another "click.giftload" victim

**abstract50** · 2011-05-09, 08:48

Hello,
I recently visited "mysoju.com" where I am certain I was exposed to this virus along with "malware doctor" on Friday (May 6th). I have already tried "system restore," but was unsuccessful. I believe I have gotten rid of "malware doctor" but can't be certain. When I scanned my computer using spybot, it detected "click.giftload" and although it said it was removed, my computer moves at a snails pace especially when visiting webpages ie; youtube.com. There is no sign of redirects or pop ups thus far when using safari.

I have opened up the task manager and the cpu usage jumps upwards of 70 to 100% when visiting websites. As others have noted previously, there is also at least six (svchost.exe) processes that appear in task manager.
Below is the dds.txt file requested along with the attach.zip below.
THANK YOU SOOOO MUCH!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Marsha at 20:06:32.85 on Sun 05/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.443 [GMT -10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\docume~1\marsha\locals~1\temp\cdm\{be05876d-561b-4024-9955-40efec6b1e69}\STacSV.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\HP\HPBTWD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\syncables\syncables desktop\Syncables.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files\syncables\syncables desktop\MigoMapi.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Marsha\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://kcc.hawaii.edu/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101229165721.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\docume~1\marsha\locals~1\temp\adgv6pc8.tmp\utorrent.exe"
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [asecpp70.exe] c:\documents and settings\marsha\application data\e57edb6a5188e98a89d96ce530003e5d\asecpp70.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
mRun: [Syncables] c:\program files\syncables\syncables desktop\Syncables.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [PININST] c:\system.sav\util\pininst.exe c:\system.sav\util\PININST.INI
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\marsha\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277974724577
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - kcc.hawaii.edu
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&q=
FF - component: c:\documents and settings\marsha\application data\mozilla\firefox\profiles\na8hmdbg.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {3776C304-4C34-4D88-9620-6E4878D013CD} - c:\documents and settings\marsha\local settings\application data\{3776C304-4C34-4D88-9620-6E4878D013CD}
FF - Ext: AOL Toolbar: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1} - %profile%\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-29 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-12-29 84072]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-29 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-29 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-29 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-29 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-29 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-29 141792]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-4-21 113664]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-29 55840]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-29 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-29 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-29 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-12-29 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-12-29 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-29 84264]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-07 02:29:42 0 ----a-w- c:\windows\Ybeli.bin
2011-05-07 02:29:37 -------- d-----w- c:\docume~1\marsha\locals~1\applic~1\{3776C304-4C34-4D88-9620-6E4878D013CD}
2011-05-01 22:43:26 -------- d-----w- c:\documents and settings\marsha\DownloadDirector
2011-05-01 22:02:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\SafeNet Sentinel
2011-05-01 21:59:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\SPSS
2011-05-01 21:59:56 -------- d-----w- c:\program files\common files\SPSS
2011-05-01 21:58:55 -------- d-----w- c:\program files\SPSSInc
2011-05-01 21:56:41 -------- d-----w- c:\program files\PASWStatisticsStudent18
2011-05-01 20:52:35 205 ----a-w- c:\windows\system32\lsprst7.dll
2011-05-01 20:52:35 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-04-14 13:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-14 13:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-04-13 05:00:03 -------- d-----w- c:\program files\NCH Software
2011-04-13 04:59:47 -------- d-----w- c:\docume~1\marsha\applic~1\NCH Software
2011-04-11 02:34:45 -------- d-----w- c:\docume~1\marsha\applic~1\SMRecorder
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
============= FINISH: 20:09:17.46 ===============

**redcar92** · 2011-05-09, 17:30

Hello abstract50 and

.
I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.

Please observe these rules while we work:

Read the entire procedure
It is important to perform ALL actions in sequence.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it.
Remember, absence of symptoms does not mean the infection is all gone.
Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.

Stay with this topic until I give you the all clean post.[/b]

**redcar92** · 2011-05-10, 19:05

Greetings abstract50,

Please download aswMBR ( 511KB ) to your desktop.
Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the**save log button, save it to your desktop and post using copy/paste in your next reply.

**abstract50** · 2011-05-10, 20:36

*As a side note, when using Mozilla Firefox I have been periodically experiencing the web site redirects.
Below is the aswMBR. THANKS AGAIN!

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-10 08:24:38
-----------------------------
08:24:38.515 OS Version: Windows 5.1.2600 Service Pack 3
08:24:38.515 Number of processors: 2 586 0x1C02
08:24:38.515 ComputerName: THUM UserName:
08:24:52.203 Initialize success
08:25:06.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:25:06.468 Disk 0 Vendor: WDC_WD1600BEVT-60ZCT1 13.01A13 Size: 152627MB BusType: 3
08:25:08.500 Disk 0 MBR read successfully
08:25:08.515 Disk 0 MBR scan
08:25:08.531 Disk 0 unknown MBR code
08:25:10.562 Disk 0 scanning sectors +312560640
08:25:10.656 Disk 0 scanning C:\WINDOWS\system32\drivers
08:25:24.218 Service scanning
08:25:26.390 Disk 0 trace - called modules:
08:25:26.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
08:25:26.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d75ab8]
08:25:26.421 3 CLASSPNP.SYS[f7668fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d44d98]
08:25:26.421 Scan finished successfully
08:26:44.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Marsha\Desktop\MBR.dat"
08:26:44.531 The log file has been saved successfully to "C:\Documents and Settings\Marsha\Desktop\aswMBR.txt"

**redcar92** · 2011-05-11, 03:40

Greetings abstract50,
Good news, no Rootkit or MBR infection.

***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***
Download Combofix from any of the links below. Save it to your desktop.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy/past the contents of C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**abstract50** · 2011-05-12, 04:31

When I installed it, there was a message reading new version available. I did not opt to download it because I was hesitant. Would you like me to redo the scan again with the newer version and install it when prompted to?
I also attached the actual txt. log below.

ComboFix 11-05-10.02 - Marsha 05/11/2011 8:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.488 [GMT -10:00]
Running from: c:\documents and settings\Marsha\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Marsha\Application Data\Adobe\plugs
c:\documents and settings\Marsha\Application Data\Adobe\shed
c:\documents and settings\Marsha\Local Settings\Application Data\{3776C304-4C34-4D88-9620-6E4878D013CD}
c:\documents and settings\Marsha\Local Settings\Application Data\{3776C304-4C34-4D88-9620-6E4878D013CD}\chrome.manifest
c:\documents and settings\Marsha\Local Settings\Application Data\{3776C304-4C34-4D88-9620-6E4878D013CD}\chrome\content\_cfg.js
c:\documents and settings\Marsha\Local Settings\Application Data\{3776C304-4C34-4D88-9620-6E4878D013CD}\chrome\content\overlay.xul
c:\documents and settings\Marsha\Local Settings\Application Data\{3776C304-4C34-4D88-9620-6E4878D013CD}\install.rdf
C:\Install.exe
c:\program files\HP\HPBTWD.exe
c:\windows\system32\lsprst7.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-09 06:03 . 2011-05-09 06:03 -------- d-----w- c:\program files\ERUNT
2011-05-07 02:29 . 2011-05-07 02:29 0 ----a-w- c:\windows\Ybeli.bin
2011-05-01 22:43 . 2011-05-01 22:43 -------- d-----w- c:\documents and settings\Marsha\DownloadDirector
2011-05-01 22:02 . 2011-05-01 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2011-05-01 21:59 . 2011-05-01 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SPSS
2011-05-01 21:59 . 2011-05-01 21:59 -------- d-----w- c:\program files\Common Files\SPSS
2011-05-01 21:58 . 2011-05-01 22:37 -------- d-----w- c:\program files\SPSSInc
2011-05-01 21:56 . 2011-05-01 21:57 -------- d-----w- c:\program files\PASWStatisticsStudent18
2011-05-01 20:52 . 2011-05-01 20:52 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-04-14 13:39 . 2011-04-14 13:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 13:39 . 2011-04-14 13:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-13 05:00 . 2011-04-13 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-04-13 05:00 . 2011-04-18 02:58 -------- d-----w- c:\program files\NCH Software
2011-04-13 04:59 . 2011-04-13 05:06 -------- d-----w- c:\documents and settings\Marsha\Application Data\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2008-04-15 12:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-15 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-15 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-03-02 05:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2007-08-14 17:54 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2007-08-14 17:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-15 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-15 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-07-01 23:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-15 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2010-10-14 08:28 . 2010-12-30 02:57 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-08-05 737280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-02 173360]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"PININST"="c:\system.sav\UTIL\PININST.EXE" [2006-02-25 94208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-14 467036]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-26 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-23 1193848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-26 421160]
.
c:\documents and settings\Marsha\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/29/2010 4:56 PM 84072]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/29/2010 4:56 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/29/2010 4:56 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/29/2010 4:57 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/29/2010 4:57 PM 141792]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/21/2009 2:13 PM 113664]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/29/2010 4:56 PM 55840]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 11:03 AM 38912]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/29/2010 4:56 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/29/2010 4:56 PM 88544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/29/2010 4:56 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/29/2010 4:56 PM 84264]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:50]
.
2011-04-14 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2011-04-13 05:06]
.
2011-05-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-208597416-1257733744-2204374147-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 13:02]
.
2010-12-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-208597416-1257733744-2204374147-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 13:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://kcc.hawaii.edu/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Marsha\Application Data\Mozilla\Firefox\Profiles\na8hmdbg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - kcc.hawaii.edu
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AOL Toolbar: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1} - %profile%\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
HKCU-Run-asecpp70.exe - c:\documents and settings\Marsha\Application Data\E57EDB6A5188E98A89D96CE530003E5D\asecpp70.exe
HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 08:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-05-11 08:38:55
ComboFix-quarantined-files.txt 2011-05-11 18:38
.
Pre-Run: 140,359,061,504 bytes free
Post-Run: 140,834,758,656 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D938112DBFF634DB41D4561AADEE9F44

**redcar92** · 2011-05-13, 02:34

Greetings abstract50,
P2P - I see you have P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Add or Remove Programs.

I also see that you have the Ask toolbar on your system. You may not be aware of the the above problems and Add or Remove Programs may not show them installed. If you want these nuisances removed, and cannot do it your self, let me know and we can remove them for you.

Next
Press the WinKey + R to open a run box, then copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q "c:\windows\Ybeli.bin"

Next
Double click 0n MalwareBytes, mbam.exe to run it.
If Malwarebytes asks to update click on yes, if you are not asked.
Click on the Update tab then click on Check for updates.
After updates finish, click on the Scanner tab. Select Perform quick scan.
Click on Scan button.
When finished copy/paste the contents of mbam.txt into your next post please.

Next
Please use Internet Explorer to download and run the following scan: Eset Online Scanner

Place a check mark in the box YES, I accept the Terms Of Use
Click the Start button.
Now click the Install button.
Click Start. The scanner engine will initialize and update.
Do Not place a check mark in the box beside Remove found threats.
Click the Scan button. The scan will now run, please be patient.
When the scan finishes click on List of found threats.
Click Export to text file
Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.

Logs to post:

mbam.txt
ESET's log.txt
Tell me how your PC is behaving now please

**abstract50** · 2011-05-14, 09:06

Hey Bill,
Yes, I would love assistance in removing the programs you mentioned because they are not appearing in my control panel.
Upon starting up my pc, a black window always appears for a second with the message: Windows did not shut down successfully and lists the set of choices: "Start Windows normally, etc.. It goes away by itself. I have not experienced any misdirections of websites using firefox nor safari so that must be a great sign?
When 'windows run' screen came up, I copied the text into the box and a black screen came up but disappeared. Is that what suppose to happen? With the ESET online scanner, it stated that other virus programs may affect it so I disabled my Mccafee. Should I have just kept it on, did it negatively impact the results?
As I performed these two scans they both showed no signs of virus. There was no option to provide a txt file with the ESET scan because it found no threats. I truly believed I had/have this virus based on my computer symptoms and if not I truly appreciate your help in assisting me.

Scan type: Quick scan
Objects scanned: 148330
Time elapsed: 14 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**redcar92** · 2011-05-15, 14:30

Hello abstract50,
The black screen you see at startup is normal after installing Combofix, it should have Recovery Console as a choice. This is a good thing.

Everything else sounds normal.

To remove ask and uTorrent please do the following:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

Firefox::

FF - ProfilePath - c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
DDS::

uRun: [uTorrent] "c:\docume~1\marsha\locals~1\temp\adgv6pc8.tmp\utorrent.exe"
Registry::

Driver::

Save this as "CFScript.txt", and as* Type: All Files (*.*) in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next
Please download ATF Cleaner by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

Next
Your Java appears to be down level.
Navigate to Control Panel then open Add Remove Programs.
Highlight each Java item listed then Remove or Uninstall.
Visit this site to down load and install the latest Java.

Next
Your Adobe appears to be down level
Please visit this site http://www.adobe.com/downloads/ Click on Adobe Reader icon on the right side and you will be presented with the correct Adobe for your system.
Down load and install this Adobe please.

Please let me know your PC is working now.

**abstract50** · 2011-05-16, 05:19

While running combofix, a error message pev.exe reading an "error occurred and most close." It occurred twice while running combofix. As for the computer, it seems to be running smoothly.

ComboFix 11-05-10.02 - Marsha 05/15/2011 15:59:49.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.548 [GMT -10:00]
Running from: c:\documents and settings\Marsha\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Marsha\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome.manifest
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\about.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\about.xul
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\constants.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\db.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\events.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\json.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\lifecycle.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\listeners.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\logger.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\network.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\observer.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\options.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\options.xul
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\preferences.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\toolbar.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\utilities.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\widget-controller.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\widget-frame.xul
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\widget-popup.xul
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\content\widgets.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\abc.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\amazon_16x.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\as.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\ask_16x16.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\ask_32x32.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\ask_browser_ff_chrome.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\asklogo.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\bbc_news.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\beppe_grillo.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\bild.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\blogs.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\business.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\chevron.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\Close.gif
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\cnn_16x.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\corriere_della_sera.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\dictionary.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\el_mundo.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\email_16x.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\expansion.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\facebook_16x.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\folha.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\ft.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\ftd.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\g1.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\games_16x.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\gazzetta_dello_sport.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\gripper.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\highlight_16x.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\highlighter_off.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\highlighter_on.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\images.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\kicker.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\labels-de.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\labels-en.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\labels-es.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\labels-fr.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\labels-it.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\labels-nl.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\labels-pt.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\labels-ru.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\laposte.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\lemonde.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\lequipe.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\libero_it.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\links-BR.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\links-DE.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\links-ES.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\links-EU.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\links-FR.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\links-IT.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\links-NL.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\links-RU.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\links-UK.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\links-US.properties
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\magnify_search.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\magnify_search_grey_16x.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\maps.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\marmiton.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\mtv.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\news.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\oglobo.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\orkut.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\preferences.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_ask.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_ask_de.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_ask_es.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_ask_fr.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_ask_it.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_ask_nl.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pl.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pt.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_ask_ru.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_cobrand.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_current_site.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_de.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_es.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_fr.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_it.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_nl.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_pl.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_pt.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\search_ru.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\shopping.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\sports.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\stocks.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\terra.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\toolbar.css
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\toolbar.xul
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\tv.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\tv_movie_de.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\uol.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\weather.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\weather_16x.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\web.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\web_de.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\widget-popup.css
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\WindowTop.gif
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\wordoftheday_16x.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\youtube_16x.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\skin\zoomall.png
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-02-Apr-2010-01-53-04-GMT\ff-config.zip
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-07-Jun-2010-23-12-43-GMT\ff-config.zip
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-26-Oct-2010-01-30-00-GMT\ff-config.zip
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\datastore\cache.sqlite
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\defaults.js.bak
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\install.rdf
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1304750906922.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1304751012362.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1304751351374.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1304761443968.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1304872007241.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1304874605565.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1304911167138.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1305013625778.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1305014543979.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1305136974640.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1305182000196.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1305278128534.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1305356912966.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1305386708861.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1305387477757.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1305387881089.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\logs\asktb-log-1305387882568.html
c:\docume~1\marsha\applic~1\mozilla\firefox\profiles\na8hmdbg.default\extensions\toolbar@ask.com\searchplugins\askcom.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))
.
.
2011-05-14 06:04 . 2011-05-14 06:04 -------- d-----w- c:\program files\ESET
2011-05-09 06:03 . 2011-05-09 06:03 -------- d-----w- c:\program files\ERUNT
2011-05-01 22:43 . 2011-05-01 22:43 -------- d-----w- c:\documents and settings\Marsha\DownloadDirector
2011-05-01 22:02 . 2011-05-01 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2011-05-01 21:59 . 2011-05-01 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SPSS
2011-05-01 21:59 . 2011-05-01 21:59 -------- d-----w- c:\program files\Common Files\SPSS
2011-05-01 21:58 . 2011-05-01 22:37 -------- d-----w- c:\program files\SPSSInc
2011-05-01 21:56 . 2011-05-01 21:57 -------- d-----w- c:\program files\PASWStatisticsStudent18
2011-05-01 20:52 . 2011-05-01 20:52 1025 ----a-w- c:\windows\system32\sysprs7.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-15 00:01 . 2010-12-30 02:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-15 00:01 . 2010-12-30 02:57 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-15 00:01 . 2010-12-30 02:56 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-15 00:01 . 2010-12-30 02:56 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-15 00:01 . 2010-12-30 02:56 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-15 00:01 . 2010-12-30 02:56 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-15 00:01 . 2010-12-30 02:56 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-15 00:01 . 2010-12-30 02:56 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-15 00:01 . 2010-12-30 02:56 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-15 00:01 . 2010-12-30 02:56 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-15 00:01 . 2010-12-30 02:56 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-07 05:33 . 2008-04-15 12:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-15 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-15 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2008-03-02 05:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:06 . 2007-08-14 17:54 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2007-08-14 17:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2008-04-15 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-15 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-07-01 23:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-15 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 00:01 . 2010-12-30 02:57 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-11_18.34.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-16 01:47 . 2011-05-16 01:47 16384 c:\windows\temp\Perflib_Perfdata_404.dat
- 2009-08-23 10:38 . 2011-05-09 05:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-23 10:38 . 2011-05-12 18:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-23 10:38 . 2011-05-09 05:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-23 10:38 . 2011-05-12 18:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-23 10:38 . 2011-05-09 05:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-05-12 03:19 . 2011-05-12 18:59 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-05-12 10:50 . 2011-05-12 10:50 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-04-16 22:17 . 2011-04-16 22:17 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-06-15 00:54 . 2011-05-12 10:51 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-06-15 00:54 . 2011-04-16 22:27 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-06-15 00:54 . 2011-05-12 10:51 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-06-15 00:54 . 2011-04-16 22:27 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-06-15 00:54 . 2011-04-16 22:27 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-06-15 00:54 . 2011-05-12 10:51 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-04-16 22:17 . 2011-04-16 22:17 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-05-12 10:50 . 2011-05-12 10:50 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-06-08 22:26 . 2011-05-09 05:01 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-06-08 22:26 . 2011-05-12 18:59 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-06-15 00:54 . 2011-05-12 10:51 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-06-15 00:54 . 2011-04-16 22:27 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-06-15 00:54 . 2011-05-12 10:51 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-06-15 00:54 . 2011-04-16 22:27 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-06-15 00:54 . 2011-04-16 22:27 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-06-15 00:54 . 2011-05-12 10:51 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-06-15 00:54 . 2011-05-12 10:51 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-06-15 00:54 . 2011-04-16 22:27 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-05-16 01:48 . 2011-05-16 01:48 315392 c:\windows\ERDNT\AutoBackup\5-15-2011\Users\00000002\UsrClass.dat
+ 2011-05-16 01:48 . 2005-10-20 22:02 163328 c:\windows\ERDNT\AutoBackup\5-15-2011\ERDNT.EXE
+ 2011-05-14 15:23 . 2011-05-14 15:23 315392 c:\windows\ERDNT\AutoBackup\5-14-2011\Users\00000002\UsrClass.dat
+ 2011-05-14 15:23 . 2005-10-20 22:02 163328 c:\windows\ERDNT\AutoBackup\5-14-2011\ERDNT.EXE
+ 2011-05-13 17:00 . 2011-05-13 17:00 315392 c:\windows\ERDNT\AutoBackup\5-13-2011\Users\00000002\UsrClass.dat
+ 2011-05-13 17:00 . 2005-10-20 22:02 163328 c:\windows\ERDNT\AutoBackup\5-13-2011\ERDNT.EXE
+ 2011-05-12 15:21 . 2011-05-12 15:21 315392 c:\windows\ERDNT\AutoBackup\5-12-2011\Users\00000002\UsrClass.dat
+ 2011-05-12 15:21 . 2005-10-20 22:02 163328 c:\windows\ERDNT\AutoBackup\5-12-2011\ERDNT.EXE
+ 2011-04-29 22:27 . 2011-04-29 22:27 4158464 c:\windows\Installer\161964b.msp
+ 2011-04-29 22:30 . 2011-04-29 22:30 1197056 c:\windows\Installer\1619636.msp
+ 2009-06-15 00:54 . 2011-05-12 10:51 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-06-15 00:54 . 2011-04-16 22:27 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-05-16 01:48 . 2011-05-16 01:48 7725056 c:\windows\ERDNT\AutoBackup\5-15-2011\Users\00000001\ntuser.dat
+ 2011-05-14 15:23 . 2011-05-14 15:23 7725056 c:\windows\ERDNT\AutoBackup\5-14-2011\Users\00000001\ntuser.dat
+ 2011-05-13 17:00 . 2011-05-13 17:00 7725056 c:\windows\ERDNT\AutoBackup\5-13-2011\Users\00000001\ntuser.dat
+ 2011-05-12 15:21 . 2011-05-12 15:21 7716864 c:\windows\ERDNT\AutoBackup\5-12-2011\Users\00000001\ntuser.dat
+ 2010-07-02 07:24 . 2011-05-12 10:51 42829768 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-08-05 737280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-02 173360]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"PININST"="c:\system.sav\UTIL\PININST.EXE" [2006-02-25 94208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-14 467036]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-26 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-26 421160]
.
c:\documents and settings\Marsha\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/29/2010 4:56 PM 84200]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/29/2010 4:56 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [12/29/2010 4:56 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [12/29/2010 4:57 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/29/2010 4:57 PM 141792]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/21/2009 2:13 PM 113664]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/29/2010 4:56 PM 56064]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 11:03 AM 38912]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/29/2010 4:56 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/29/2010 4:56 PM 88736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/29/2010 4:56 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/29/2010 4:56 PM 84488]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:50]
.
2011-04-14 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2011-04-13 05:06]
.
2011-05-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-208597416-1257733744-2204374147-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 13:02]
.
2011-05-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-208597416-1257733744-2204374147-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 13:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://kcc.hawaii.edu/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Marsha\Application Data\Mozilla\Firefox\Profiles\na8hmdbg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - kcc.hawaii.edu
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AOL Toolbar: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1} - %profile%\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-15 16:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-05-15 16:16:15
ComboFix-quarantined-files.txt 2011-05-16 02:16
ComboFix2.txt 2011-05-11 18:38
.
Pre-Run: 140,417,773,568 bytes free
Post-Run: 140,441,997,312 bytes free
.
- - End Of File - - CBD904830948C0C0976A8B437EC35ABA

Thread: another "click.giftload" victim

Thread Tools

Display

another "click.giftload" victim

Posting Permissions