Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Stealing Personal Information?

  1. #11
    Junior Member
    Join Date
    Dec 2009
    Posts
    21

    Default Stealing Personal Information?

    Thank you for your reply. Here is the information you requested.

    Regards,
    Steve42

    *How is your computer performing now? Any problems encountered and or any further symptoms? [About the same - mostly OK but CPU Usage still showing lots of spikes. I've attached an image of the usage graph for you.]

    *ComboFix Log:

    ComboFix 10-01-04.01 - Steve 01/07/2010 9:28.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1512 [GMT -5:00]
    Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Viewpoint
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1054744159.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1257552095.712536053
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1476482372.712535979
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1550700062.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1675323418.713836840
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1744624506.713836803
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1767541886.713836716
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1792851963.712535981
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-672059697.swf
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-681648789.swf
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-685991849.712535954
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-708065856.713836749
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-716026614.swf
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-732913299.712536002
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-763019087.713836937
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-96559883.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\1461440338.712535953
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\1564877131.712535908
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\385814962.712536011
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\501688438.712536046
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1041161462.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1216699398.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1588488936.swf
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-167467785.712535921
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1697589072.swf
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1735078747.713836821
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-2040853405.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-378119151.712535947
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-583022627.712535910
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-787478019.712535915
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-982355842.712536070
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1024896942.swf
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1136233701.swf
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1176327029.713836865
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1220223377.712535992
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1247495568.712535999
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1304666343.712536034
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\290547230.swf
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\346281577.713836896
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\512589962.712536028
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\570073743.713863076
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\768763562.712535994
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\860502393.712536026
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\925975223.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1140250495.713836908
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1149444489.712536068
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1219180738.713836830
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1270717649.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1438713594.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1610302144.712536009
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1651440994.712535931
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1801392204.712535990
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1817435829.712536059
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1819899927.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-2034384745.713836872
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-207333975.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-2108356295.712535989
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-243470204.712536022
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-300725744.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-41890203.712536041
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-582640680.712536049
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-668285516.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-72580264.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-764272172.712535942
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\1229517749.712535939
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\1385903037.713836769
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\143415706.712536017
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\1520622600.712535996
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\172992995.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\346840136.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\434599021.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\648662744.swf
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1037005395.713836741
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1106322216.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1294591352.712536065
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1307685966.713836843
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1603077681.712535983
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1625577909.713836700
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1720476204.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1799102199.713836711
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1877319710.713836793
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1926077123.712535997
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-299234580.swf
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-347626359.swf
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-583862537.712536063
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-66919675.712536043
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\1071317150.713836906
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\119964245.713836888
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\1382942631.713836864
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\1385887584.713836838
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\1418335590.713836807
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\1669572585.712536032
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\1838517554.712536007
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\2021793278.712535944
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\2091149108.swf
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\489659170.712536061
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\581741786.713836754
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\582067880.712535985
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\746857229.713836914
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\770800983.712535978
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\879056853.712535933
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\932053967.712536014
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\980018594.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9\FLFBootStrap.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\HostRegistry.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1241215004.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-221306206.mtj&p2=1&p3=15705439063104672838671716511139&p4=0
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1233786184.mtx
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1355542221.mts
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-690820443.mtj&p2=0&p3=15705439063104672838671716511139&p4=0
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\304524284.mtj&p2=0&p3=15705439063104672838671716511139&p4=0
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
    c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
    c:\documents and settings\Steve\Application Data\Symantec
    c:\program files\AskBarDis
    c:\program files\AskBarDis\bar\bin\askBar.dll

    .
    --------------- FCopy ---------------

    c:\windows\ServicePackFiles\i386\ctfmon.exe --> c:\windows\System32\ctfmon.exe
    .
    ((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
    .

    2010-01-07 14:28 . 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe
    2010-01-07 14:28 . 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    2010-01-06 03:52 . 2010-01-06 03:52 -------- d-----w- c:\program files\ERUNT
    2010-01-05 03:30 . 2010-01-05 03:30 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
    2010-01-05 03:30 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-05 03:30 . 2010-01-05 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-01-05 03:30 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-05 03:30 . 2010-01-05 03:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-03 01:50 . 2010-01-03 01:50 -------- d-----w- C:\rsit

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-07 14:38 . 2008-09-18 19:50 -------- d-----w- c:\documents and settings\Steve\Application Data\Skype
    2010-01-07 13:28 . 2008-09-18 19:59 -------- d-----w- c:\documents and settings\Steve\Application Data\skypePM
    2010-01-05 03:18 . 2004-11-20 03:35 -------- d-----w- c:\program files\Yahoo!
    2010-01-05 03:18 . 2006-08-08 20:37 -------- d-----w- c:\program files\Common Files\Scanner
    2009-12-03 04:50 . 2004-10-13 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-12-02 21:11 . 2009-12-02 21:11 -------- d-----w- c:\program files\Trend Micro
    2009-12-02 19:40 . 2004-10-13 23:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-28 20:35 . 2009-11-28 20:35 -------- d-----w- c:\program files\CCleaner
    2009-11-23 13:05 . 2009-10-24 14:21 -------- d-----w- c:\program files\Windows Desktop Search
    2009-11-22 23:21 . 2009-06-02 13:50 -------- d-----w- c:\program files\McAfee
    2009-11-13 23:02 . 2009-11-13 23:02 -------- d-----w- c:\documents and settings\Guest 1\Application Data\Windows Desktop Search
    2009-11-13 18:38 . 2009-11-13 18:38 -------- d-----w- c:\program files\Western Digital Corporation
    2009-11-09 18:08 . 2008-09-18 19:49 -------- d-----r- c:\program files\Skype
    2009-11-09 18:08 . 2009-11-09 18:08 -------- d-----w- c:\program files\Common Files\Skype
    2009-11-09 18:08 . 2007-08-19 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2009-11-08 18:22 . 2009-11-08 18:22 593920 ----a-w- c:\documents and settings\Steve\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...190-0-main.dll
    2009-10-29 07:45 . 2004-02-06 23:05 916480 ------w- c:\windows\system32\wininet.dll
    2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:30 . 2002-08-29 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38 . 2002-08-29 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38 . 2002-08-29 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
    2002-07-26 22:02 . 2005-01-03 03:16 153088 -c----w- c:\program files\UNWISE.EXE
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-01-06_04.33.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-01-07 13:24 . 2010-01-07 13:24 16384 c:\windows\Temp\Perflib_Perfdata_4e4.dat
    + 2007-06-10 22:19 . 2010-01-07 13:25 84507 c:\windows\SYSTEM32\Macromed\Flash\uninstall_activeX.exe
    + 2004-05-11 15:02 . 2010-01-07 13:30 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
    - 2004-05-11 15:02 . 2010-01-06 02:53 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
    + 2009-06-29 11:54 . 2010-01-07 13:30 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat
    - 2009-06-29 11:54 . 2010-01-06 02:53 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat
    + 2010-01-06 13:17 . 2010-01-07 13:30 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
    - 2004-05-11 15:02 . 2010-01-06 02:53 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
    + 2009-10-28 03:31 . 2009-10-28 03:31 257440 c:\windows\SYSTEM32\Macromed\Flash\FlashUtil10d.exe
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-27 18:39 . 2007-10-10 23:51 39792 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
    2009-10-03 09:45 . 2009-10-03 09:45 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    2003-08-19 06:01 . 2003-08-19 06:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe

    2004-08-19 05:51 . 2004-04-11 16:43 53248 c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe

    2004-08-19 05:52 . 2004-04-12 01:15 290816 c:\program files\Dell\Media Experience\bak\PCMService.exe

    2007-10-09 23:56 . 2007-10-09 23:56 202544 c:\program files\Dell Support Center\bin\bak\sprtcmd.exe

    2007-10-09 23:57 . 2007-10-09 23:57 16384 c:\program files\Dell Support Center\gs_agent\custom\bak\dsca.exe

    2007-03-15 15:09 . 2007-03-15 15:09 460784 c:\program files\DellSupport\bak\DSAgnt.exe

    2008-01-15 08:22 . 2008-01-15 08:22 267048 c:\program files\iTunes\bak\iTunesHelper.exe
    2009-07-13 18:03 . 2009-07-13 18:03 292128 c:\program files\iTunes\iTunesHelper.exe

    2007-10-07 03:48 . 2007-09-25 05:11 132496 c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe

    2004-02-25 22:15 . 2004-02-25 22:15 454656 c:\program files\Logitech\Video\bak\ISStart.exe

    2004-02-25 22:06 . 2004-02-25 22:06 212992 c:\program files\Logitech\Video\bak\LogiTray.exe

    2004-08-19 06:01 . 2004-04-19 19:45 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe

    2004-08-19 06:01 . 2004-04-19 19:45 131072 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

    2005-01-03 03:16 . 2004-04-23 16:00 192512 c:\program files\Pinnacle\Shared Files\Programs\USBTip\bak\USBTip.exe

    2008-01-10 20:27 . 2008-01-10 20:27 385024 c:\program files\QuickTime\bak\qttask.exe
    2009-05-26 21:18 . 2009-05-26 21:18 413696 c:\program files\QuickTime\QTTask.exe

    2002-08-29 10:00 . 2004-08-04 07:56 15360 c:\windows\SYSTEM32\bak\ctfmon.exe
    2010-01-07 14:28 . 2008-04-14 00:12 15360 c:\windows\SYSTEM32\ctfmon.exe

    1980-01-01 05:00 . 2005-09-20 13:32 77824 c:\windows\SYSTEM32\bak\hkcmd.exe

    2005-09-20 13:36 . 2005-09-20 13:36 114688 c:\windows\SYSTEM32\bak\igfxpers.exe

    1980-01-01 05:00 . 2005-09-20 13:35 94208 c:\windows\SYSTEM32\bak\igfxtray.exe

    2004-02-25 21:15 . 2004-02-25 21:15 221184 c:\windows\SYSTEM32\bak\LVCOMSX.EXE

    2004-08-19 05:53 . 2004-03-15 06:04 122933 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 39408]
    "Media Codec Update Service"="c:\program files\Essentials Codec Pack\WECPUpdate.exe" [2009-03-31 221184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-10-07 294912]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

    c:\documents and settings\Guest 1\Start Menu\Programs\Startup\
    Palm Registration.lnk - c:\program files\Palm\register.exe [2005-8-8 2494464]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-4-13 28672]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-8-19 24576]
    HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
    HP OfficeJet Startup.lnk - c:\program files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe [2008-11-7 1175552]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-11-8 169472]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

    S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\SYSTEM32\DRIVERS\gflmouhid.sys [4/19/2004 2:01 PM 6656]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-02 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-02 16:22]

    2009-06-02 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-02 16:22]

    2010-01-07 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-09-27 16:21]

    2010-01-07 c:\windows\Tasks\User_Feed_Synchronization-{17C61F9A-C235-42BE-822D-08C1080CCCF3}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/
    mWindow Title = Microsoft Internet Explorer provided by Comcast
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    Trusted Zone: greaterphilachamber.com\www
    Trusted Zone: microsoft.com\update
    Trusted Zone: nytimes.com\www
    Trusted Zone: uspto.gov\www
    Trusted Zone: weather.com\www
    Trusted Zone: yahoo.com\mail
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.10/uploader2.cab
    .

    **************************************************************************

    disk not found C:\

    please note that you need administrator rights to perform deep scan
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    Completion time: 2010-01-07 09:41:20
    ComboFix-quarantined-files.txt 2010-01-07 14:41
    ComboFix2.txt 2010-01-06 04:36

    Pre-Run: 69,080,178,688 bytes free
    Post-Run: 69,032,947,712 bytes free

    - - End Of File - - F4643EF28F69CB4AFCF526AED217EC1C


    *Malwarebytes Anti-Malware Log:

    Malwarebytes' Anti-Malware 1.43
    Database version: 3507
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/7/2010 9:49:38 AM
    mbam-log-2010-01-07 (09-49-38).txt

    Scan type: Quick Scan
    Objects scanned: 169033
    Time elapsed: 6 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    *A new HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:50:21 AM, on 1/7/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\bin\HPOVDX05.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: HP OfficeJet Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/58.10/uploader2.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://fulbrightevents.webex.com/cl...nt/ieatgpc.cab
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activ...eX_Control.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

    --
    End of file - 12136 bytes
    Attached Images Attached Images

  2. #12
    Security Expert Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,081

    Default

    Hi.

    CPU Usage still showing lots of spikes. I've attached an image of the usage graph for you
    It is spiking somewhat but you do have some quite resource intensive applications active in system memory/set to start after every system reboot. Plus combination security packages such as the McAfee SecurityCenter are quite resource intensive. However I will not rule out malware as the culprit just yet.

    Next:

    Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

    Next:

    Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

    Adobe Reader 8.1.7
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_05
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1


    To do so, click once on each of the above in turn to highlight and then click on the Remove button.

    Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

    New Adobe Reader Installation:
    • Go here and click on AdbeRdr920_en_US.exe to download the latest version of Adobe Reader.
    • Save this file to your desktop and run it to install the latest version of Adobe Reader.
    New Java Installation:
    • Click here to visit Java's website.
    • Scroll down to Java SE Runtime Environment (JRE) 6 Update 17. Click on Download.
    • Select Windows from the drop-down list for Platform.
    • Select Multi-language from the drop-down list for Language.
    • Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
    • Click on jre-6u17-windows-i586.exe link to download it and save this to a convenient location.
    • Double click on jre-6u17-windows-i586.exe to install Java.
    TFC(Temp File Cleaner):
    • Please download TFC to your desktop,
    • Save any unsaved work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program.
    • Click the Start button in the bottom left of TFC
    • If prompted, click "Yes" to reboot.
    Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

    F-Secure Blacklight:

    Please download Blacklight from here to your desktop.

    or

    Link to it from the ftp site: ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
    and save it to your desktop from there.

    Go to Start-->Run, copy in the following text, and press Enter:
    "%userprofile%\desktop\fsbl.exe" /expert
    Accept the license agreement.
    Click > scan, wait for it to finish, then click Close

    There will be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
    Copy and paste the contents of this log into your next reply.

    Run Kaspersky Online AV Scanner:

    Go to this Kaspersky website and perform an online antivirus scan.

    Note: Use Internet Explorer for this scan.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    • Please post this log in your next reply.
    This online tuturial will help explain how to use the aforementioned online scan.

    When completed the above, please post back the following:
    • How is your computer performing now? Any problems encountered and or any further symptoms?
    • Blacklight Log.
    • Kaspersky report.
    Member of UNITE

  3. #13
    Junior Member
    Join Date
    Dec 2009
    Posts
    21

    Default Stealing Personal Information?

    As always, your help is very much appreciated. Here is the information you requested.

    Regards,
    Steve42

    *How is your computer performing now? Any problems encountered and or any further symptoms? [Performance is about the same. Could this simply be a function of the age of my machine and CPU?]

    *Blacklight Log:
    No log was generated. At the end of the scan Blacklight simply said "Scan Complete. No Threats Found"

    *Kaspersky report:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Friday, January 8, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, January 08, 2010 04:37:42
    Records in database: 3325588
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan statistics:
    Objects scanned: 226579
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 04:19:25

    No threats found. Scanned area is clean.

    Selected area has been scanned.

  4. #14
    Security Expert Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,081

    Default

    Hi.

    As always, your help is very much appreciated
    You are most welcome!

    Performance is about the same. Could this simply be a function of the age of my machine and CPU?
    It is certainly looking that way and as far as I can tell malware is no longer a issue. Though some further system maintenance may be of benefit and I can provide advice about this in my next reply.

    No log was generated. At the end of the scan Blacklight simply said "Scan Complete. No Threats Found"
    OK fair play, unusual no log created but not unheard of and I am sure if anything found you would have informed myself.

    Going back to the performance issue try this application below:-

    StartUpLite:

    Please download this small application from here.

    It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed. Thus in turn freeing up system resources.

    Next:

    Let myself know if any further issues before we clean up the tools used during the malware removal process and I provide some advice about online safety, thank you.
    Member of UNITE

  5. #15
    Junior Member
    Join Date
    Dec 2009
    Posts
    21

    Default Stealing Personal Information?

    OK. I've loaded StartupLite and used the default settings. There may be some small improvement in my machine's startup but it's hard to tell. Overall, performance is about the same - improved but still some spikes. Since my machine is about 5 years old I will assume this is the cause. I know I should get a new machine but that will have to wait until my finances improve (got laid off a couple of years ago and the job market is still terrible!).

    I look forward to receiving your instructions on tool cleanup and also any suggestions you may have on routine maintenance. I already run MS Disk Cleanup and Defrag every other day (should I use CCleaner instead?) but am interested to know if there is any more routine maintenance I should do.

    Anyway, thank you again for all of your patience and help. Do you only do this as a volunteer or can I offer you some payment for all of your service?

    Now, while I've got your attention, my car's engine is making an odd whirring noise.....

    Regards,
    Steve42

  6. #16
    Security Expert Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,081

    Default

    Hi.

    I look forward to receiving your instructions on tool cleanup and also any suggestions you may have on routine maintenance. I already run MS Disk Cleanup and Defrag every other day (should I use CCleaner instead?) but am interested to know if there is any more routine maintenance I should do.
    Well apart from the information/links I have posted below. A Check-Disk once per month will go a long way towards ensuring the health and stability of your computers Hard-Drive. Instructions how to do this can be found here.

    Anyway, thank you again for all of your patience and help. Do you only do this as a volunteer or can I offer you some payment for all of your service?
    You are very welcome and your thanks is enough. I do not solicit payment for myself as I do indeed provide Anti-Malware support free of charge for home PC users. You may wish however to consider a donation here though it is not mandatory I will add.

    Now, while I've got your attention, my car's engine is making an odd whirring noise.....
    I cannot help you there I'm afraid unless you actually suspect malware may have infected the on-board computer(if it has one that looks after the engine management side).

    OK levity aside, Congratulations your computer now appears to be malware free!

    Next:

    Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

    Importance of Regular System Maintenance:

    I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

    Help! My computer is slow!

    Also so is this:

    What to do if your Computer is running slowly

    Uninstall ComboFix:
    • Click on Start >> Run...
    • Now type in ComboFix /Uninstall into the and click OK.
    • Note the space between the X and the /Uninstall, it needs to be there.
    Download/Run OTC:

    Please download OTC and save it to desktop. This tool will remove all the tools(and logs created) we used to clean your pc.

    Any left over merely delete yourself and empty the Recycle Bin.
    • Double-click OTC.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes, if not delete it by yourself.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Now some advice for on-line safety:

    Malwarebyte's Anti-Malware:

    This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

    Other installed security software:

    Your presently installed combination security application, McAfee SecurityCenter automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

    I advise you also run a complete scan with this also once per week.

    Erunt:

    Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

    Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

    Keep your system updated:

    Microsoft releases patches for Windows and other products regularly:

    Be careful when opening attachments and downloading files:
    • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
    • Never open emails from unknown senders.
    • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
    • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.
    Stop malicious scripts:

    Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

    Avoid Peer to Peer software:

    P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

    Hosts File:

    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:
    Only use one of the above.

    Finally a educational source:

    To learn more about how to protect yourself while on the internet read this article by Tony Klein(updated by tashi):

    So how did I get infected in the first place?

    Any questions? Feel free to ask, if not stay safe!
    Member of UNITE

  7. #17
    Security Expert Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,081

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

    Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
    Member of UNITE

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •