1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unwanted 247 tech support

Discussion in 'Virus & Other Malware Removal' started by Susan_Home, Oct 19, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Susan_Home

    Susan_Home Thread Starter

    Joined:
    Oct 19, 2012
    Messages:
    10
    Hello All:
    247 PC help appeared after I opened an email message. OOPS

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:31:40 PM, on 10/19/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Documents and Settings\user\Application
    Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\PCPowerSpeed\PCPowerTray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\OnlineVault\OVTray.exe
    C:\Program Files\Inbox Toolbar\Inbox.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\24x7Help\App24x7Help.exe
    C:\PROGRA~1\REBATE~1\REBATE~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\24x7Help\App24x7Hook.exe
    C:\Program Files\24x7Help\App24x7Svc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\user\Application
    Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe
    C:\WINDOWS\system32\MDM.EXE
    C:\Program Files\Yahoo!\Companion\Installs\cpn5\ytbb.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\user\Desktop\HJT_Oct.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.yahoo.com/?fr=fp-yie8
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program
    Files\Outlook Express\msimn.exe"
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
    provided by Yahoo!
    R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -
    C:\PROGRA~1\INBOXT~1\Inbox.dll
    R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
    Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program
    Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: ShopAtHome - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Documents and
    Settings\user\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -
    C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
    Files\Java\jre7\bin\ssv.dll
    O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} -
    C:\PROGRA~1\REBATE~1\RebateI.dll
    O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -
    C:\PROGRA~1\INBOXT~1\Inbox.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com
    CouponBar\tbcore3.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program
    Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
    Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O3 - Toolbar: ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Documents
    and Settings\user\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -
    C:\PROGRA~1\INBOXT~1\Inbox.dll
    O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program
    Files\Coupons.com CouponBar\tbcore3.dll
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search
    Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java
    Update\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [ShopAtHomeWatcher] C:\Documents and Settings\user\Application
    Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
    O4 - HKLM\..\Run: [PCPowerSpeed] "C:\Program Files\PCPowerSpeed\PCPowerTray.exe" /startup
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Online Vault] "C:\Program Files\OnlineVault\OVTray.exe"
    O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio
    Studio\IntelAudioStudio.exe" BOOT
    O4 - HKLM\..\Run: [InboxToolbar] "C:\Program Files\Inbox Toolbar\Inbox.exe" /STARTUP
    O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software
    Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [24x7HELP] "C:\Program Files\24x7Help\App24x7Help.exe" /STARTUP
    O4 - HKCU\..\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program
    Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?11798
    56023843
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
    http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
    C:\PROGRA~1\INBOXT~1\Inbox.dll
    O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -
    C:\PROGRA~1\REBATE~1\RebateI.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -
    C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon -
    {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: 24x7HelpService (24x7HelpSvc) - PCRx.com, LLC - C:\Program
    Files\24x7Help\App24x7Svc.exe
    O23 - Service: COM+ System Application (COMSysApp) - Unknown owner -
    C:\WINDOWS\system32\dllhost.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation -
    C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner -
    C:\WINDOWS\system32\dllhost.exe (file missing)
    O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program
    Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 9045 bytes
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:31:40 PM, on 10/19/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Documents and Settings\user\Application
    Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\PCPowerSpeed\PCPowerTray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\OnlineVault\OVTray.exe
    C:\Program Files\Inbox Toolbar\Inbox.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\24x7Help\App24x7Help.exe
    C:\PROGRA~1\REBATE~1\REBATE~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\24x7Help\App24x7Hook.exe
    C:\Program Files\24x7Help\App24x7Svc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\user\Application
    Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe
    C:\WINDOWS\system32\MDM.EXE
    C:\Program Files\Yahoo!\Companion\Installs\cpn5\ytbb.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\user\Desktop\HJT_Oct.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.yahoo.com/?fr=fp-yie8
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program
    Files\Outlook Express\msimn.exe"
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
    provided by Yahoo!
    R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -
    C:\PROGRA~1\INBOXT~1\Inbox.dll
    R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
    Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program
    Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: ShopAtHome - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Documents and
    Settings\user\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -
    C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
    Files\Java\jre7\bin\ssv.dll
    O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} -
    C:\PROGRA~1\REBATE~1\RebateI.dll
    O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -
    C:\PROGRA~1\INBOXT~1\Inbox.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: TBSB07898 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com
    CouponBar\tbcore3.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program
    Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
    Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O3 - Toolbar: ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Documents
    and Settings\user\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -
    C:\PROGRA~1\INBOXT~1\Inbox.dll
    O3 - Toolbar: Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program
    Files\Coupons.com CouponBar\tbcore3.dll
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search
    Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java
    Update\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [ShopAtHomeWatcher] C:\Documents and Settings\user\Application
    Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
    O4 - HKLM\..\Run: [PCPowerSpeed] "C:\Program Files\PCPowerSpeed\PCPowerTray.exe" /startup
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Online Vault] "C:\Program Files\OnlineVault\OVTray.exe"
    O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio
    Studio\IntelAudioStudio.exe" BOOT
    O4 - HKLM\..\Run: [InboxToolbar] "C:\Program Files\Inbox Toolbar\Inbox.exe" /STARTUP
    O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software
    Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [24x7HELP] "C:\Program Files\24x7Help\App24x7Help.exe" /STARTUP
    O4 - HKCU\..\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program
    Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?11798
    56023843
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
    http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
    C:\PROGRA~1\INBOXT~1\Inbox.dll
    O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} -
    C:\PROGRA~1\REBATE~1\RebateI.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -
    C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon -
    {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: 24x7HelpService (24x7HelpSvc) - PCRx.com, LLC - C:\Program
    Files\24x7Help\App24x7Svc.exe
    O23 - Service: COM+ System Application (COMSysApp) - Unknown owner -
    C:\WINDOWS\system32\dllhost.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation -
    C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner -
    C:\WINDOWS\system32\dllhost.exe (file missing)
    O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program
    Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 9045 bytes

    ^^^^^
    DDS (Ver_2012-10-19.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.0
    Run by user at 14:32:45 on 2012-10-19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.272 [GMT -7:00]
    .
    AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
    .
    ============== Running Processes ================
    .
    C:\Program Files\Webroot\WRSA.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Documents and Settings\user\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\PCPowerSpeed\PCPowerTray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\OnlineVault\OVTray.exe
    C:\Program Files\Inbox Toolbar\Inbox.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\24x7Help\App24x7Help.exe
    C:\PROGRA~1\REBATE~1\REBATE~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\24x7Help\App24x7Hook.exe
    C:\Program Files\24x7Help\App24x7Svc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\user\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe
    C:\WINDOWS\system32\MDM.EXE
    C:\Program Files\Yahoo!\Companion\Installs\cpn5\ytbb.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.yahoo.com/
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uSearch Bar = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    uSearch Page = hxxp://www.yahoo.com
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    mStart Page = hxxp://search.coupons.com/
    uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
    uURLSearchHooks: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - c:\program files\inbox toolbar\Inbox.dll
    uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ShopAtHome.com Cash Back Helper: {66516A07-F617-488A-90CF-4E690CFB3C5F} - c:\documents and settings\user\application data\shopathome\shopathometoolbar\tbcore3U.dll
    BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - c:\program files\appgraffiti\AppGraffiti.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: <No Name>: {CCB69577-088B-4004-9ED8-FF5BCC83A039} - c:\program files\rebateinformer\RebateI.dll
    BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - c:\program files\inbox toolbar\Inbox.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\coupons.com couponbar\tbcore3.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
    TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\documents and settings\user\application data\shopathome\shopathometoolbar\tbcore3U.dll
    TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
    TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\coupons.com couponbar\tbcore3.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
    TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\documents and settings\user\application data\shopathome\shopathometoolbar\tbcore3U.dll
    TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - c:\program files\inbox toolbar\Inbox.dll
    TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\coupons.com couponbar\tbcore3.dll
    uRun: [RebateInformer] c:\progra~1\rebate~1\REBATE~1.EXE /STARTUP
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [ShopAtHomeWatcher] c:\documents and settings\user\application data\shopathome\shopathomehelper\ShopAtHomeWatcher.exe
    mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
    mRun: [PCPowerSpeed] "c:\program files\pcpowerspeed\PCPowerTray.exe" /startup
    mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
    mRun: [Online Vault] "c:\program files\onlinevault\OVTray.exe"
    mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT
    mRun: [InboxToolbar] "c:\program files\inbox toolbar\Inbox.exe" /STARTUP
    mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
    mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [24x7HELP] "c:\program files\24x7help\App24x7Help.exe" /STARTUP
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179856023843
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{FD9464C2-F89A-440D-97E9-DCF4008CF40B} : DHCPNameServer = 192.168.0.1
    Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\program files\inbox toolbar\Inbox.dll
    Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\program files\rebateinformer\RebateI.dll
    Notify: igfxcui - igfxdev.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\19mzsd6x.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ushdl&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ushdl&p=
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-8-17 112656]
    R2 24x7HelpSvc;24x7HelpService;c:\program files\24x7help\App24x7Svc.exe [2012-10-16 394392]
    R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2012-8-17 726472]
    .
    =============== Created Last 30 ================
    .
    2012-10-19 18:45:31 -------- d-----w- C:\Lore_19_Oct_2012
    2012-10-16 22:38:30 -------- d-----w- c:\documents and settings\user\application data\Toolbar4
    2012-10-16 22:38:28 -------- d-----w- c:\program files\Coupons.com CouponBar
    2012-10-16 22:38:09 230840 ----a-r- c:\windows\system32\cpnprt2.cid
    2012-10-16 22:38:06 -------- d-----w- c:\program files\Coupons
    2012-10-16 22:27:33 -------- d-----w- c:\documents and settings\user\application data\RebateInformer
    2012-10-16 22:27:33 -------- d-----w- c:\documents and settings\user\application data\AppGraffiti
    2012-10-16 22:27:16 -------- d-----w- c:\program files\AppGraffiti
    2012-10-16 22:27:14 -------- d-----w- c:\documents and settings\user\application data\OnlineVault
    2012-10-16 22:27:11 -------- d-----w- c:\program files\OnlineVault
    2012-10-16 22:27:06 -------- d-----w- c:\documents and settings\user\application data\PCPowerSpeed
    2012-10-16 22:27:05 -------- d-----w- c:\documents and settings\all users\application data\PCPowerSpeed
    2012-10-16 22:27:04 -------- d-----w- c:\program files\PCPowerSpeed
    2012-10-16 22:27:00 -------- d-----w- c:\program files\Inbox.com
    2012-10-16 22:26:59 -------- d-----w- c:\program files\RebateInformer
    2012-10-16 22:26:57 -------- d-----w- c:\documents and settings\user\application data\24x7 Help
    2012-10-16 22:26:53 -------- d-----w- c:\program files\24x7Help
    2012-10-16 22:23:52 -------- d-----w- c:\documents and settings\user\application data\Inbox Toolbar
    2012-10-16 22:23:50 -------- d-----w- c:\program files\Inbox Toolbar
    2012-10-16 22:18:22 -------- d-----w- c:\documents and settings\user\application data\ShopAtHome
    .
    ==================== Find3M ====================
    .
    2012-10-12 23:35:52 72104 ----a-w- c:\windows\CouponPrinter.ocx
    2012-10-12 15:37:16 150712 ----a-w- c:\windows\system32\WRusr.dll
    2012-10-12 15:37:16 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys
    2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
    2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-17 21:11:48 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-17 21:11:48 687600 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-17 21:11:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
    .
    ============= FINISH: 14:33:34.98 ===============
    ^^^^
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/18/2007 4:38:32 PM
    System Uptime: 10/19/2012 2:14:16 PM (0 hours ago)
    .
    Motherboard: Intel Corporation | | D945GCZ
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2799/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 216.128 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1339: 7/21/2012 1:56:01 PM - System Checkpoint
    RP1340: 7/22/2012 4:20:07 PM - System Checkpoint
    RP1341: 7/23/2012 5:06:07 PM - System Checkpoint
    RP1342: 7/25/2012 6:29:09 AM - System Checkpoint
    RP1343: 7/26/2012 1:26:37 PM - System Checkpoint
    RP1344: 7/27/2012 3:57:34 PM - System Checkpoint
    RP1345: 7/30/2012 6:38:57 AM - System Checkpoint
    RP1346: 7/31/2012 6:56:51 AM - System Checkpoint
    RP1347: 8/1/2012 7:35:47 AM - System Checkpoint
    RP1348: 8/2/2012 9:42:41 AM - System Checkpoint
    RP1349: 8/3/2012 3:47:48 PM - System Checkpoint
    RP1350: 8/4/2012 4:22:16 PM - System Checkpoint
    RP1351: 8/6/2012 6:29:55 AM - System Checkpoint
    RP1352: 8/7/2012 7:42:10 AM - System Checkpoint
    RP1353: 8/8/2012 7:58:34 AM - System Checkpoint
    RP1354: 8/9/2012 9:06:49 AM - System Checkpoint
    RP1355: 8/10/2012 10:23:11 AM - System Checkpoint
    RP1356: 8/11/2012 10:57:22 AM - System Checkpoint
    RP1357: 8/13/2012 6:21:15 AM - System Checkpoint
    RP1358: 8/14/2012 6:41:59 AM - System Checkpoint
    RP1359: 8/15/2012 6:54:53 AM - System Checkpoint
    RP1360: 8/16/2012 7:19:20 AM - System Checkpoint
    RP1361: 8/16/2012 3:58:11 PM - Software Distribution Service 3.0
    RP1362: 8/17/2012 12:31:10 PM - Removed Bing Bar
    RP1363: 8/17/2012 12:50:00 PM - Removed Java(TM) 6 Update 11
    RP1364: 8/17/2012 12:51:48 PM - Removed Java(TM) 6 Update 3
    RP1365: 8/17/2012 12:53:10 PM - Removed Java(TM) 6 Update 7
    RP1366: 8/17/2012 2:11:43 PM - Installed Java(TM) 7 Update 5
    RP1367: 8/18/2012 3:26:41 PM - System Checkpoint
    RP1368: 8/20/2012 6:06:04 AM - System Checkpoint
    RP1369: 8/21/2012 6:07:45 AM - System Checkpoint
    RP1370: 8/22/2012 6:09:25 AM - System Checkpoint
    RP1371: 8/23/2012 10:08:46 AM - System Checkpoint
    RP1372: 8/25/2012 1:21:35 PM - System Checkpoint
    RP1373: 8/26/2012 1:54:49 PM - System Checkpoint
    RP1374: 8/27/2012 2:34:19 PM - System Checkpoint
    RP1375: 8/28/2012 4:07:13 PM - System Checkpoint
    RP1376: 8/30/2012 3:55:22 PM - System Checkpoint
    RP1377: 8/31/2012 4:26:57 PM - System Checkpoint
    RP1378: 9/1/2012 4:43:08 PM - System Checkpoint
    RP1379: 9/2/2012 5:02:01 PM - System Checkpoint
    RP1380: 9/4/2012 5:54:25 AM - System Checkpoint
    RP1381: 9/5/2012 6:06:34 AM - System Checkpoint
    RP1382: 9/6/2012 7:35:30 AM - System Checkpoint
    RP1383: 9/7/2012 8:52:00 AM - System Checkpoint
    RP1384: 9/9/2012 3:23:42 PM - System Checkpoint
    RP1385: 9/10/2012 3:56:18 PM - System Checkpoint
    RP1386: 9/11/2012 4:16:39 PM - System Checkpoint
    RP1387: 9/12/2012 7:33:49 AM - Software Distribution Service 3.0
    RP1388: 9/13/2012 1:17:26 PM - System Checkpoint
    RP1389: 9/14/2012 2:02:15 PM - System Checkpoint
    RP1390: 9/15/2012 2:53:58 PM - System Checkpoint
    RP1391: 9/16/2012 3:08:52 PM - System Checkpoint
    RP1392: 9/17/2012 3:17:55 PM - System Checkpoint
    RP1393: 9/18/2012 4:35:30 PM - System Checkpoint
    RP1394: 9/19/2012 5:34:23 PM - System Checkpoint
    RP1395: 9/21/2012 6:28:31 PM - System Checkpoint
    RP1396: 9/22/2012 7:21:29 AM - Software Distribution Service 3.0
    RP1397: 9/23/2012 9:28:56 AM - System Checkpoint
    RP1398: 9/24/2012 4:00:03 PM - System Checkpoint
    RP1399: 9/26/2012 5:35:15 AM - System Checkpoint
    RP1400: 9/27/2012 12:29:08 PM - System Checkpoint
    RP1401: 9/28/2012 7:17:41 PM - System Checkpoint
    RP1402: 9/30/2012 5:42:36 PM - System Checkpoint
    RP1403: 10/2/2012 6:24:28 AM - System Checkpoint
    RP1404: 10/3/2012 6:38:56 AM - System Checkpoint
    RP1405: 10/4/2012 10:38:59 AM - System Checkpoint
    RP1406: 10/5/2012 6:48:34 PM - System Checkpoint
    RP1407: 10/6/2012 7:27:38 PM - System Checkpoint
    RP1408: 10/7/2012 7:34:30 PM - System Checkpoint
    RP1409: 10/8/2012 7:37:52 PM - System Checkpoint
    RP1410: 10/10/2012 6:12:05 AM - System Checkpoint
    RP1411: 10/10/2012 8:18:39 AM - Software Distribution Service 3.0
    RP1412: 10/11/2012 1:51:58 PM - System Checkpoint
    RP1413: 10/12/2012 3:50:25 PM - System Checkpoint
    RP1414: 10/13/2012 4:47:42 PM - System Checkpoint
    RP1415: 10/14/2012 4:55:21 PM - System Checkpoint
    RP1416: 10/16/2012 6:30:03 AM - System Checkpoint
    RP1417: 10/17/2012 6:43:57 AM - System Checkpoint
    RP1418: 10/18/2012 7:22:04 AM - System Checkpoint
    RP1419: 10/19/2012 8:21:46 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    24x7 Help
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.4)
    AppGraffiti
    ArcSoft PhotoStudio 5.5
    Coupon Printer for Windows
    CouponBar
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Photo Creations
    HP Photosmart Plus B210 series Basic Device Software
    HP Photosmart Plus B210 series Help
    HP Photosmart Plus B210 series Product Improvement Study
    HP Update
    Inbox Toolbar
    Intel Audio Studio
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Java Auto Updater
    Java(TM) 7 Update 5
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB2604042)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Disc 2
    Microsoft Office 2000 SR-1 Small Business
    Microsoft Works
    Mozilla Firefox (2.0.0.9)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    MSXML 6.0 Parser (KB933579)
    OmniPage SE 2.0
    Online Vault
    PC Power Speed 1.1.0.33
    RebateInformer
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    ShopAtHome.com Helper
    ShopAtHome.com Toolbar
    SigmaTel Audio
    SoftV92 Data Fax Modem with SmartCP
    Symantec Technical Support Web Controls
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982664)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Webroot SecureAnywhere
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Presentation Foundation
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Install Manager
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/19/2012 2:14:38 PM, error: Dhcp [1002] - The IP address lease xy.abc.d.efg [ altered for security ] for the Network Card with network address 001320896487 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    10/19/2012 11:55:36 AM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The system cannot find the file specified.
    10/19/2012 11:54:09 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
    10/19/2012 11:53:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip
    10/19/2012 11:52:06 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
    10/19/2012 11:49:30 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    10/19/2012 11:49:30 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    10/19/2012 11:45:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    10/19/2012 11:45:31 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    10/19/2012 11:45:31 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/19/2012 11:45:31 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/19/2012 11:45:31 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    10/19/2012 11:45:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/19/2012 11:44:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/19/2012 11:44:31 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    .
    ==== End Of File ===========================


    ^^^^
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-10-19 14:34:51
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
    WDC_WD2500JS-00NCB1 rev.10.02E02
    Running: f1xsno6o.exe; Driver: C:\DOCUME~1\LOREBE~1\LOCALS~1\Temp\uftdqpoc.sys

    ---- System - GMER 1.0.15 ----
    SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateKey
    [0xF7449FB2]
    SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
    ZwEnumerateValueKey [0xF744A340]
    ---- Devices - GMER 1.0.15 ----
    Device \Driver\atapi \Device\Ide\IdePort0 [F7398B40]
    atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP;
    PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7398B40]
    atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP;
    PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F7398B40]
    atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP;
    PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [F7398B40]
    atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP;
    PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7398B40]
    atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP;
    PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [F7398B40]
    atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP;
    PUSH EAX}
    Device \FileSystem\Ntfs \Ntfs 86D471E8
    AttachedDevice \Driver\Tcpip \Device\Ip WRkrn.sys
    (Webroot SecureAnywhere/Webroot)
    AttachedDevice \Driver\Tcpip \Device\Tcp WRkrn.sys
    (Webroot SecureAnywhere/Webroot)
    AttachedDevice \Driver\Tcpip \Device\Udp WRkrn.sys
    (Webroot SecureAnywhere/Webroot)
    AttachedDevice \Driver\Tcpip \Device\RawIp WRkrn.sys
    (Webroot SecureAnywhere/Webroot)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 WRkrn.sys
    (Webroot SecureAnywhere/Webroot)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 WRkrn.sys
    (Webroot SecureAnywhere/Webroot)
    ---- EOF - GMER 1.0.15 ----


    Edited because I forgot the GMER scan results.

    Thank you.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,894
    First Name:
    Derek
    have you tried to uninstall 24x7 Help from add/remove programs

    then
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  3. Susan_Home

    Susan_Home Thread Starter

    Joined:
    Oct 19, 2012
    Messages:
    10
    Dear dvk01:
    No, I have not tried to uninstall 247. I think that I read that we're supposed to wait for a tech guy forum expert's instructions.

    Do you want me to uninstall it from Add or Remove programs in the control panel, some other method? Please provide instructions if you want me to use another method.

    Do you want me to run AdwCleaner before or after I attempt to uninstall 247?

    Thank you, dvk01.

    Susan
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,894
    First Name:
    Derek
    use add remove programs to try to uninstsall it & any other unwanted software first then run adware cleaner so we can get any left overs
     
  5. Susan_Home

    Susan_Home Thread Starter

    Joined:
    Oct 19, 2012
    Messages:
    10
    I would like to keep:
    Coupon Printer

    Coupon Bar

    ShopAtHome toolbar


    # AdwCleaner v2.005 - Logfile created 10/19/2012 at 16:52:05
    # Updated 14/10/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : user - User
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\user\Desktop\AdwCleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Found : C:\DOCUME~1\user\LOCALS~1\Temp\Uninstall.exe
    File Found : C:\WINDOWS\system32\f3PSSavr.scr
    Folder Found : C:\Documents and Settings\user\Application Data\Toolbar4
    Folder Found : C:\Program Files\FunWebProducts
    Folder Found : C:\Program Files\MyWebSearch
    ***** [Registry] *****
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKCU\Software\TBSB07898
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
    Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
    Key Found : HKLM\SOFTWARE\Classes\Inbox.AppServer
    Key Found : HKLM\SOFTWARE\Classes\Inbox.IBX404
    Key Found : HKLM\SOFTWARE\Classes\Inbox.JSServer
    Key Found : HKLM\SOFTWARE\Classes\Inbox.Toolbar
    Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
    Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
    Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
    Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
    Key Found : HKLM\Software\FocusInteractive
    Key Found : HKLM\Software\Fun Web Products
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
    Key Found : HKLM\Software\MyWebSearch
    Key Found : HKU\S-1-5-21-1511151947-3321247907-2486718597-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Found : HKU\S-1-5-21-1511151947-3321247907-2486718597-1005\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Key Found : HKU\S-1-5-21-1511151947-3321247907-2486718597-1005\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.6001.18702
    [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    -\\ Mozilla Firefox v2.0.0.9 (en-US)
    Profile name : default
    File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\19mzsd6x.default\prefs.js
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [11032 octets] - [19/10/2012 16:52:05]
    ########## EOF - C:\AdwCleaner[R1].txt - [11093 octets] ##########
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,894
    First Name:
    Derek
    in that case first of all

    attempt to unistall these from add/remove programs


    24x7 Help
    Inbox Toolbar
    Online Vault
    PC Power Speed 1.1.0.33
    RebateInformer

    reboot afterwards & then
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  7. Susan_Home

    Susan_Home Thread Starter

    Joined:
    Oct 19, 2012
    Messages:
    10
    dvk01:

    Thanks

    I uninstalled from add or remove programs.
    24x7 Help
    Inbox Toolbar
    Online Vault
    PC Power Speed 1.1.0.33
    RebateInformer

    No previous ComboFix instances have been installed.

    The link you provided, for which I am grateful, does not address the anti malware program installed on my computer, WebrootSecureAnyware, WRSA. I tried Google but found nothing specific. 1 thread at Webroot's support site suggests unstalling WRSA.

    Oh well.

    Susan_Home
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,894
    First Name:
    Derek
    Click on webroot icon on computer task bar and select exit
    then you can run combofix
     
  9. Susan_Home

    Susan_Home Thread Starter

    Joined:
    Oct 19, 2012
    Messages:
    10
    dvk01:
    I tried that. No joy.
    Also, using the system config utility, I disabled all non Microsoft services and everything on the startup tab. Rebooted. No joy.

    I also used Bing to search the following terms:
    disable webrootsecureanywhere combofix

    and

    "disable webrootsecureanywhere" combofix

    Do you have additional suggestions? I'm sorry that this issue has caused problems.
     
  10. Susan_Home

    Susan_Home Thread Starter

    Joined:
    Oct 19, 2012
    Messages:
    10
    I looked at services.msc , but didn't find any webroot services.
     
  11. Susan_Home

    Susan_Home Thread Starter

    Joined:
    Oct 19, 2012
    Messages:
    10
    Using the WRSA GUI, I disabled everything; rebooted, no joy.

    I renamedc c:\program files\webroot\WRSA.exe to

    c:\program files\webroot\WRSA.xex

    rebooted

    No joy.

    sigh
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,894
    First Name:
    Derek
    does combofix run or is it being blocked
    if combofix is warning that webroot is running, ignore it & run combofix
     
  13. Susan_Home

    Susan_Home Thread Starter

    Joined:
    Oct 19, 2012
    Messages:
    10
    dvk01:
    Thanks for the guidance.

    I received a warning to proceed at my own risk, but, per your statement:
    "if combofix is warning that webroot is running, ignore it & run combofix" , Combofix was run. ComboFix informed me that a newer version was available. I accepted ComboFix's offer to update.

    Here's the log.
    ComboFix 12-10-21.02 - user 10/21/2012 20:56:19.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.695 [GMT -7:00]
    Running from: c:\documents and settings\user\Desktop\username123.exe
    AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\data\default\us_sres.data
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Default user\WINDOWS
    c:\documents and settings\user\Application Data\Toolbar4
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0533ddea046b79382344642507f45004
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\09243a7e0d5263f96fccb70e16bb0476
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0b9a7a3e0c1c165779dd33b229048b21
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0c74e33c6b89503129478a0eae095b4d
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0e1466e34ff25e57fa813d21ebfe7cf6
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\0fb67f15ee619bf63699876db03ab661
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\2612ed9846214cbf7e954476bb044b3b
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\323af8f156d5bb22bb38cd2ce83959de
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\36402215e280142e9fec69a27ce97d32
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\3739298d2bc9d6b94dadd7b19b48ecb3
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\476905aa92e1c9a617bd41ce5318660f
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4d2e45ddaef75a6d2c9afdbc763c3752
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\4e2d5ba12b0ed08ba8960c3e874a01cb
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\560ff84a7533e0f37b61b702a5403538
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\59a443f04bf13d1170b3dfc61f51b928
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5bc8ebf64906d196c815a3f28ee7be81
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5dcc33988f89c01e09411de1fadabde2
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5e4a0304a53d72265f5f470649d2f616
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\5fceefa5d8207202cd84891c2e491f65
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\753df778c49000ceb420710ab27250f3
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\7aab54a686f169a739561ca08b97d70b
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\829a174ff56578e2e86c6ea74ceac599
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\8c192effd1339f8e52b7695d8409b038
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\97be6f9cdebaa8074491269ce024994b
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\9ac01b227ded0862f1cacbfb3aa57c30
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a03f31127270e5ec9c753d5978824827
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\a0c60a9410bfbe84abdf5e97d0c4c25b
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\aa65030026dd406f81e1d2f100fe7920
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b4129101a6dd1056cc66cb8ee0ed07cb
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b576b7d306b9484794e87c4894171e9c
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\b8cb931520574f1fbe2d6a417ab188a3
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cadd36508a4b8f2e96e6251f59441e6d
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\cf00f968a680ae7de4f426758f29e399
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\d210e926e7fc2fc8277b03dcf0f51bf7
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\dd63f857ccdda3776635728c6e9c9da5
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\df93d78ff74b9089b7e56bad7abf8d54
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e0274c4eebf32d7d1bf0e38726e4ea71
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\e676561c84d9a41ec2ac1b9379b89748
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fdcfc40763b6755ae687e945adb4dba4
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\fe98d58b0232c74e3b47d141e87aaa18
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\cache\merchant_notification
    c:\documents and settings\user\Application Data\Toolbar4\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\include_files\879ecc39d0be00e1ba71e4872c078138
    c:\documents and settings\user\WINDOWS
    c:\program files\FunWebProducts
    c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
    c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
    c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
    c:\program files\FunWebProducts\Installr\Cache\00531A1B.exe
    c:\program files\FunWebProducts\Installr\Cache\files.ini
    c:\program files\FunWebProducts\Installr\setups\mwsbarSp.exe
    c:\program files\MyWebSearch
    c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    c:\program files\MyWebSearch\bar\Settings\s_pid.dat
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-16 22:38 . 2012-10-16 22:38 230840 ----a-r- c:\windows\system32\cpnprt2.cid
    2012-10-16 22:38 . 2012-10-16 22:38 -------- d-----w- c:\program files\Coupons
    2012-10-16 22:18 . 2012-10-16 22:18 -------- d-----w- c:\documents and settings\user\Application Data\ShopAtHome
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-12 23:35 . 2012-01-30 05:25 72104 ----a-w- c:\windows\CouponPrinter.ocx
    2012-10-12 15:37 . 2012-08-17 21:00 150712 ----a-w- c:\windows\system32\WRusr.dll
    2012-10-12 15:37 . 2012-08-17 21:00 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys
    2012-08-28 15:14 . 2007-05-18 23:27 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14 . 2007-05-18 23:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14 . 2007-05-18 23:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2007-05-18 23:24 385024 ----a-w- c:\windows\system32\html.iec
    2012-08-24 13:53 . 2007-05-18 23:27 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 13:33 . 2007-05-18 23:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-21 12:58 . 2007-05-18 23:29 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-17 21:11 . 2012-08-17 21:12 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-17 21:11 . 2010-05-12 19:44 687600 ----a-w- c:\windows\system32\deployJava1.dll
    2007-10-26 05:47 . 2007-11-06 23:46 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2007-10-26 05:47 . 2007-11-06 23:46 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2007-10-26 05:47 . 2007-11-06 23:46 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2007-10-26 05:47 . 2007-11-06 23:46 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2007-10-26 05:47 . 2007-11-06 23:46 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_user\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn5\yt.dll" [2012-06-11 1524056]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}]
    2012-10-01 16:29 2573240 ----a-w- c:\documents and settings\user\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\documents and settings\user\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2012-10-01 2573240]
    "{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files\Coupons.com CouponBar\tbcore3.dll" [2012-10-12 2701752]
    .
    [HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
    [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
    .
    [HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
    .
    [HKEY_CURRENT_user\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\documents and settings\user\Application Data\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2012-10-01 2573240]
    "{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files\Coupons.com CouponBar\tbcore3.dll" [2012-10-12 2701752]
    .
    [HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
    [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
    .
    [HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2004-08-10 18:04 59392 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2005-04-25 17:29 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 20:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2005-04-25 17:32 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
    2006-12-06 20:37 9138176 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
    2003-05-08 18:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2005-04-25 17:32 114688 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShopAtHomeWatcher]
    2012-10-01 16:30 103864 ----a-w- c:\documents and settings\user\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
    2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "LiveUpdate Notice Service"=2 (0x2)
    "LiveUpdate"=3 (0x3)
    "Automatic LiveUpdate Scheduler"=2 (0x2)
    "YahooAuservice"=2 (0x2)
    "WRSVC"=2 (0x2)
    "SwPrv"=3 (0x3)
    "idsvc"=3 (0x3)
    "COMSysApp"=3 (0x3)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Outlook Express\\msimn.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/10/2007 11:45 AM 685816]
    R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [8/17/2012 2:00 PM 112656]
    S4 WRSVC;WRSVC;"c:\program files\Webroot\WRSA.exe" -service --> c:\program files\Webroot\WRSA.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.yahoo.com/
    mStart Page = hxxp://search.coupons.com/
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\19mzsd6x.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ushdl&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ushdl&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-WRSVC - c:\program files\Webroot\WRSA.exe
    MSConfigStartUp-SigmatelSysTrayApp - sttray.exe
    MSConfigStartUp-WRSVC - c:\program files\Webroot\WRSA.exe
    AddRemove-WRUNINST - c:\program files\Webroot\WRSA.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-21 21:01
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-10-21 21:02:45
    ComboFix-quarantined-files.txt 2012-10-22 04:02
    .
    Pre-Run: 232,070,008,832 bytes free
    Post-Run: 232,417,730,560 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
    .
    - - End Of File - - 747F20D8600140D543DD37CF9E246902
     
  14. Susan_Home

    Susan_Home Thread Starter

    Joined:
    Oct 19, 2012
    Messages:
    10
    dvk01:
    Following a shut down and then rebooting my computer, the computer seems to function to my satisfaction.

    I'll wait for your analysis of the ComboFix log.

    Thanks.
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,894
    First Name:
    Derek
    nothing else obvious there so
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1073324

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice