TechSpot

Redirect 1/Virus and Malware Removal

By donlew
Dec 27, 2010
  1. firefox browser redirects to scour and other such sites. i've followed all preliminary removal instructions.

    mbam log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5402

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    12/27/2010 5:06:12 AM
    mbam-log-2010-12-27 (05-06-12).txt

    Scan type: Quick scan
    Objects scanned: 159554
    Time elapsed: 4 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 22
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 21
    Files Infected: 14

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{A9722A0D-365F-47D2-B70B-37D046316D99} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\programdata\577444569 (Rogue.Multiple) -> Quarantined and deleted successfully.
    c:\Users\ms. kris\AppData\Roaming\systemproc (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\program files (x86)\f3setupinstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    c:\sysmon\asex02886 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
    c:\sysmon\cvhc13007 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
    c:\sysmon\dwhd23007 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
    c:\sysmon\fxje2411 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
    c:\sysmon\gbkg3521 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
    c:\sysmon\icmh3522 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
    c:\sysmon\idmi3522 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
    c:\sysmon\lgqlh63318 (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\sysmon\smwrn06641 (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\sysmon\flvdirect (Adware.Dropper) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Users\ms. kris\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\ms. kris\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\ms. kris\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\ms. kris\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\program files (x86)\f3setupinstall\f3initialsetup1.0.1.1.inf (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\3.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\3.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\funwebproducts\Installr\3.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    c:\program files (x86)\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
     
  2. donlew

    donlew TS Rookie Topic Starter

    [Redirect 2]Virus and Malware Removal

    dds.txt:

    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Ms. Kris at 7:00:03.82 on Mon 12/27/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2249 [GMT -6:00]

    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
    C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\PROGRA~2\Raptr\raptr.exe
    C:\PROGRA~2\Raptr\raptr_im.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Users\Ms. Kris\Desktop\gmer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Ms. Kris\Desktop\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101120012427.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [SvUpdate] C:\Users\Ms. Kris\AppData\Roaming\WindowsNT\svupdate.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [EPSON NX300 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJA.EXE /FU "C:\Windows\TEMP\E_SA3DF.tmp" /EF "HKCU"
    uRun: [Rename MP3 Files] "C:\Program Files (x86)\Rename MP3 Files\RenameMp3Files.exe" /minimized
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Copy to &Lightning Note - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
    IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper200711281.dll
    DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\System32\dxva232.dll, C:\Windows\System32\dfscli32.dll, C:\Windows\System32\dmrc32.dll, C:\Windows\System32\efsadu32.dll, C:\Windows\System32\crypt3232.dll, C:\Windows\System32\DHCPQEC32.dll, C:\Windows\System32\dmusic32.dll, C:\Windows\System32\EhStorAPI32.dll, C:\Windows\System32\cryptdlg32.dll, C:\Windows\System32\dhcpsapi32.dll, C:\Windows\System32\dmusic3232.dll, C:\Windows\System32\bt8o9smhlbdf2332.dll, C:\Windows\System32\cryptsvc32.dll, C:\Windows\System32\1x6hpgoq4p2z3c32.dll, C:\Windows\System32\zg1ywxt32.dll, C:\Windows\System32\p6uati9izc32.dll, C:\Windows\System32\2qnhl4d332.dll, C:\Windows\System32\2v69glcph32.dll, C:\Windows\System32\wi8jodt632.dll, C:\Windows\System32\h0f4t108er9c32.dll, C:\Windows\System32\dhcpcsvc632.dll, C:\Windows\System32\comcat32.dll, C:\Windows\System32\apircl32.dll, C:\Windows\System32\comctl3232.dll, C:\Windows\System32\asferror32.dll, C:\Windows\System32\comres32.dll, C:\Windows\System32\xzao0x32.dll, C:\Windows\System32\by484f32.dll, C:\Windows\System32\t2ofl4tf0bb32.dll, C:\Windows\System32\xdjqm43r32.dll, C:\Windows\system32\cewmdm32.dll, C:\Windows\system32\DevicePairing32.dll, C:\Windows\system32\CHxReadingStringIME32.dll, C:\Windows\system32\DevicePairingFolder32.dll, C:\Windows\system32\clb32.dll, C:\Windows\system32\DevicePairingHandler32.dll, C:\Windows\system32\DevicePairingHandler32.dllxia5rfe32.dll, C:\Windows\system32\DevicePairingHandler32.dllxia5rfe32.dllrxaa1e0o6o32.dll, C:\Windows\system32\DevicePairingHandler32.dllxia5rfe32.dllrxaa1e0o6o32.dlle8lbjrv7l32.dll, C:\Windows\system32\DevicePairingHandler32.dllxia5rfe32.dllrxaa1e0o6o32.dlle8lbjrv7l32.dll902ad32.dll
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101109200511.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    mRun-x64: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
    mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\MS0E9D~1.KRI\AppData\Roaming\Mozilla\Firefox\Profiles\okdj2pwy.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll
    FF - plugin: C:\Users\Ms. Kris\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: C:\Users\Ms. Kris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Ms. Kris\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-3-30 529128]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-3-30 283360]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-3-30 75032]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-6-13 355440]
    R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-6-13 355440]
    R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-6-13 355440]
    R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-6-13 355440]
    R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-3-30 200056]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-3-30 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-3-30 149032]
    R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-9-8 288256]
    R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-9-8 1034752]
    R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-9-8 485376]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-3-30 62800]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-3-30 190136]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-3-30 441328]
    R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-16 135664]
    S2 MSMQSVC;Message Queuing Service;C:\Windows\system32\mqsv32.exe --> C:\Windows\system32\mqsv32.exe [?]
    S2 WaveQoS;Windows Audio Video Experience;C:\Windows\system32\QWAVE32.exe --> C:\Windows\system32\QWAVE32.exe [?]
    S2 WdiSrvHost;Wdi Service Host;C:\Windows\system32\wdisrvac.exe --> C:\Windows\system32\wdisrvac.exe [?]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-3-30 94864]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-7 1255736]
    S4 mfetdi2k;McAfee Inc. mfetdi2k;C:\Windows\System32\drivers\mfetdi2k.sys [2010-3-30 107096]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== Created Last 30 ================

    2010-12-27 10:59:03 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Roaming\Malwarebytes
    2010-12-27 10:58:38 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-27 10:58:37 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-12-27 10:58:35 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-27 10:58:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-12-27 10:15:51 388096 ----a-r- C:\Users\MS0E9D~1.KRI\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-27 10:15:50 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2010-12-27 10:05:21 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2010-12-27 09:51:59 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
    2010-12-27 09:51:29 -------- d-----w- C:\PROGRA~3\Hitman Pro
    2010-12-24 19:42:10 -------- d-----w- C:\Program Files (x86)\FrostWire
    2010-12-24 14:45:12 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{FC62F1B0-3904-42B3-A40F-B640BECE8153}\mpengine.dll
    2010-12-16 08:45:14 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
    2010-12-16 08:42:46 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Local\Turbine
    2010-12-16 05:30:37 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
    2010-12-16 05:30:37 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2010-12-16 05:29:58 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Local\ApplicationHistory
    2010-12-16 05:27:51 -------- d-----w- C:\Windows\SysWow64\URTTEMP
    2010-12-16 05:12:05 -------- d-----w- C:\Program Files (x86)\Turbine
    2010-12-15 07:04:21 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Local\Wicked_Interactive_LTD
    2010-12-15 06:56:01 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Local\PMB Files
    2010-12-15 06:55:58 -------- d-----w- C:\PROGRA~3\PMB Files
    2010-12-15 06:55:32 -------- d-----w- C:\Program Files (x86)\Pando Networks
    2010-12-14 00:35:42 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Roaming\NPLUTO Corporation
    2010-12-13 20:11:59 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Local\Unity
    2010-12-13 19:53:10 -------- d-----w- C:\Program Files (x86)\Vuze
    2010-12-13 19:34:44 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Local\DOSBox
    2010-12-11 22:41:14 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
    2010-12-05 18:07:31 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Roaming\VendelGAMES
    2010-12-02 19:20:44 -------- d-----w- C:\Windows\Be Rich

    ==================== Find3M ====================

    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
    2010-10-14 04:28:54 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2010-10-14 04:28:54 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2010-10-14 04:28:54 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2010-10-14 04:28:54 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2010-10-14 04:28:54 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2010-10-14 04:28:54 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2010-10-14 04:28:54 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2010-10-14 04:28:54 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2010-10-14 04:28:54 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

    ============= FINISH: 7:00:21.87 ===============
     
  3. donlew

    donlew TS Rookie Topic Starter

    [Redirect 3/Virus and Malware Removal

    gmer log:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-27 06:44:47
    Windows 6.1.7600
    Running: gmer.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDE 0xBF 0x34 0x8B ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0x46 0x48 0x74 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x66 0xAF 0xA0 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x75 0x88 0x72 0xA6 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0x46 0x48 0x74 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x66 0xAF 0xA0 ...
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Ms. Kris\Desktop\Vuze downloads\{BigFish}Frank Baum\x2019s The Wonderful Wizard of Oz[H33T][Cybertek]\L Frank Baum's The Wonderful Wizard Of Oz.exe 1

    ---- EOF - GMER 1.0.15 ----
     
  4. donlew

    donlew TS Rookie Topic Starter

    [Redirect 4/Virus and Malware Removal

    attach.txt:

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/14/2010 9:55:40 PM
    System Uptime: 12/27/2010 5:07:26 AM (2 hours ago)

    Motherboard: PEGATRON CORPORATION | | Narra6
    Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 3000/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 585 GiB total, 448.807 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.622 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (NTFS) - 465 GiB total, 130.916 GiB free.
    K: is CDROM (UDF)
    L: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Data Interface
    Device ID: USB\VID_12D1&PID_1802&MI_01\6&3059E28A&0&0001
    Manufacturer:
    Name: Data Interface
    PNP Device ID: USB\VID_12D1&PID_1802&MI_01\6&3059E28A&0&0001
    Service:

    Class GUID:
    Description: Data Interface
    Device ID: USB\VID_12D1&PID_1802&MI_02\6&3059E28A&0&0002
    Manufacturer:
    Name: Data Interface
    PNP Device ID: USB\VID_12D1&PID_1802&MI_02\6&3059E28A&0&0002
    Service:

    ==== System Restore Points ===================

    RP219: 12/17/2010 4:35:06 PM - Windows Update
    RP220: 12/18/2010 3:00:17 AM - Windows Update
    RP221: 12/21/2010 6:00:18 PM - Windows Update
    RP222: 12/24/2010 12:09:49 AM - Installed HiJackThis
    RP223: 12/24/2010 8:44:55 AM - Windows Update
    RP224: 12/24/2010 11:41:25 AM - Removed HiJackThis
    RP225: 12/27/2010 4:15:15 AM - Installed HiJackThis

    ==== Installed Programs ======================

    1912 Titanic Mystery
    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Adrianne Stone Hidden Relics
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    AVS Audio Converter version 6.2
    Awakening - The Dreamless Castle .
    Bejeweled 2 Deluxe 1.0
    Bejeweled Blitz
    Big Fish Games: Game Manager
    Cake Mania 5 Lights Camera Action Pheonix RG
    CLUE Classic
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    D3DX10
    DirectX for Managed Code Update (Summer 2004)
    DivX Setup
    Double Play Family Feud and Family Feud II 1.00
    Drift City
    DVD Menu Pack for HP MediaSmart Video
    Elf Bouling 7 star v1.0
    Elf Bowling Holiday Pack 1.00
    Epson Easy Photo Print 2
    EPSON Scan
    Explorer - Contraband Mystery
    Facebook Plug-In
    Find Your Own Way Home
    Fishdom H2O
    Flux Family Secrets - The Rabbit Hole Collectors Edition
    FrostWire 4.21.3
    getPlus(R) Download Manager for Corel
    Golden Trails - The New Western Rush
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Governor of Poker
    Heavy Weapon Deluxe
    HiJackThis
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart/TouchSmart Netflix
    HP Odometer
    HP Product Detection
    HP Remote Solution
    HP Setup
    HP Support Assistant
    HP Support Information
    HP Update
    HPAsset component for HP Active Support Library
    Hulu Desktop
    iMesh
    Java Auto Updater
    Java(TM) 6 Update 22
    JEOPARDY! 2
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Lost Lagoon The Trail of Destiny 1.00
    Love Chronicles - The Spell
    Luxor Quest for the Afterlife
    Malwarebytes' Anti-Malware
    Masquerade Mysteries - The Case of the Copycat Curator
    MATonline2.1.6.319
    McAfee Total Protection
    MediaBar
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Live Search Toolbar
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio Macro Tools
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MLBDugoutHeroes
    Mortimer Beckett and the Time Paradox
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mysterious Travel - The Magic Diary
    Mystery Case Files - Huntsville
    Mystery Legends Sleepy Hollow
    Mystery Masterpiece The Moonstone
    Pando Media Booster
    PDF Settings CS5
    PictureMover
    Pioneer
    plants vs zombies h33t
    Power2Go
    PowerDirector
    Raptr
    Realtek High Definition Audio Driver
    Recovery Manager
    Restaurant Rush
    Royal Envoy Collector's Edition
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Sparkle
    Super Smasher
    Super Smasher 1.0.1
    Text Twist 2 (remove only)
    Text Twist 2 1.00
    THE HOUSE OF THE DEAD 3
    The Lord of the Rings Online™ v03.02.04.8007
    The Mystery of the Crystal Portal {Ronakt]
    The Price Is Right
    The Serpent of Isis 1.00
    The Sims™ 3
    Tiger Eye Part 1 - Curse Of The Riddle Box .
    Unity Web Player
    Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (KB982305)
    VC80CRTRedist - 8.0.50727.4053
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Vuze
    WD Software Upgrader
    Where's Waldo The Fantastic Journey
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Install Manager
    Zuma's Revenge!

    ==== Event Viewer Messages From Past Week ========

    12/27/2010 5:09:56 AM, Error: Service Control Manager [7023] - The Google Software Updater service terminated with the following error: %%-2147024894
    12/27/2010 4:41:48 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    12/25/2010 11:04:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDFME service.

    ==== End Of File ===========================
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Your other 4 threads will be combined in this one thread. All logs are suppose to be on the same thread. Multiple posts can be used if needed- not multiple threads. You have 5!

    I have also retitled your thread to Redirect 1. Calling the thread 'Virus and malware' doesn't give us any information. I will delete 'virus and malware' in the subject because that's the name of this forum, not your problem!

    All of the other 4 threads have been closed and I have asked to have all logs moved to this thread. Do not start any more new threads for this problem.
     
  6. donlew

    donlew TS Rookie Topic Starter

    okay thnx for the correction. im learning. what must b done now?
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry for the delay- Please run the following:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ============================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Paste the logs into your next reply. OK to use more that 1 post if needed but all should be within this thread.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...