View Full Version : Fraud.Windows ProtectionSuite
I received some pop-ups that my PC was infected. Some software called "Security Master AV" was installed on my PC. I deleted that software.
I faithfully run Spybot once a week, and when I ran it this time, it could not remove two entries:
Fraud.Windows ProtectionSuite (15 entries Malware)
and
Microsoft.Windows.RedirectedHosts (3 entries SecurityC)
Spybot displays this error:
ERROR
Unexpected error in fixing problems
(Cannot create file
"C:\Windows\System32\dirvers\etc\hosts" . Access is denied")
I have McAfee on this PC and it will not launch either. I've tried a number of different approaches to fix the issue, and none have worked.
I look forward to working with you to fix my families PC,
Thanks.
Peter (PJS4U)
Here is the DDS log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 7:42:50.67 on Mon 05/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.479 [GMT -4:00]
AV: Security Master AV *On-access scanning enabled* (Updated) {D74A0D83-FE05-4125-8495-4C0CC09D0C51}
FW: Security Master AV *enabled* {E2F1965C-6EFD-4BE5-827C-09E7EDDD0C9B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
svchost.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner.HOME-BOZ9LU5SIN\Local Settings\Temporary Internet Files\Content.IE5\3XZSVNYZ\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Security Master AV] "c:\documents and settings\all users.windows\application data\ca874f3\SMca87.exe" /s /d
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269108245640
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269108233921
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
Notify: igfxcui - igfxsrvc.dll
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 98.142.243.182 www.google.com
Hosts: 98.142.243.182 google.com
Hosts: 98.142.243.182 google.com.au
Hosts: 98.142.243.182 www.google.com.au
Hosts: 98.142.243.182 google.be
Note: multiple HOSTS entries found. Please refer to Attach.txt
============= SERVICES / DRIVERS ===============
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-12 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-7-26 98984]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2008-5-27 51072]
=============== Created Last 30 ================
2010-05-31 11:15:25 243 ----a-w- C:\host.bat
2010-05-30 22:49:15 103784 ----a-w- c:\documents and settings\owner.home-boz9lu5sin\GoToAssistDownloadHelper.exe
2010-05-30 11:16:21 8212 ----a-w- c:\windows\mfebcdata
2010-05-30 02:28:19 0 d-sh--w- c:\docume~1\owner~1.hom\applic~1\Security Master AV
2010-05-30 02:28:15 0 d-sh--w- c:\docume~1\alluse~1.win\applic~1\SMQUDJAV
2010-05-30 02:27:54 0 d-sh--w- c:\docume~1\alluse~1.win\applic~1\ca874f3
2010-05-21 22:28:25 0 d-----w- c:\docume~1\alluse~1.win\applic~1\WorldWinner
2010-05-17 02:59:04 0 d-----w- c:\docume~1\owner~1.hom\applic~1\Lexmark Productivity Studio
2010-05-12 19:11:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-12 19:11:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
==================== Find3M ====================
2010-03-18 14:51:49 22744 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
============= FINISH: 7:43:36.51 ===============
IndiGenus
2010-06-02, 22:45
Hello PJS4U and welcome to the forums. Sorry for the delay in getting to your post here.
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.
Also run DDS again and post those logs. Let me know how it's running too.
Apologies for any delay in my reply, (my son just graduated from high school and it's very busy here, but I have other children still in school who depend on this computer).
Here is both logs, the DDS is the second log. Note that when I first ran combo fix, it warned me that "Security Master AV" was on... That is one of the reasons that brought me to you, I have no idea what this is (and it's shutting off McAfee..)
Here is Combo Fix, followed by DDS;
*************************
ComboFix 10-06-03.01 - Owner 06/03/2010 23:10:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.799 [GMT -4:00]
Running from: c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Desktop\ComboFix.exe
AV: Security Master AV *On-access scanning enabled* (Updated) {D74A0D83-FE05-4125-8495-4C0CC09D0C51}
FW: Security Master AV *enabled* {E2F1965C-6EFD-4BE5-827C-09E7EDDD0C9B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Security Master AV
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\GoToAssistDownloadHelper.exe
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\ANTIGEN.drv
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\ANTIGEN.sys
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\cb.tmp
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\CLSV.drv
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\delfile.sys
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\eb.exe
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\eb.tmp
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\energy.exe
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\exec.drv
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\exec.tmp
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\fix.drv
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\kernel32.exe
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\PE.dll
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\PE.drv
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\PE.sys
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\runddlkey.exe
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\runddlkey.sys
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\SICKBOY.exe
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\sld.sys
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\SM.exe
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\SM.sys
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\snl2w.drv
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\std.drv
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\std.sys
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\Thumbs.db
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Recent\tjd.exe
c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Start Menu\Security Master AV.lnk
c:\windows\system32\drivers\fad.sys
c:\windows\system32\logs
c:\windows\system32\logs\Settings.dat
c:\windows\system32\lowsec
.
((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))
.
2010-05-31 11:41 . 2010-05-31 11:41 -------- d-----w- c:\program files\ERUNT
2010-05-31 11:15 . 2010-05-31 11:15 243 ----a-w- C:\host.bat
2010-05-30 02:28 . 2010-05-30 02:28 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\SMQUDJAV
2010-05-30 02:27 . 2010-05-30 15:52 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\Application Data\ca874f3
2010-05-25 12:19 . 2010-05-25 12:19 503808 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6fca1e9a-n\msvcp71.dll
2010-05-25 12:19 . 2010-05-25 12:19 499712 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6fca1e9a-n\jmc.dll
2010-05-25 12:19 . 2010-05-25 12:19 348160 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6fca1e9a-n\msvcr71.dll
2010-05-25 12:19 . 2010-05-25 12:19 61440 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-61befae4-n\decora-sse.dll
2010-05-25 12:19 . 2010-05-25 12:19 12800 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-61befae4-n\decora-d3d.dll
2010-05-24 19:38 . 2010-05-24 19:38 503808 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-73bf3bc5-n\msvcp71.dll
2010-05-24 19:38 . 2010-05-24 19:38 499712 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-73bf3bc5-n\jmc.dll
2010-05-24 19:38 . 2010-05-24 19:38 348160 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-73bf3bc5-n\msvcr71.dll
2010-05-24 19:38 . 2010-05-24 19:38 12800 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b750d90-n\decora-d3d.dll
2010-05-24 19:38 . 2010-05-24 19:38 61440 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b750d90-n\decora-sse.dll
2010-05-21 22:28 . 2010-05-21 22:28 137216 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\WorldWinner\shared\fmod.dll
2010-05-21 22:28 . 2010-05-21 22:28 937984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\WorldWinner\plantsvzombies\plantsvzombies.dll
2010-05-21 22:28 . 2010-05-21 22:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WorldWinner
2010-05-17 02:59 . 2010-05-17 02:59 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Lexmark Productivity Studio
2010-05-12 19:12 . 2010-05-12 19:12 503808 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65db2d2f-n\msvcp71.dll
2010-05-12 19:12 . 2010-05-12 19:12 499712 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65db2d2f-n\jmc.dll
2010-05-12 19:12 . 2010-05-12 19:12 348160 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65db2d2f-n\msvcr71.dll
2010-05-12 19:12 . 2010-05-12 19:12 61440 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cdb9525-n\decora-sse.dll
2010-05-12 19:12 . 2010-05-12 19:12 12800 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cdb9525-n\decora-d3d.dll
2010-05-12 19:11 . 2010-05-12 19:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 18:43 . 2003-11-27 07:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-17 03:04 . 2007-12-04 19:47 -------- d-----w- c:\program files\Verizon
2010-05-17 02:58 . 2010-04-26 15:55 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\W Photo Studio
2010-05-16 16:35 . 2010-04-26 15:48 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\W Photo Studio Viewer
2010-05-15 12:48 . 2010-03-20 14:41 49376 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-12 18:48 . 2010-02-26 02:12 -------- d-----w- c:\program files\Common Files\Java
2010-04-26 16:19 . 2010-04-26 16:19 -------- d-----w- c:\program files\MSECache
2010-04-26 15:53 . 2010-04-26 15:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Walgreens
2010-04-26 15:53 . 2010-04-26 15:53 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Walgreens
2010-04-26 15:53 . 2010-04-26 15:53 -------- d-----w- c:\program files\Common Files\HP
2010-04-26 15:53 . 2007-12-02 16:59 -------- d-----w- c:\program files\Walgreens
2010-03-31 10:18 . 2010-03-21 16:50 181976 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-21 17:47 . 2010-03-21 17:47 86016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-21 17:08 . 2010-03-21 17:08 144 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Local Settings\Application Data\fusioncache.dat
2010-03-21 00:44 . 2010-03-21 00:44 15648 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-20 21:47 . 2010-03-16 16:14 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-03-18 14:51 . 2010-03-16 16:12 22744 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15 . 2003-07-16 20:49 420352 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-12 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-3-20 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdncoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnjswx.exe"=
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 7:43 PM 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdnserv.exe [7/26/2009 10:41 AM 98984]
S3 MHIKEY10;MHIKEY10;c:\windows\SYSTEM32\DRIVERS\MHIKEY10.sys [5/27/2008 2:52 AM 51072]
.
Contents of the 'Scheduled Tasks' folder
2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 23:43]
2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 23:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Security Master AV - c:\documents and settings\All Users.WINDOWS\Application Data\ca874f3\SMca87.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 23:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2010-06-03 23:21:28
ComboFix-quarantined-files.txt 2010-06-04 03:21
Pre-Run: 53,112,840,192 bytes free
Post-Run: 53,888,151,552 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - CC2E52CFF74876DAC06B27B897134FC9
******* and now the DDS log *************
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 23:24:04.07 on Thu 06/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.719 [GMT -4:00]
AV: Security Master AV *On-access scanning enabled* (Updated) {D74A0D83-FE05-4125-8495-4C0CC09D0C51}
FW: Security Master AV *enabled* {E2F1965C-6EFD-4BE5-827C-09E7EDDD0C9B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner.HOME-BOZ9LU5SIN\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269108245640
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269108233921
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
Notify: igfxcui - igfxsrvc.dll
============= SERVICES / DRIVERS ===============
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-12 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-7-26 98984]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2008-5-27 51072]
=============== Created Last 30 ================
2010-06-04 03:08:51 0 d-sha-r- C:\cmdcons
2010-06-04 03:04:00 98816 ----a-w- c:\windows\sed.exe
2010-06-04 03:04:00 77312 ----a-w- c:\windows\MBR.exe
2010-06-04 03:04:00 256512 ----a-w- c:\windows\PEV.exe
2010-06-04 03:04:00 161792 ----a-w- c:\windows\SWREG.exe
2010-05-31 11:15:25 243 ----a-w- C:\host.bat
2010-05-30 11:16:21 8212 ----a-w- c:\windows\mfebcdata
2010-05-30 02:28:15 0 d-sh--w- c:\docume~1\alluse~1.win\applic~1\SMQUDJAV
2010-05-30 02:27:54 0 d-sh--w- c:\docume~1\alluse~1.win\applic~1\ca874f3
2010-05-21 22:28:25 0 d-----w- c:\docume~1\alluse~1.win\applic~1\WorldWinner
2010-05-17 02:59:04 0 d-----w- c:\docume~1\owner~1.hom\applic~1\Lexmark Productivity Studio
2010-05-12 19:11:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-12 19:11:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
==================== Find3M ====================
2010-03-18 14:51:49 22744 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
============= FINISH: 23:24:12.57 ===============
IndiGenus
2010-06-04, 15:45
We'll clear up the rogue that's blocking McAfee. It is possible that McAfee will need to be re-installed as it looks like there are some missing "parts". We'll see after you're clean.
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
1. Open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File::
C:\host.bat
Folder::
c:\documents and settings\All Users.WINDOWS\Application Data\SMQUDJAV
c:\documents and settings\All Users.WINDOWS\Application Data\ca874f3
SecCenter::
AV: Security Master AV *On-access scanning enabled* (Updated) {D74A0D83-FE05-4125-8495-4C0CC09D0C51}
FW: Security Master AV *enabled* {E2F1965C-6EFD-4BE5-827C-09E7EDDD0C9B}
DDS::
uURLSearchHooks: H - No File
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt New DDS logs. Please post both logs this time. .
*****************
Here is combofix log: *
*****************
ComboFix 10-06-03.01 - Owner 06/04/2010 20:33:47.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.912 [GMT -4:00]
Running from: c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Desktop\CFScript.txt
FILE ::
"C:\host.bat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS\Application Data\ca874f3
c:\documents and settings\All Users.WINDOWS\Application Data\ca874f3\Thumbs.db
c:\documents and settings\All Users.WINDOWS\Application Data\SMQUDJAV
c:\documents and settings\All Users.WINDOWS\Application Data\SMQUDJAV\SMJIAZMIMAV.cfg
C:\host.bat
.
((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))
.
2010-05-31 11:41 . 2010-05-31 11:41 -------- d-----w- c:\program files\ERUNT
2010-05-25 12:19 . 2010-05-25 12:19 503808 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6fca1e9a-n\msvcp71.dll
2010-05-25 12:19 . 2010-05-25 12:19 499712 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6fca1e9a-n\jmc.dll
2010-05-25 12:19 . 2010-05-25 12:19 348160 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6fca1e9a-n\msvcr71.dll
2010-05-25 12:19 . 2010-05-25 12:19 61440 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-61befae4-n\decora-sse.dll
2010-05-25 12:19 . 2010-05-25 12:19 12800 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-61befae4-n\decora-d3d.dll
2010-05-24 19:38 . 2010-05-24 19:38 503808 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-73bf3bc5-n\msvcp71.dll
2010-05-24 19:38 . 2010-05-24 19:38 499712 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-73bf3bc5-n\jmc.dll
2010-05-24 19:38 . 2010-05-24 19:38 348160 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-73bf3bc5-n\msvcr71.dll
2010-05-24 19:38 . 2010-05-24 19:38 12800 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b750d90-n\decora-d3d.dll
2010-05-24 19:38 . 2010-05-24 19:38 61440 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b750d90-n\decora-sse.dll
2010-05-21 22:28 . 2010-05-21 22:28 137216 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\WorldWinner\shared\fmod.dll
2010-05-21 22:28 . 2010-05-21 22:28 937984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\WorldWinner\plantsvzombies\plantsvzombies.dll
2010-05-21 22:28 . 2010-05-21 22:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WorldWinner
2010-05-17 02:59 . 2010-05-17 02:59 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Lexmark Productivity Studio
2010-05-12 19:12 . 2010-05-12 19:12 503808 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65db2d2f-n\msvcp71.dll
2010-05-12 19:12 . 2010-05-12 19:12 499712 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65db2d2f-n\jmc.dll
2010-05-12 19:12 . 2010-05-12 19:12 348160 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65db2d2f-n\msvcr71.dll
2010-05-12 19:12 . 2010-05-12 19:12 61440 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cdb9525-n\decora-sse.dll
2010-05-12 19:12 . 2010-05-12 19:12 12800 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cdb9525-n\decora-d3d.dll
2010-05-12 19:11 . 2010-05-12 19:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 18:43 . 2003-11-27 07:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-17 03:04 . 2007-12-04 19:47 -------- d-----w- c:\program files\Verizon
2010-05-17 02:58 . 2010-04-26 15:55 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\W Photo Studio
2010-05-16 16:35 . 2010-04-26 15:48 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\W Photo Studio Viewer
2010-05-15 12:48 . 2010-03-20 14:41 49376 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-12 18:48 . 2010-02-26 02:12 -------- d-----w- c:\program files\Common Files\Java
2010-04-26 16:19 . 2010-04-26 16:19 -------- d-----w- c:\program files\MSECache
2010-04-26 15:53 . 2010-04-26 15:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Walgreens
2010-04-26 15:53 . 2010-04-26 15:53 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Walgreens
2010-04-26 15:53 . 2010-04-26 15:53 -------- d-----w- c:\program files\Common Files\HP
2010-04-26 15:53 . 2007-12-02 16:59 -------- d-----w- c:\program files\Walgreens
2010-03-31 10:18 . 2010-03-21 16:50 181976 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-21 17:47 . 2010-03-21 17:47 86016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-21 17:08 . 2010-03-21 17:08 144 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Local Settings\Application Data\fusioncache.dat
2010-03-21 00:44 . 2010-03-21 00:44 15648 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-20 21:47 . 2010-03-16 16:14 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-03-18 14:51 . 2010-03-16 16:12 22744 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15 . 2003-07-16 20:49 420352 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-04_03.18.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-05 00:24 . 2010-06-05 00:24 16384 c:\windows\Temp\Perflib_Perfdata_78c.dat
+ 2010-06-05 00:24 . 2010-06-05 00:24 16384 c:\windows\Temp\Perflib_Perfdata_680.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-12 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-3-20 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdncoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnjswx.exe"=
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 7:43 PM 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdnserv.exe [7/26/2009 10:41 AM 98984]
S3 MHIKEY10;MHIKEY10;c:\windows\SYSTEM32\DRIVERS\MHIKEY10.sys [5/27/2008 2:52 AM 51072]
.
Contents of the 'Scheduled Tasks' folder
2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 23:43]
2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 23:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 20:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-06-04 20:44:50
ComboFix-quarantined-files.txt 2010-06-05 00:44
ComboFix2.txt 2010-06-04 03:21
Pre-Run: 53,877,379,072 bytes free
Post-Run: 53,877,665,792 bytes free
- - End Of File - - 6E1A676C4AF8DE7197F8B969489ECE25
*****************
Here is the DDS LOG: *
*****************
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:46:07.48 on Fri 06/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.776 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner.HOME-BOZ9LU5SIN\Local Settings\Temporary Internet Files\Content.IE5\J866WT0M\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269108245640
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269108233921
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
Notify: igfxcui - igfxsrvc.dll
============= SERVICES / DRIVERS ===============
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-12 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-7-26 98984]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2008-5-27 51072]
=============== Created Last 30 ================
2010-06-04 03:08:51 0 d-sha-r- C:\cmdcons
2010-06-04 03:04:00 98816 ----a-w- c:\windows\sed.exe
2010-06-04 03:04:00 77312 ----a-w- c:\windows\MBR.exe
2010-06-04 03:04:00 256512 ----a-w- c:\windows\PEV.exe
2010-06-04 03:04:00 161792 ----a-w- c:\windows\SWREG.exe
2010-05-30 11:16:21 8212 ----a-w- c:\windows\mfebcdata
2010-05-21 22:28:25 0 d-----w- c:\docume~1\alluse~1.win\applic~1\WorldWinner
2010-05-17 02:59:04 0 d-----w- c:\docume~1\owner~1.hom\applic~1\Lexmark Productivity Studio
2010-05-12 19:11:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-12 19:11:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
==================== Find3M ====================
2010-03-18 14:51:49 22744 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
============= FINISH: 20:46:20.68 ===============
**********************
And here is the attach log: *
**********************
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/18/2010 10:59:14 AM
System Uptime: 6/4/2010 8:24:16 PM (0 hours ago)
Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | Microprocessor | 2525/533mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 50.204 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 3/18/2010 11:01:33 AM - System Checkpoint
RP2: 3/19/2010 11:27:53 AM - Installed Broadcom Driver Installer
RP3: 3/19/2010 11:33:44 AM - Configured Broadcom Driver Installer
RP4: 3/19/2010 11:34:54 AM - Configured Broadcom Management Programs
RP5: 3/19/2010 11:45:29 AM - Installed Broadcom Advanced Control Suite
RP6: 3/19/2010 11:46:50 AM - Configured Broadcom Driver Installer
RP7: 3/19/2010 11:48:53 AM - Configured Broadcom Driver Installer
RP8: 3/19/2010 11:49:51 AM - Configured Broadcom Management Programs
RP9: 3/19/2010 11:50:21 AM - Configured Broadcom Management Programs
RP10: 3/19/2010 11:54:15 AM - Installed Java 2 Runtime Environment, SE v1.4.2
RP11: 3/20/2010 12:54:29 PM - System Checkpoint
RP12: 3/20/2010 1:09:40 PM - Installed Realtek RTL8139 Diagnostics Program
RP13: 3/20/2010 1:26:23 PM - Removed Realtek RTL8139 Diagnostics Program
RP14: 3/20/2010 1:37:34 PM - Installed Realtek RTL8139 Diagnostics Program
RP15: 3/20/2010 2:07:06 PM - Software Distribution Service 3.0
RP16: 3/20/2010 2:07:47 PM - Installed Windows XP KB842773.
RP17: 3/20/2010 2:08:33 PM - Installed Windows Installer KB893803v2.
RP18: 3/20/2010 2:08:44 PM - Installed Windows XP KB892130.
RP19: 3/20/2010 2:08:57 PM - Installed Windows XP KB898461.
RP20: 3/20/2010 10:24:21 AM - Software Distribution Service 3.0
RP21: 3/20/2010 10:28:46 AM - Installed Windows XP Service Pack 2.
RP22: 3/20/2010 11:25:04 AM - Software Distribution Service 3.0
RP23: 3/20/2010 3:10:57 PM - Installed TurboTax 2008 wrapper
RP24: 3/20/2010 3:11:42 PM - Installed TurboTax 2008 WinPerReleaseEngine
RP25: 3/20/2010 3:13:32 PM - Installed TurboTax 2008 WinPerFedFormset
RP26: 3/20/2010 3:14:20 PM - Installed TurboTax 2008 WinPerTaxSupport
RP27: 3/20/2010 3:14:51 PM - Installed TurboTax 2008 WinPerProgramHelp
RP28: 3/20/2010 3:15:26 PM - Installed TurboTax 2008 WinPerUserEducation
RP29: 3/20/2010 3:15:31 PM - Installed AnswerWorks 5.0 English Runtime
RP30: 3/20/2010 5:23:06 PM - Software Distribution Service 3.0
RP31: 3/20/2010 5:26:31 PM - Software Distribution Service 3.0
RP32: 3/20/2010 7:08:53 PM - Software Distribution Service 3.0
RP33: 3/20/2010 8:59:44 PM - Software Distribution Service 3.0
RP34: 3/20/2010 9:16:51 PM - Software Distribution Service 3.0
RP35: 3/21/2010 2:10:16 AM - Software Distribution Service 3.0
RP36: 3/21/2010 2:51:04 AM - Installed TurboTax 2009 wrapper
RP37: 3/21/2010 2:51:23 AM - Installed TurboTax 2009 WinPerReleaseEngine
RP38: 3/21/2010 2:54:35 AM - Installed TurboTax 2009 WinPerFedFormset
RP39: 3/21/2010 2:56:59 AM - Installed TurboTax 2009 WinPerTaxSupport
RP40: 3/21/2010 4:01:00 AM - Installed McAfee Virtual Technician
RP41: 3/21/2010 11:00:05 AM - Installed TurboTax 2009 wmaiper
RP42: 3/21/2010 12:30:29 PM - Software Distribution Service 3.0
RP43: 3/21/2010 1:50:30 PM - Installed Adobe Reader 9.3.
RP44: 3/22/2010 6:00:15 AM - Software Distribution Service 3.0
RP45: 3/22/2010 10:26:33 AM - Installed SoundMAX
RP46: 3/22/2010 10:26:43 AM - Installed SoundMAX
RP47: 3/22/2010 5:20:53 PM - Installed Microsoft Office Professional Edition 2003
RP48: 3/22/2010 5:53:18 PM - Software Distribution Service 3.0
RP49: 3/23/2010 5:54:40 PM - System Checkpoint
RP50: 3/24/2010 6:00:37 AM - Software Distribution Service 3.0
RP51: 3/25/2010 6:54:40 AM - System Checkpoint
RP52: 3/26/2010 7:54:40 AM - System Checkpoint
RP53: 3/27/2010 8:54:40 AM - System Checkpoint
RP54: 3/28/2010 8:54:44 AM - System Checkpoint
RP55: 3/29/2010 10:28:37 AM - System Checkpoint
RP56: 3/30/2010 10:54:44 AM - System Checkpoint
RP57: 3/31/2010 6:00:18 AM - Software Distribution Service 3.0
RP58: 4/1/2010 6:23:17 AM - System Checkpoint
RP59: 4/2/2010 7:23:17 AM - System Checkpoint
RP60: 4/3/2010 8:23:17 AM - System Checkpoint
RP61: 4/4/2010 12:10:53 PM - System Checkpoint
RP62: 4/5/2010 12:23:20 PM - System Checkpoint
RP63: 4/6/2010 2:16:42 PM - System Checkpoint
RP64: 4/7/2010 2:26:25 PM - System Checkpoint
RP65: 4/8/2010 3:26:25 PM - System Checkpoint
RP66: 4/9/2010 5:11:49 PM - System Checkpoint
RP67: 4/10/2010 5:22:24 PM - System Checkpoint
RP68: 4/11/2010 6:19:39 PM - System Checkpoint
RP69: 4/12/2010 6:36:49 PM - System Checkpoint
RP70: 4/13/2010 9:19:13 PM - System Checkpoint
RP71: 4/14/2010 3:00:23 AM - Software Distribution Service 3.0
RP72: 4/15/2010 3:00:15 AM - Software Distribution Service 3.0
RP73: 4/16/2010 3:00:16 AM - Software Distribution Service 3.0
RP74: 4/17/2010 3:22:07 AM - System Checkpoint
RP75: 4/18/2010 4:01:51 AM - System Checkpoint
RP76: 4/19/2010 5:01:51 AM - System Checkpoint
RP77: 4/20/2010 6:01:51 AM - System Checkpoint
RP78: 4/21/2010 7:08:08 AM - System Checkpoint
RP79: 4/22/2010 7:35:37 AM - System Checkpoint
RP80: 4/23/2010 8:02:56 AM - System Checkpoint
RP81: 4/24/2010 8:36:34 AM - System Checkpoint
RP82: 4/25/2010 9:02:07 AM - System Checkpoint
RP83: 4/26/2010 10:01:10 AM - System Checkpoint
RP84: 4/26/2010 11:53:11 AM - Installed W Photo Studio
RP85: 4/26/2010 12:19:43 PM - Installed Compatibility Pack for the 2007 Office system
RP86: 4/27/2010 12:39:35 PM - System Checkpoint
RP87: 4/28/2010 3:00:16 AM - Software Distribution Service 3.0
RP88: 4/29/2010 3:02:02 AM - System Checkpoint
RP89: 4/30/2010 4:02:02 AM - System Checkpoint
RP90: 5/1/2010 5:02:02 AM - System Checkpoint
RP91: 5/2/2010 6:02:02 AM - System Checkpoint
RP92: 5/3/2010 8:03:04 AM - System Checkpoint
RP93: 5/4/2010 8:11:11 AM - System Checkpoint
RP94: 5/5/2010 9:03:07 AM - System Checkpoint
RP95: 5/6/2010 10:03:11 AM - System Checkpoint
RP96: 5/7/2010 11:02:02 AM - System Checkpoint
RP97: 5/8/2010 11:17:05 AM - System Checkpoint
RP98: 5/9/2010 12:17:05 PM - System Checkpoint
RP99: 5/10/2010 1:16:00 PM - System Checkpoint
RP100: 5/11/2010 2:16:01 PM - System Checkpoint
RP101: 5/12/2010 3:00:34 AM - Software Distribution Service 3.0
RP102: 5/12/2010 2:48:25 PM - Removed Java 2 Runtime Environment, SE v1.4.2
RP103: 5/12/2010 3:11:08 PM - Installed Java(TM) 6 Update 20
RP104: 5/13/2010 3:00:16 AM - Software Distribution Service 3.0
RP105: 5/14/2010 3:19:35 AM - System Checkpoint
RP106: 5/15/2010 4:19:35 AM - System Checkpoint
RP107: 5/16/2010 4:19:40 AM - System Checkpoint
RP108: 5/17/2010 5:19:40 AM - System Checkpoint
RP109: 5/18/2010 6:19:40 AM - System Checkpoint
RP110: 5/19/2010 7:45:31 AM - System Checkpoint
RP111: 5/20/2010 8:39:47 AM - System Checkpoint
RP112: 5/21/2010 9:44:46 AM - System Checkpoint
RP113: 5/22/2010 10:03:01 AM - System Checkpoint
RP114: 5/23/2010 10:19:41 AM - System Checkpoint
RP115: 5/24/2010 11:19:41 AM - System Checkpoint
RP116: 5/25/2010 11:20:46 AM - System Checkpoint
RP117: 5/26/2010 3:00:15 AM - Software Distribution Service 3.0
RP118: 5/27/2010 3:51:55 AM - System Checkpoint
RP119: 5/28/2010 4:05:43 AM - System Checkpoint
RP120: 5/29/2010 5:05:20 AM - System Checkpoint
RP121: 5/30/2010 5:40:24 AM - System Checkpoint
RP122: 5/30/2010 2:43:02 PM - Removed Realtek RTL8139 Diagnostics Program
RP123: 5/30/2010 2:43:41 PM - Removed AnswerWorks 5.0 English Runtime
RP124: 5/30/2010 6:44:39 PM - Removed McAfee Virtual Technician
RP125: 5/30/2010 6:44:51 PM - Installed McAfee Virtual Technician
RP126: 5/31/2010 7:31:18 PM - System Checkpoint
RP127: 6/1/2010 8:36:15 PM - System Checkpoint
RP128: 6/2/2010 9:12:14 PM - System Checkpoint
RP129: 6/3/2010 9:34:53 PM - System Checkpoint
==== Installed Programs ======================
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
B57Inst
BACS
BCM V.92 56K Modem
Broadcom Advanced Control Suite
Broadcom Driver Installer
Broadcom Management Programs
Compatibility Pack for the 2007 Office system
Dell Driver Download Manager
Dell ResourceCD
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Java Auto Updater
Java(TM) 6 Update 20
Lexmark 2600 Series
McAfee Virtual Technician
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Professional Edition 2003
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SoundMAX
Spybot - Search & Destroy
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmaiper
TurboTax 2009 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Verizon High Speed Internet
W Photo Studio
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
WinZip
==== Event Viewer Messages From Past Week ========
6/3/2010 4:00:29 PM, error: Print [6161] - The document http://www.umassvegetable.org/food_farming_systems/csa/ owned by Owner failed to print on printer Lexmark 2600 Series. Data type: LEMF. Size of the spool file in bytes: 329140. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 1. Client machine: \\HOME-BOZ9LU5SIN. Win32 error code returned by the print processor: 0 (0x0).
5/30/2010 6:43:57 PM, error: DCOM [10000] - Unable to start a DCOM Server: {3A65891C-3794-43E5-89C8-20CCD19902CE}. The error: "%3" Happened while starting this command: "C:\Program Files\McAfee\Supportability\MVT\MvtApp.exe" -Embedding
5/30/2010 5:47:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SiteAdvisor Service service to connect.
5/30/2010 5:47:15 PM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/30/2010 5:47:15 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
5/30/2010 5:40:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Services service to connect.
5/30/2010 5:40:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Real-time Scanner service to connect.
5/30/2010 5:40:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Proxy Service service to connect.
5/30/2010 5:40:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Personal Firewall Service service to connect.
5/30/2010 5:40:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Network Agent service to connect.
5/30/2010 5:40:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.
5/30/2010 5:40:27 PM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/30/2010 5:40:27 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/30/2010 5:40:27 PM, error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/30/2010 5:40:27 PM, error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/30/2010 5:40:27 PM, error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/30/2010 5:40:27 PM, error: Service Control Manager [7000] - The lxdnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
==== End Of File ===========================
IndiGenus
2010-06-05, 02:56
Doesn't even look like McAfee is installed any more. All I see is:
McAfee Virtual Technician
Did you remove it at some point?
Let me know how things are running in your next post please.
Let's continue with the fix:
Use ATF Cleaner to remove temp files, cookies, cache, ect...
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.
****************************
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)
You need to use Internet Explorer for this scan.
Click on Kaspersky Online Scanner and click Accept
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
Hello IndiGenus,
Thanks for all your help so far.
RE: McAFee, - No I did not remove it.
RE: How is the computer running? - It is running fine right now, - no pop ups, I have not used google - So I don't know if there are any re-directs.
But my children have been doing research for school, surfing the internet, and there hasn't been any problem.
I ran the ATF Cleaner.
I also ran Malwarebytes, Here is the log, Note that Malwarebytes found 2 infected files, which it removed. It then asked me to reboot, which I did. However, the PC hung while trying to reboot. I watche the scrooling microsoft bar for about 10 minutes, then I finally turned it off. I turned it on and it came up fine.
The Malwarebytes log is followed by the Kaspersky log.
Thanks again for all your help.
************************************
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4172
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/6/2010 8:09:04 AM
mbam-log-2010-06-06 (08-09-04).txt
Scan type: Quick scan
Objects scanned: 221157
Time elapsed: 19 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Peter Starvaski\Application Data\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Peter Starvaski\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
**************************
Here's the Kaspersky Log *
**************************
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, June 7, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, June 06, 2010 21:04:08
Records in database: 4206184
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Objects scanned: 111616
Threats found: 3
Infected objects found: 57
Suspicious objects found: 0
Scan duration: 03:36:26
File name / Threat / Threats count
C:\Documents and Settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\cache\6.0\23\2c3b3a57-1942a2ac Infected: Exploit.Java.Agent.f 1
C:\System Volume Information\_restore{1D99B9D9-21CA-4F77-B834-A7E18B184367}\RP129\A0018513.exe Infected: Trojan-Downloader.Win32.FraudLoad.gve 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143521.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143530.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143531.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143532.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143533.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143534.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143535.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143536.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143537.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143538.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143541.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143542.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154601.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154604.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154605.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154606.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154607.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154608.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154609.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154629.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154630.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173451.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173456.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173457.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173500.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173501.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173502.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173503.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173504.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173505.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173507.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173508.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173509.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173510.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173511.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173512.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-070639.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-071605.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-071607.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-071608.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-071610.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-072732.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-072733.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-072734.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-072735.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-072736.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075411.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075859.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075900.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075901.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075902.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075903.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075904.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075905.backup Infected: Trojan.Win32.Qhost.myc 1
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075906.backup Infected: Trojan.Win32.Qhost.myc 1
Selected area has been scanned.
IndiGenus
2010-06-07, 15:24
So is McAfee running now? Are you able to open it and run a scan? I have a good feeling that will be no and you may need to re-install it, or install one of the free alternative AV's. Let me know.
Let's clear out what Kaspersky found.
Clear out your Java Cache as described in the following link:
http://www.java.com/en/download/help/plugin_cache.xml
********************************
1. Open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
SkipFix::
File::
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143521.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143530.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143531.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143532.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143533.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143534.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143535.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143536.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143537.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143538.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143541.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-143542.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154601.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154604.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154605.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154606.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154607.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154608.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154609.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154629.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-154630.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173451.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173456.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173457.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173500.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173501.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173502.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173503.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173504.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173505.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173507.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173508.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173509.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173510.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173511.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100530-173512.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-070639.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-071605.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-071607.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-071608.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-071610.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-072732.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-072733.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-072734.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-072735.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-072736.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075411.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075859.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075900.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075901.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075902.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075903.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075904.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075905.backup
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20100531-075906.backup
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new DDS log. Just DDS.txt. .
McAfee is not running now, I can't find it on the PC, but I will try after this post.
I cleared out my Java cache.
Here are the combo fix and DDS logs, if I get McAfee running I'll post a reply and let you know.
Thanks,
PJS4U
ComboFix 10-06-03.01 - Owner 06/09/2010 19:18:04.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.751 [GMT -4:00]
Running from: c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Desktop\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
FILE ::
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143521.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143530.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143531.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143532.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143533.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143534.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143535.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143536.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143537.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143538.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143541.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143542.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154601.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154604.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154605.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154606.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154607.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154608.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154609.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154629.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154630.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173451.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173456.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173457.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173500.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173501.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173502.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173503.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173504.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173505.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173507.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173508.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173509.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173510.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173511.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173512.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-070639.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-071605.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-071607.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-071608.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-071610.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-072732.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-072733.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-072734.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-072735.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-072736.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075411.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075859.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075900.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075901.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075902.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075903.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075904.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075905.backup"
"c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075906.backup"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143521.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143530.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143531.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143532.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143533.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143534.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143535.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143536.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143537.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143538.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143541.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-143542.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154601.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154604.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154605.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154606.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154607.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154608.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154609.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154629.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-154630.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173451.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173456.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173457.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173500.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173501.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173502.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173503.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173504.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173505.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173507.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173508.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173509.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173510.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173511.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100530-173512.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-070639.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-071605.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-071607.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-071608.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-071610.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-072732.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-072733.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-072734.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-072735.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-072736.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075411.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075859.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075900.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075901.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075902.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075903.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075904.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075905.backup
c:\windows\SYSTEM32\DRIVERS\ETC\hosts.20100531-075906.backup
.
((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.
2010-06-06 11:48 . 2010-06-06 11:48 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Malwarebytes
2010-06-06 11:47 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 11:47 . 2010-06-06 11:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-06-06 11:47 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 11:41 . 2010-05-31 11:41 -------- d-----w- c:\program files\ERUNT
2010-05-21 22:28 . 2010-05-21 22:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WorldWinner
2010-05-17 02:59 . 2010-05-17 02:59 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Lexmark Productivity Studio
2010-05-12 19:11 . 2010-05-12 19:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 11:47 . 2010-02-20 15:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-30 18:43 . 2003-11-27 07:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-25 12:19 . 2010-05-25 12:19 503808 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6fca1e9a-n\msvcp71.dll
2010-05-25 12:19 . 2010-05-25 12:19 499712 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6fca1e9a-n\jmc.dll
2010-05-25 12:19 . 2010-05-25 12:19 348160 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6fca1e9a-n\msvcr71.dll
2010-05-25 12:19 . 2010-05-25 12:19 61440 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-61befae4-n\decora-sse.dll
2010-05-25 12:19 . 2010-05-25 12:19 12800 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-61befae4-n\decora-d3d.dll
2010-05-24 19:38 . 2010-05-24 19:38 503808 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-73bf3bc5-n\msvcp71.dll
2010-05-24 19:38 . 2010-05-24 19:38 499712 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-73bf3bc5-n\jmc.dll
2010-05-24 19:38 . 2010-05-24 19:38 348160 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-73bf3bc5-n\msvcr71.dll
2010-05-24 19:38 . 2010-05-24 19:38 12800 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b750d90-n\decora-d3d.dll
2010-05-24 19:38 . 2010-05-24 19:38 61440 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4b750d90-n\decora-sse.dll
2010-05-21 22:28 . 2010-05-21 22:28 137216 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\WorldWinner\shared\fmod.dll
2010-05-21 22:28 . 2010-05-21 22:28 937984 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\WorldWinner\plantsvzombies\plantsvzombies.dll
2010-05-17 03:04 . 2007-12-04 19:47 -------- d-----w- c:\program files\Verizon
2010-05-17 02:58 . 2010-04-26 15:55 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\W Photo Studio
2010-05-16 16:35 . 2010-04-26 15:48 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\W Photo Studio Viewer
2010-05-15 12:48 . 2010-03-20 14:41 49376 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-12 19:12 . 2010-05-12 19:12 503808 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65db2d2f-n\msvcp71.dll
2010-05-12 19:12 . 2010-05-12 19:12 499712 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65db2d2f-n\jmc.dll
2010-05-12 19:12 . 2010-05-12 19:12 348160 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-65db2d2f-n\msvcr71.dll
2010-05-12 19:12 . 2010-05-12 19:12 61440 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cdb9525-n\decora-sse.dll
2010-05-12 19:12 . 2010-05-12 19:12 12800 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cdb9525-n\decora-d3d.dll
2010-05-12 18:48 . 2010-02-26 02:12 -------- d-----w- c:\program files\Common Files\Java
2010-04-26 16:19 . 2010-04-26 16:19 -------- d-----w- c:\program files\MSECache
2010-04-26 15:53 . 2010-04-26 15:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Walgreens
2010-04-26 15:53 . 2010-04-26 15:53 -------- d-----w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Application Data\Walgreens
2010-04-26 15:53 . 2010-04-26 15:53 -------- d-----w- c:\program files\Common Files\HP
2010-04-26 15:53 . 2007-12-02 16:59 -------- d-----w- c:\program files\Walgreens
2010-03-31 10:18 . 2010-03-21 16:50 181976 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-21 17:47 . 2010-03-21 17:47 86016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-21 17:08 . 2010-03-21 17:08 144 ----a-w- c:\documents and settings\Owner.HOME-BOZ9LU5SIN\Local Settings\Application Data\fusioncache.dat
2010-03-21 00:44 . 2010-03-21 00:44 15648 ----a-w- c:\documents and settings\peter starvaski.HOME-BOZ9LU5SIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-20 21:47 . 2010-03-16 16:14 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-03-18 14:51 . 2010-03-16 16:12 22744 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((( SnapShot@2010-06-04_03.18.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-06 12:27 . 2010-06-06 12:27 16384 c:\windows\Temp\Perflib_Perfdata_5c8.dat
+ 2010-06-06 12:27 . 2010-06-06 12:27 16384 c:\windows\Temp\Perflib_Perfdata_368.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-12 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-3-20 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdncoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnjswx.exe"=
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2010 7:43 PM 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdnserv.exe [7/26/2009 10:41 AM 98984]
S3 MHIKEY10;MHIKEY10;c:\windows\SYSTEM32\DRIVERS\MHIKEY10.sys [5/27/2008 2:52 AM 51072]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa8c1747-7222-11df-873b-000d560f8ed9}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 23:43]
2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 23:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 19:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2010-06-09 19:28:10
ComboFix-quarantined-files.txt 2010-06-09 23:28
ComboFix2.txt 2010-06-05 00:44
ComboFix3.txt 2010-06-04 03:21
Pre-Run: 54,013,407,232 bytes free
Post-Run: 54,522,089,472 bytes free
- - End Of File - - 05819EC9DCC4D297A1B5913C97D693EB
***************
And the DDS LOG *
***************
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 19:30:23.90 on Wed 06/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.649 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\MSTORDB.EXE
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner.HOME-BOZ9LU5SIN\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269108245640
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269108233921
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
Notify: igfxcui - igfxsrvc.dll
============= SERVICES / DRIVERS ===============
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-12 135664]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-7-26 98984]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2008-5-27 51072]
=============== Created Last 30 ================
2010-06-06 11:48:06 0 d-----w- c:\docume~1\owner~1.hom\applic~1\Malwarebytes
2010-06-06 11:47:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 11:47:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-06 11:47:55 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-06-04 03:08:51 0 d-sha-r- C:\cmdcons
2010-06-04 03:04:00 98816 ----a-w- c:\windows\sed.exe
2010-06-04 03:04:00 77312 ----a-w- c:\windows\MBR.exe
2010-06-04 03:04:00 256512 ----a-w- c:\windows\PEV.exe
2010-06-04 03:04:00 161792 ----a-w- c:\windows\SWREG.exe
2010-05-30 11:16:21 8212 ----a-w- c:\windows\mfebcdata
2010-05-21 22:28:25 0 d-----w- c:\docume~1\alluse~1.win\applic~1\WorldWinner
2010-05-17 02:59:04 0 d-----w- c:\docume~1\owner~1.hom\applic~1\Lexmark Productivity Studio
2010-05-12 19:11:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-12 19:11:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
==================== Find3M ====================
2010-03-18 14:51:49 22744 ----a-w- c:\windows\system32\emptyregdb.dat
============= FINISH: 19:30:32.03 ===============
McAfee is now running again, firewall is on, etc..
I also ran a scan of spybot and it came back clean.
Thanks for all your help
IndiGenus
2010-06-10, 05:15
McAfee is now running again, firewall is on, etc..
I also ran a scan of spybot and it came back clean.
Great, glad you got it going.
Uninstall Combofix
Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
The above procedure will:
Delete the following: ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.
*************************
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.