Inactive Redirect 1/Virus and Malware Removal

[donlew]

firefox browser redirects to scour and other such sites. i've followed all preliminary removal instructions.

mbam log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5402

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/27/2010 5:06:12 AM
mbam-log-2010-12-27 (05-06-12).txt

Scan type: Quick scan
Objects scanned: 159554
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 22
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 21
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A9722A0D-365F-47D2-B70B-37D046316D99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\577444569 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\Users\ms. kris\AppData\Roaming\systemproc (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\f3setupinstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.
c:\sysmon\asex02886 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
c:\sysmon\cvhc13007 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
c:\sysmon\dwhd23007 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
c:\sysmon\fxje2411 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
c:\sysmon\gbkg3521 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
c:\sysmon\icmh3522 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
c:\sysmon\idmi3522 (Trojan.P2P.Downloader) -> Quarantined and deleted successfully.
c:\sysmon\lgqlh63318 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\sysmon\smwrn06641 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\sysmon\flvdirect (Adware.Dropper) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\ms. kris\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\ms. kris\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\ms. kris\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\ms. kris\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files (x86)\f3setupinstall\f3initialsetup1.0.1.1.inf (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\3.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\3.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\Installr\3.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
c:\program files (x86)\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.

 

[donlew]

[Redirect 2]Virus and Malware Removal

dds.txt:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Ms. Kris at 7:00:03.82 on Mon 12/27/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2249 [GMT -6:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Users\Ms. Kris\Desktop\gmer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ms. Kris\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101120012427.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: MediaBar: {abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [SvUpdate] C:\Users\Ms. Kris\AppData\Roaming\WindowsNT\svupdate.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [EPSON NX300 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJA.EXE /FU "C:\Windows\TEMP\E_SA3DF.tmp" /EF "HKCU"
uRun: [Rename MP3 Files] "C:\Program Files (x86)\Rename MP3 Files\RenameMp3Files.exe" /minimized
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Copy to &Lightning Note - c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper200711281.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\System32\dxva232.dll, C:\Windows\System32\dfscli32.dll, C:\Windows\System32\dmrc32.dll, C:\Windows\System32\efsadu32.dll, C:\Windows\System32\crypt3232.dll, C:\Windows\System32\DHCPQEC32.dll, C:\Windows\System32\dmusic32.dll, C:\Windows\System32\EhStorAPI32.dll, C:\Windows\System32\cryptdlg32.dll, C:\Windows\System32\dhcpsapi32.dll, C:\Windows\System32\dmusic3232.dll, C:\Windows\System32\bt8o9smhlbdf2332.dll, C:\Windows\System32\cryptsvc32.dll, C:\Windows\System32\1x6hpgoq4p2z3c32.dll, C:\Windows\System32\zg1ywxt32.dll, C:\Windows\System32\p6uati9izc32.dll, C:\Windows\System32\2qnhl4d332.dll, C:\Windows\System32\2v69glcph32.dll, C:\Windows\System32\wi8jodt632.dll, C:\Windows\System32\h0f4t108er9c32.dll, C:\Windows\System32\dhcpcsvc632.dll, C:\Windows\System32\comcat32.dll, C:\Windows\System32\apircl32.dll, C:\Windows\System32\comctl3232.dll, C:\Windows\System32\asferror32.dll, C:\Windows\System32\comres32.dll, C:\Windows\System32\xzao0x32.dll, C:\Windows\System32\by484f32.dll, C:\Windows\System32\t2ofl4tf0bb32.dll, C:\Windows\System32\xdjqm43r32.dll, C:\Windows\system32\cewmdm32.dll, C:\Windows\system32\DevicePairing32.dll, C:\Windows\system32\CHxReadingStringIME32.dll, C:\Windows\system32\DevicePairingFolder32.dll, C:\Windows\system32\clb32.dll, C:\Windows\system32\DevicePairingHandler32.dll, C:\Windows\system32\DevicePairingHandler32.dllxia5rfe32.dll, C:\Windows\system32\DevicePairingHandler32.dllxia5rfe32.dllrxaa1e0o6o32.dll, C:\Windows\system32\DevicePairingHandler32.dllxia5rfe32.dllrxaa1e0o6o32.dlle8lbjrv7l32.dll, C:\Windows\system32\DevicePairingHandler32.dllxia5rfe32.dllrxaa1e0o6o32.dlle8lbjrv7l32.dll902ad32.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101109200511.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
mRun-x64: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\MS0E9D~1.KRI\AppData\Roaming\Mozilla\Firefox\Profiles\okdj2pwy.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll
FF - plugin: C:\Users\Ms. Kris\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Ms. Kris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Ms. Kris\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-3-30 529128]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-3-30 283360]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-3-30 75032]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-6-13 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-6-13 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-6-13 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-6-13 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-3-30 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-3-30 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-3-30 149032]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-9-8 288256]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-9-8 1034752]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-9-8 485376]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-3-30 62800]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-3-30 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-3-30 441328]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-16 135664]
S2 MSMQSVC;Message Queuing Service;C:\Windows\system32\mqsv32.exe --> C:\Windows\system32\mqsv32.exe [?]
S2 WaveQoS;Windows Audio Video Experience;C:\Windows\system32\QWAVE32.exe --> C:\Windows\system32\QWAVE32.exe [?]
S2 WdiSrvHost;Wdi Service Host;C:\Windows\system32\wdisrvac.exe --> C:\Windows\system32\wdisrvac.exe [?]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-3-30 94864]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-7 1255736]
S4 mfetdi2k;McAfee Inc. mfetdi2k;C:\Windows\System32\drivers\mfetdi2k.sys [2010-3-30 107096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2010-12-27 10:59:03 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Roaming\Malwarebytes
2010-12-27 10:58:38 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-27 10:58:37 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-27 10:58:35 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-27 10:58:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-27 10:15:51 388096 ----a-r- C:\Users\MS0E9D~1.KRI\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-27 10:15:50 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-12-27 10:05:21 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2010-12-27 09:51:59 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2010-12-27 09:51:29 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-12-24 19:42:10 -------- d-----w- C:\Program Files (x86)\FrostWire
2010-12-24 14:45:12 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{FC62F1B0-3904-42B3-A40F-B640BECE8153}\mpengine.dll
2010-12-16 08:45:14 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2010-12-16 08:42:46 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Local\Turbine
2010-12-16 05:30:37 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2010-12-16 05:30:37 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2010-12-16 05:29:58 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Local\ApplicationHistory
2010-12-16 05:27:51 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2010-12-16 05:12:05 -------- d-----w- C:\Program Files (x86)\Turbine
2010-12-15 07:04:21 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Local\Wicked_Interactive_LTD
2010-12-15 06:56:01 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Local\PMB Files
2010-12-15 06:55:58 -------- d-----w- C:\PROGRA~3\PMB Files
2010-12-15 06:55:32 -------- d-----w- C:\Program Files (x86)\Pando Networks
2010-12-14 00:35:42 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Roaming\NPLUTO Corporation
2010-12-13 20:11:59 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Local\Unity
2010-12-13 19:53:10 -------- d-----w- C:\Program Files (x86)\Vuze
2010-12-13 19:34:44 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Local\DOSBox
2010-12-11 22:41:14 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2010-12-05 18:07:31 -------- d-----w- C:\Users\MS0E9D~1.KRI\AppData\Roaming\VendelGAMES
2010-12-02 19:20:44 -------- d-----w- C:\Windows\Be Rich

==================== Find3M ====================

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-10-14 04:28:54 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2010-10-14 04:28:54 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2010-10-14 04:28:54 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2010-10-14 04:28:54 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2010-10-14 04:28:54 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2010-10-14 04:28:54 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2010-10-14 04:28:54 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2010-10-14 04:28:54 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2010-10-14 04:28:54 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

============= FINISH: 7:00:21.87 ===============

 

[donlew]

[Redirect 3/Virus and Malware Removal

gmer log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-27 06:44:47
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDE 0xBF 0x34 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0x46 0x48 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x66 0xAF 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x75 0x88 0x72 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0x46 0x48 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x66 0xAF 0xA0 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Ms. Kris\Desktop\Vuze downloads\{BigFish}Frank Baum\x2019s The Wonderful Wizard of Oz[H33T][Cybertek]\L Frank Baum's The Wonderful Wizard Of Oz.exe 1

---- EOF - GMER 1.0.15 ----

 

[donlew]

[Redirect 4/Virus and Malware Removal

attach.txt:

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/14/2010 9:55:40 PM
System Uptime: 12/27/2010 5:07:26 AM (2 hours ago)

Motherboard: PEGATRON CORPORATION | | Narra6
Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 585 GiB total, 448.807 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.622 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 465 GiB total, 130.916 GiB free.
K: is CDROM (UDF)
L: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Data Interface
Device ID: USB\VID_12D1&PID_1802&MI_01\6&3059E28A&0&0001
Manufacturer:
Name: Data Interface
PNP Device ID: USB\VID_12D1&PID_1802&MI_01\6&3059E28A&0&0001
Service:

Class GUID:
Description: Data Interface
Device ID: USB\VID_12D1&PID_1802&MI_02\6&3059E28A&0&0002
Manufacturer:
Name: Data Interface
PNP Device ID: USB\VID_12D1&PID_1802&MI_02\6&3059E28A&0&0002
Service:

==== System Restore Points ===================

RP219: 12/17/2010 4:35:06 PM - Windows Update
RP220: 12/18/2010 3:00:17 AM - Windows Update
RP221: 12/21/2010 6:00:18 PM - Windows Update
RP222: 12/24/2010 12:09:49 AM - Installed HiJackThis
RP223: 12/24/2010 8:44:55 AM - Windows Update
RP224: 12/24/2010 11:41:25 AM - Removed HiJackThis
RP225: 12/27/2010 4:15:15 AM - Installed HiJackThis

==== Installed Programs ======================

1912 Titanic Mystery
ABBYY FineReader 6.0 Sprint
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Adrianne Stone Hidden Relics
Apple Application Support
Apple Software Update
Ask Toolbar
AVS Audio Converter version 6.2
Awakening - The Dreamless Castle .
Bejeweled 2 Deluxe 1.0
Bejeweled Blitz
Big Fish Games: Game Manager
Cake Mania 5 Lights Camera Action Pheonix RG
CLUE Classic
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
DivX Setup
Double Play Family Feud and Family Feud II 1.00
Drift City
DVD Menu Pack for HP MediaSmart Video
Elf Bouling 7 star v1.0
Elf Bowling Holiday Pack 1.00
Epson Easy Photo Print 2
EPSON Scan
Explorer - Contraband Mystery
Facebook Plug-In
Find Your Own Way Home
Fishdom H2O
Flux Family Secrets - The Rabbit Hole Collectors Edition
FrostWire 4.21.3
getPlus(R) Download Manager for Corel
Golden Trails - The New Western Rush
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
Heavy Weapon Deluxe
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Product Detection
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
iMesh
Java Auto Updater
Java(TM) 6 Update 22
JEOPARDY! 2
Junk Mail filter update
LabelPrint
LightScribe System Software
Lost Lagoon The Trail of Destiny 1.00
Love Chronicles - The Spell
Luxor Quest for the Afterlife
Malwarebytes' Anti-Malware
Masquerade Mysteries - The Case of the Copycat Curator
MATonline2.1.6.319
McAfee Total Protection
MediaBar
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio Macro Tools
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MLBDugoutHeroes
Mortimer Beckett and the Time Paradox
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox (3.6.13)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mysterious Travel - The Magic Diary
Mystery Case Files - Huntsville
Mystery Legends Sleepy Hollow
Mystery Masterpiece The Moonstone
Pando Media Booster
PDF Settings CS5
PictureMover
Pioneer
plants vs zombies h33t
Power2Go
PowerDirector
Raptr
Realtek High Definition Audio Driver
Recovery Manager
Restaurant Rush
Royal Envoy Collector's Edition
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Sparkle
Super Smasher
Super Smasher 1.0.1
Text Twist 2 (remove only)
Text Twist 2 1.00
THE HOUSE OF THE DEAD 3
The Lord of the Rings Online™ v03.02.04.8007
The Mystery of the Crystal Portal {Ronakt]
The Price Is Right
The Serpent of Isis 1.00
The Sims™ 3
Tiger Eye Part 1 - Curse Of The Riddle Box .
Unity Web Player
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (KB982305)
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Vuze
WD Software Upgrader
Where's Waldo The Fantastic Journey
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Zuma's Revenge!

==== Event Viewer Messages From Past Week ========

12/27/2010 5:09:56 AM, Error: Service Control Manager [7023] - The Google Software Updater service terminated with the following error: %%-2147024894
12/27/2010 4:41:48 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
12/25/2010 11:04:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDFME service.

==== End Of File ===========================

 

[Bobbye]

Your other 4 threads will be combined in this one thread. All logs are suppose to be on the same thread. Multiple posts can be used if needed- not multiple threads. You have 5!

I have also retitled your thread to Redirect 1. Calling the thread 'Virus and malware' doesn't give us any information. I will delete 'virus and malware' in the subject because that's the name of this forum, not your problem!

All of the other 4 threads have been closed and I have asked to have all logs moved to this thread. Do not start any more new threads for this problem.

 

[donlew]

okay thnx for the correction. im learning. what must b done now?

 

[Bobbye]

Sorry for the delay- Please run the following:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

============================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe

• Double click combofix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Query- Recovery Console image
  
  
  
  

  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes it will open a text window. Please paste that log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Paste the logs into your next reply. OK to use more that 1 post if needed but all should be within this thread.