOT smoother than ever!

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org
    Database version: 8237
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    11/25/2011 8:37:03 AM
    mbam-log-2011-11-25 (08-37-03).txt
    Scan type: Quick scan
    Objects scanned: 265158
    Time elapsed: 10 minute(s), 50 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 8
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{BFC48A4D-75B9-455B-A4C3-9DC3F940B245} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4040A92C-93F0-49B4-9DD0-93E1887E724A} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CMaidCtlApp.MaidCtrl.1 (Adware.ClosetMaid) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\DOWNLOADED PROGRAM FILES\CMAIDCTL.OCX (Adware.ClosetMaid) -> Value: CMAIDCTL.OCX -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    c:\WINDOWS\downloaded program files\CMAIDCTL.OCX (Adware.ClosetMaid) -> Quarantined and deleted successfully.
     
  10. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi Neoclassix,

    Yep, so far so good.

    One more scan to check our handiwork.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


    Go here to run an online scannner from
    ESET

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Anti
      virus software.
    After the ESET scan please rerun DDS and post the DDS.txt.


    Please post back with
    • ESET log if one was produced
    • DDS.txt
    Any remaining issues?

    Thanks
     
  11. Neoclassix

    Neoclassix Thread Starter

    Joined:
    Nov 22, 2011
    Messages:
    18
    Eset Log:

    C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\npckimddijpniijmjjkloplcmbmhphpa\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Program Files\LP\A59C\7.exe.vir a variant of Win32/Kryptik.VZB trojan
    C:\Qoobox\Quarantine\C\Program Files\LP\A59C\8.exe.vir a variant of Win32/Kryptik.VZB trojan
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL.vir Win32/Adware.FunWeb application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir Win32/Adware.FunWeb application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir Win32/Adware.FunWeb application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch.P application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir a variant of Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3TPINST.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\setups\My Web Search Installer.exe.vir a variant of Win32/Toolbar.MyWebSearch.K application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP2\A0009509.exe Win32/Cycbot.AK trojan
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP2\A0009510.exe Win32/Cycbot.AK trojan
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP2\A0011562.exe a variant of Win32/Kryptik.VZB trojan
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0011605.exe Win32/Cycbot.AK trojan
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0011609.exe a variant of Win32/Kryptik.VZB trojan
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012267.exe a variant of Win32/Kryptik.VZB trojan
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012268.exe a variant of Win32/Kryptik.VZB trojan
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012269.DLL Win32/Toolbar.MyWebSearch.H application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012270.DLL a variant of Win32/Toolbar.MyWebSearch.I application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012273.EXE Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012274.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012275.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012277.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012278.DLL Win32/Adware.FunWeb application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012279.DLL Win32/Adware.FunWeb application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012280.DLL Win32/Toolbar.MyWebSearch.G application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012281.DLL Win32/Toolbar.MyWebSearch.B application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012282.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012283.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012284.DLL Win32/Adware.FunWeb application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012285.SCR Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012286.DLL Win32/Toolbar.MyWebSearch.G application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012287.DLL Win32/Toolbar.MyWebSearch.D application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012288.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012289.EXE Win32/Adware.FunWeb application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012290.DLL Win32/Toolbar.MyWebSearch.P application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012292.DLL Win32/Toolbar.MyWebSearch.H application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012293.DLL a variant of Win32/Toolbar.MyWebSearch.I application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012295.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012296.DLL Win32/Toolbar.MyWebSearch.P application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012297.EXE Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012299.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012300.DLL Win32/Toolbar.MyWebSearch.J application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012301.DLL a variant of Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012302.DLL Win32/Toolbar.MyWebSearch.P application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012303.EXE Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012304.EXE Win32/Toolbar.MyWebSearch.J application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012305.EXE Win32/Toolbar.MyWebSearch.I application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012306.DLL a variant of Win32/Toolbar.MyWebSearch.I application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012307.DLL a variant of Win32/Toolbar.MyWebSearch.K application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012308.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012309.EXE Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012310.DLL Win32/Toolbar.MyWebSearch.J application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012311.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012312.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012313.EXE Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012314.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012315.DLL Win32/Toolbar.MyWebSearch application
    C:\System Volume Information\_restore{25A6C451-8513-4EE8-9E5D-E6CDD3D24D1E}\RP3\A0012324.exe a variant of Win32/Toolbar.MyWebSearch.K application

    DDS:


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Matt at 15:16:19 on 2011-11-25
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.320 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.aol.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\docume~1\matt\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\PartyPoker.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.unionconcrod.org/controls/LTOCX14N.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo1.walgreens.com/WalgreensActivia.cab
    DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185892461968
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://www.unionconcrod.org/controls/prntpro2.CAB
    DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
    DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F92211F4-3913-4DC2-A275-756374D848B0} - hxxp://96.252.133.84/MP4DVR.cab
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{DB0412ED-37E1-4AC0-90B0-1F34F8507006} : DhcpNameServer = 65.32.5.111 65.32.5.112
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]
    R1 MpKslefb2123c;MpKslefb2123c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1761c362-cc95-402d-8701-649e99eab58f}\MpKslefb2123c.sys [2011-11-25 28752]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-25 366152]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-25 22216]
    S1 MpKsl62243e8c;MpKsl62243e8c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3c6bdab-549e-4370-80e1-cff23bb69ec0}\mpksl62243e8c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c3c6bdab-549e-4370-80e1-cff23bb69ec0}\MpKsl62243e8c.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-24 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-24 136176]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 SKYSCOUT;Celestron SkyScout driver;c:\windows\system32\drivers\UsbScout.sys [2008-5-26 20480]
    S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-8 24652]
    .
    =============== File Associations ===============
    .
    .txt=
    .
    =============== Created Last 30 ================
    .
    2011-11-25 20:16:06 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1761c362-cc95-402d-8701-649e99eab58f}\MpKslefb2123c.sys
    2011-11-25 20:16:03 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1761c362-cc95-402d-8701-649e99eab58f}\offreg.dll
    2011-11-25 20:15:52 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1761c362-cc95-402d-8701-649e99eab58f}\mpengine.dll
    2011-11-25 18:24:31 -------- d-----w- c:\program files\ESET
    2011-11-25 13:24:27 -------- d-----w- c:\documents and settings\matt\application data\Malwarebytes
    2011-11-25 13:24:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-11-25 13:24:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-25 13:24:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-25 13:03:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-24 01:47:21 -------- d-sha-r- C:\cmdcons
    2011-11-24 01:44:33 98816 ----a-w- c:\windows\sed.exe
    2011-11-24 01:44:33 518144 ----a-w- c:\windows\SWREG.exe
    2011-11-24 01:44:33 256000 ----a-w- c:\windows\PEV.exe
    2011-11-24 01:44:33 208896 ----a-w- c:\windows\MBR.exe
    2011-11-22 20:36:27 388096 ----a-r- c:\documents and settings\matt\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-15 02:12:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-15 02:10:13 -------- d-----w- c:\documents and settings\matt\local settings\application data\PCHealth
    2011-11-15 01:09:53 -------- d-----w- c:\windows\Temp99BCC305-EB38-5FD5-7FC0-6433AA13544D-Signatures
    2011-11-14 19:05:59 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll
    2011-11-14 19:04:59 514587 -c--a-w- c:\windows\system32\dllcache\edb500.dll
    2011-11-14 18:56:54 5632 -c--a-w- c:\windows\system32\dllcache\write.exe
    2011-11-14 18:27:34 86016 ----a-w- c:\windows\system32\sl_anet.acm
    2011-11-14 18:26:56 9216 -c--a-w- c:\windows\system32\dllcache\wshatm.dll
    2011-11-14 18:25:59 9936 -c--a-w- c:\windows\system32\dllcache\lzexpand.dll
    2011-11-14 13:51:03 21504 ----a-w- c:\windows\system32\hidserv.dll
    2011-11-14 13:44:24 85020 -c--a-w- c:\windows\system32\dllcache\dgsetup.dll
    2011-11-14 13:44:24 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-11-14 13:44:24 176157 -c--a-w- c:\windows\system32\dllcache\dgrpsetu.dll
    2011-11-14 13:44:23 15360 -c--a-w- c:\windows\system32\dllcache\taskman.exe
    2011-10-29 03:32:54 -------- d-----w- C:\ucd
    .
    ==================== Find3M ====================
    .
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
    .
    ============= FINISH: 15:17:48.65 ===============

    Where in Canada are you? I use to live in Calgary...
     
  12. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi Neoclassix,

    West Coast.

    All the ESET dections except one are either files we have quarantined or old System Restore points. These will be removed when we remove the tools.

    We'll remove the other detection and if everythong is ok we'l clean up the tools after you post back.

    Download OTL to your desktop.


    Next, Double click on OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :
    Code:
    :Services
     
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"=-
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}]
    [-HKEY_CLASSES_ROOT\TYPELIB\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}]
    [-HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}]
    [-HKEY_CLASSES_ROOT\TYPELIB\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}]
     
    :Files
    C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\npckimddijpniijmjjkloplcmbmhphpa
     
    :Commands
    [emptytemp]
    [createrestorepoint]
    
    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    • Reboot your computer
    Please post the fix OTL log.
     
  13. Neoclassix

    Neoclassix Thread Starter

    Joined:
    Nov 22, 2011
    Messages:
    18
    Oldtimer960 - West is best, the mountains are the nicest anywhere, I miss going to Banff and Lake Louise on the weekends for fishing and skiing.

    Anyway....Here is the log, I hope it looks good to you. so far I have not really driven it hard (banking, ebay, email etc...have been avoided on this machine) I am concerned about my laptop, I have transfered files from this machine to it in the past, I would not want to run into this issue with it. If there is any part of this process you would recommend me running on it I would appreciate any input.

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry key HKEY_CLASSES_ROOT\TYPELIB\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry key HKEY_CLASSES_ROOT\TYPELIB\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    ========== FILES ==========
    C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\npckimddijpniijmjjkloplcmbmhphpa folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: All Users.WINDOWS

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User.WINDOWS
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Home
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Matt
    ->Temp folder emptied: 172263 bytes
    ->Temporary Internet Files folder emptied: 14879289 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 566 bytes

    User: NetworkService
    ->Temp folder emptied: 4602 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Rebekah
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10664 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 14.00 mb

    Error: Unable to interpret <[createrestorepoint> in the current context!

    OTL by OldTimer - Version 3.2.31.0 log created on 11252011_200949
    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Matt\Local Settings\Temp\~DF2AB8.tmp not found!
    File\Folder C:\Documents and Settings\Matt\Local Settings\Temp\~DF2AC4.tmp not found!
    File\Folder C:\Documents and Settings\Matt\Local Settings\Temp\~DF2B7F.tmp not found!
    File\Folder C:\Documents and Settings\Matt\Local Settings\Temp\~DF2B8B.tmp not found!
    File\Folder C:\Documents and Settings\Matt\Local Settings\Temp\~DF2CB8.tmp not found!
    File\Folder C:\Documents and Settings\Matt\Local Settings\Temp\~DF2CC4.tmp not found!
    C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\JEMMN0SM\2659936541[1].html moved successfully.
    C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\G099BGM1\1028064-backdoor-win32-cycbot-b-detected[2].html moved successfully.
    C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\FJFBHX5K\si[1].htm moved successfully.
    C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\88GCVGMX\1499869[1].htm moved successfully.
    C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    Registry entries deleted on Reboot...
     
  14. oldman960

    oldman960

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi Neoclassix,

    You can post an OTL log and we can have a quick look at your other computer.



    From your desktop, please delete, if present
    • any notepads/logs that we created
    • DDS.scr
    • mbr.dat
    • mbr.zip
    • aswMBR.exe

    Next
    Click the Start button, click Run. Copy and paste the following line into the run box and click OK

    Combofix /uninstall



    Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

    I suggest you keep MBAM. Keep it updated and use it regularly.

    You can also keep TFC

    Updates and upgrades

    You have an older version of Adobe Reader. You can download the current version HERE

    You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

    Visit their support forum
    Foxit Forum

    In either case you should uninstall Adobe Reader 8.3.1 first. Be sure to move any PDF documents to another folder first though.


    Some Recommendations and prevention tips

    Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Add a firewall and a resident antispyware program to what you have.

    * If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

    Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)

    For resident antispware program I suggest either
    Spybot (with Teatimer enabled)

    OR

    Winpatrol

    You should also use Spyware Blaster to help immunize your computer.

    - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    OR

    A guide to understanding and using the hosts file.
    Learn how your Hosts file can protect you and how you can protect it.
    Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
    HOSTS


    Please read the info on disabling the DNS Client before installing a custom hosts file.


    -Secure your Internet Explorer


    From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


    - Keeping your Windows up-to-date is crucial to your computer's security. Please go to the http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us][color=blue"]Windows Update Site [/color][/url](using Internet Explorer) and download and install all critical updates on a regular basis

    - Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System > Automatic Updates tab

    - Keep your antivirus program updated, as well as any other security programs you have.

    -More tips and programs can be found HERE


    Please post back if you have any problems with these steps. You can also post an OTL log from your other computer.
    Thanks
     
  15. Neoclassix

    Neoclassix Thread Starter

    Joined:
    Nov 22, 2011
    Messages:
    18
    Oldtimer960:

    Sorry for delay in reply, My main system seems to be fine, thank-you! I downloaded OTL on my laptop, but it will not run for me. I tried the scan now and the quick scan. Both went to the scanning modules message then went into no response mode. I am running Vista on my laptop, does this make a difference?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - backdoor win32 cycbot
  1. Olddog20
    Replies:
    0
    Views:
    365
  2. Sumfeg
    Replies:
    0
    Views:
    1,220
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1028064

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice