Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Vundo!grb Help please

  1. #1
    Junior Member
    Join Date
    Feb 2009
    Posts
    12

    Default Vundo!grb Help please

    Hi. My name is Tee. I've got this virus. I done several things to try and get rid of it. First, McAfee popped up and said it was quarantined and removed. Then I ran a scan, talked to McAfee tech support and they had me do aother scan, remove the files, we did disc cleanup and they told me to do this all over again if that didn't take care of the problem. It didn't so I did everything all over. Same thing but now things are getting worse. Also, I did a system restore and it said that it was incomplete.

    I have a friend that recommeded your forum and said you could probably help a non-computer person, like me. I really need and would appreciate your help, please.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:59:09 AM, on 2/25/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn;*.local
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {43519d24-0a97-47e6-8979-79f43028575f} - C:\WINDOWS\system32\yobokusa.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll
    O2 - BHO: {5ed998a0-fb67-a44b-11d4-8571a38f0daf} - {fad0f83a-1758-4d11-b44a-76bf0a899de5} - C:\WINDOWS\system32\jrrqil.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Jyogu] rundll32.exe "C:\WINDOWS\esayakiw.dll",e
    O4 - HKLM\..\Run: [Spezebodamujumu] rundll32.exe "C:\WINDOWS\Khowomatum.dll",e
    O4 - HKLM\..\Run: [veyenodoyi] Rundll32.exe "C:\WINDOWS\system32\furutedu.dll",s
    O4 - HKLM\..\Run: [d86f29fc] rundll32.exe "C:\WINDOWS\system32\noyahopi.dll",b
    O4 - HKLM\..\Run: [CPMdb5c1a60] Rundll32.exe "c:\windows\system32\huwuzavo.dll",a
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [veyenodoyi] Rundll32.exe "C:\WINDOWS\system32\furutedu.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [veyenodoyi] Rundll32.exe "C:\WINDOWS\system32\furutedu.dll",s (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...S_ZUxdm080YYUS
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\wuboyiki.dll jrrqil.dll c:\windows\system32\huwuzavo.dll c:\windows\system32\zogekiga.dll
    O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing)
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huwuzavo.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huwuzavo.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 8895 bytes

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi there,

    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Feb 2009
    Posts
    12

    Default

    Hi. Thanks so much for helping. Please be patient with me because I don't even know some of the basics.


    I downloaded DDS but I am not sure how to disable any script blocking or even where or what would be blocking it. Could you direct me on this too please?

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Disable/turn off your McAfee and keep it disabled during DDS run. There should be McAfee icon in lower right corner on system tray. Right click the icon and you should be able to find an option to disable McAfee
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Feb 2009
    Posts
    12

    Default

    Okay.. thanks so much Blade. I hope I disabled everything correctly.

    Here is the file from the notepad.


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-02-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/11/2004 7:22:22 PM
    System Uptime: 2/26/2009 12:17:11 AM (48 hours ago)

    Motherboard: ASUSTek Computer INC. | | Kelut
    Processor: AMD Athlon(tm) XP 3200+ | Socket A | 2200/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 122.864 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP938: 11/30/2008 3:11:21 AM - System Checkpoint
    RP939: 12/1/2008 3:17:25 AM - System Checkpoint
    RP940: 12/2/2008 3:21:46 AM - System Checkpoint
    RP941: 12/3/2008 4:08:05 AM - System Checkpoint
    RP942: 12/4/2008 1:58:04 PM - System Checkpoint
    RP943: 12/5/2008 10:54:42 AM - Application kill.
    RP944: 12/5/2008 10:55:01 AM - Installation
    RP945: 12/6/2008 10:59:18 AM - System Checkpoint
    RP946: 12/7/2008 11:20:38 AM - System Checkpoint
    RP947: 12/8/2008 2:50:52 PM - System Checkpoint
    RP948: 12/9/2008 3:33:21 PM - System Checkpoint
    RP949: 12/10/2008 9:51:10 PM - System Checkpoint
    RP950: 12/12/2008 2:47:04 AM - System Checkpoint
    RP951: 12/13/2008 9:09:38 AM - System Checkpoint
    RP952: 12/14/2008 9:36:56 AM - System Checkpoint
    RP953: 12/15/2008 12:58:07 PM - System Checkpoint
    RP954: 12/16/2008 7:34:07 PM - System Checkpoint
    RP955: 12/18/2008 1:11:56 AM - System Checkpoint
    RP956: 12/18/2008 3:07:55 AM - Software Distribution Service 3.0
    RP957: 12/19/2008 3:01:24 AM - Software Distribution Service 3.0
    RP958: 12/20/2008 5:34:59 AM - System Checkpoint
    RP959: 12/21/2008 7:13:01 PM - System Checkpoint
    RP960: 12/23/2008 3:12:41 AM - System Checkpoint
    RP961: 12/24/2008 7:03:47 AM - System Checkpoint
    RP962: 12/25/2008 8:22:00 AM - System Checkpoint
    RP963: 12/26/2008 10:12:15 AM - System Checkpoint
    RP964: 12/26/2008 11:06:09 PM - Software Distribution Service 3.0
    RP965: 12/27/2008 12:10:05 AM - Software Distribution Service 3.0
    RP966: 12/29/2008 3:58:05 AM - System Checkpoint
    RP967: 12/30/2008 7:00:31 AM - System Checkpoint
    RP968: 12/31/2008 8:01:24 AM - System Checkpoint
    RP969: 1/1/2009 9:13:23 AM - System Checkpoint
    RP970: 1/2/2009 4:48:33 PM - System Checkpoint
    RP971: 1/2/2009 10:26:27 PM - Installed iTunes
    RP972: 1/3/2009 10:27:30 PM - System Checkpoint
    RP973: 1/5/2009 2:16:22 AM - System Checkpoint
    RP974: 1/6/2009 6:53:42 AM - System Checkpoint
    RP975: 1/7/2009 12:40:36 PM - System Checkpoint
    RP976: 1/8/2009 3:09:08 PM - System Checkpoint
    RP977: 1/9/2009 3:57:19 PM - System Checkpoint
    RP978: 1/11/2009 12:05:31 AM - System Checkpoint
    RP979: 1/12/2009 12:56:07 AM - System Checkpoint
    RP980: 1/13/2009 3:11:36 AM - System Checkpoint
    RP981: 1/14/2009 4:09:57 AM - System Checkpoint
    RP982: 1/15/2009 12:19:00 PM - System Checkpoint
    RP983: 1/16/2009 9:57:55 PM - System Checkpoint
    RP984: 1/17/2009 10:24:28 PM - System Checkpoint
    RP985: 1/18/2009 10:35:19 PM - System Checkpoint
    RP986: 1/19/2009 11:28:58 PM - System Checkpoint
    RP987: 1/21/2009 12:00:03 AM - System Checkpoint
    RP988: 1/22/2009 12:09:47 AM - System Checkpoint
    RP989: 1/23/2009 12:29:02 AM - System Checkpoint
    RP990: 1/24/2009 1:24:25 AM - System Checkpoint
    RP991: 1/25/2009 9:11:59 AM - System Checkpoint
    RP992: 1/26/2009 9:57:51 AM - System Checkpoint
    RP993: 1/27/2009 3:16:43 PM - System Checkpoint
    RP994: 1/28/2009 3:57:35 PM - System Checkpoint
    RP995: 1/29/2009 4:12:13 PM - System Checkpoint
    RP996: 1/30/2009 5:09:40 PM - System Checkpoint
    RP997: 1/31/2009 6:27:37 PM - System Checkpoint
    RP998: 2/1/2009 10:51:33 PM - System Checkpoint
    RP999: 2/3/2009 1:23:21 AM - System Checkpoint
    RP1000: 2/4/2009 8:38:17 AM - System Checkpoint
    RP1001: 2/5/2009 9:32:12 AM - System Checkpoint
    RP1002: 2/6/2009 10:32:11 AM - System Checkpoint
    RP1003: 2/7/2009 6:18:05 PM - System Checkpoint
    RP1004: 2/8/2009 6:54:06 PM - System Checkpoint
    RP1005: 2/9/2009 10:14:23 PM - System Checkpoint
    RP1006: 2/11/2009 1:02:25 AM - System Checkpoint
    RP1007: 2/12/2009 2:05:11 AM - System Checkpoint
    RP1008: 2/14/2009 12:22:45 AM - System Checkpoint
    RP1009: 2/15/2009 3:13:24 AM - System Checkpoint
    RP1010: 2/16/2009 6:55:44 AM - System Checkpoint
    RP1011: 2/17/2009 3:54:23 PM - System Checkpoint
    RP1012: 2/18/2009 4:00:15 PM - System Checkpoint
    RP1013: 2/20/2009 5:08:50 AM - System Checkpoint
    RP1014: 2/21/2009 6:03:08 AM - System Checkpoint
    RP1015: 2/22/2009 10:02:37 AM - System Checkpoint
    RP1016: 2/23/2009 11:57:06 AM - System Checkpoint
    RP1017: 2/24/2009 5:29:21 PM - System Checkpoint
    RP1018: 2/25/2009 10:03:55 AM - Restore Operation
    RP1019: 2/25/2009 10:07:02 AM - Restore Operation
    RP1020: 2/26/2009 10:05:46 AM - System Checkpoint
    RP1021: 2/27/2009 11:04:29 AM - System Checkpoint

    ==== Installed Programs ======================

    2350
    2350_Help
    2350Trb
    ACDSee 32
    Ad-Aware SE Personal
    Adobe AIR
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Photoshop Elements 3.0
    Adobe Reader 7.0.9
    Adobe Shockwave Player
    Agere Systems PCI Soft Modem
    AiO_Scan
    AiOSoftware
    Apple Mobile Device Support
    Apple Software Update
    Balloon Kaboom
    Balloon Pop Special Edition
    Bonjour
    Bricks Of Egypt (remove only)
    BufferChm
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Collector's Edition 251
    Comcast High-Speed Internet Install Wizard
    Compaq Connections
    Copy
    Coupon Printer for Windows
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    Desktop Calendar 0.42b
    Destinations
    Director
    DocProc
    DocumentViewer
    Fax
    Free Quick Keylogger
    Frog Frenzy 1
    Frog Frenzy 2 - "The Madness Continues"
    Google Earth
    Harry Potter and the Prisoner of Azkaban(TM)
    Help and Support Additions
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Format SDK (KB910998)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    HP Diagnostic Assistant
    HP Image Zone 4.2
    HP PSC & OfficeJet 4.2
    HP Software Update
    HPODiscovery
    HpSdpAppCoreApp
    HPSystemDiagnostics
    Insaniquarium Deluxe 1.0
    InstantShare
    InterVideo WinDVD Player
    iTunes
    iVocalize Web Conference 4
    J2SE Runtime Environment 5.0 Update 8
    Java 2 Runtime Environment, SE v1.4.2_03
    KBD
    Luxor
    Mah Jongg Magic
    Maraqua Screen Saver
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Office XP Professional
    Microsoft Plus! Dancer LE
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works 7.0
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.0.6)
    MSN
    MSN Music Assistant
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    My Web Search (Smiley Central)
    Neopets Petpetpet Habitat
    Netflix Movie Viewer
    Neverland Free Trial
    oggcodecs 0.71.0946
    Overland
    Paint.NET v3.31
    PC-Doctor for Windows
    Pdf995 (installed by TaxCut)
    PdfEdit995 (installed by TaxCut)
    PetPetPet Habitats
    PhotoGallery
    Pinball Master Special Edition
    PrintMaster 16
    PrintScreen
    ProductContext
    PS2
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QFolder
    QuickProjects
    QuickTime
    Readme
    RealPlayer
    Rhapsody Player Engine
    S3 S3Display
    S3 S3Gamma2
    S3 S3Info2
    S3 S3Overlay
    Scan
    Scrabble 2
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB960714)
    Shockwave
    SkinsHP1
    Sonic RecordNow!
    TaxCut California 2007
    TaxCut Premium + State 2007
    Terayon DOCSIS Modem
    Top 30 Games 4 Kids
    Top 50 Blazing Games
    TrayApp
    Typing Instructor
    Unload
    Update for Windows XP (KB955839)
    URGE
    VIA Rhine-Family Fast Ethernet Adapter
    VIA/S3G Display Driver
    Virtools 3D Life Player
    Visual Color Picker 2.6
    WeatherBug
    WeatherBug Browser Bar - powered by MyWebSearch
    WebFldrs XP
    WebReg
    Wik And The Fable Of Souls (remove only)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Live installer
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! Messenger
    Yahoo! Music Jukebox

    ==== End Of File ===========================

    and now the other from DDS


    DDS (Ver_09-02-01.01) - NTFSx86
    Run by Compaq_Owner at 0:49:01.12 on Sat 02/28/2009
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.89 [GMT -8:00]

    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *disabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Canon\CAL\CALMAIN.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.neopets.com/
    uSearch Page =
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
    uSearch Bar =
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
    uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
    uInternet Settings,ProxyOverride = cdn;*.local
    uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\2.bin\MWSSRCAS.DLL
    BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\2.bin\MWSSRCAS.DLL
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: NoExplorer - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {43519d24-0a97-47e6-8979-79f43028575f} - c:\windows\system32\yobokusa.dll
    BHO: {a0f68dea-30a8-4478-3054-8ca627c01e65}: {56e10c72-6ac8-4503-8744-8a03aed86f0a} - c:\windows\system32\oywvfj.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: My Web Search Bar BHO: {8eab99c1-f9ec-4b64-a4ba-d9bcae8779c2} - c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: BHO: {c9c42510-9b21-41c1-9dcd-8382a2d07c61} - c:\windows\system32\iehelper.dll
    TB: My &Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL
    TB: WeatherBug Browser Bar - powered by MyWebSearch: {8eab99c9-f9ec-4b64-a4ba-d9bcae8779c2} - c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} -
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {AB455519-4E14-498B-A0A9-7DCEF42440FC} - No File
    EB: {90C61707-C8F8-43DB-A25C-C1F4B18EE41E} - No File
    EB: {EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [Jyogu] rundll32.exe "c:\windows\esayakiw.dll",e
    mRun: [Spezebodamujumu] rundll32.exe "c:\windows\Khowomatum.dll",e
    mRun: [veyenodoyi] Rundll32.exe "c:\windows\system32\furutedu.dll",s
    mRun: [d86f29fc] rundll32.exe "c:\windows\system32\nekalaru.dll",b
    mRun: [CPMdb5c1a60] Rundll32.exe "c:\windows\system32\lefomero.dll",a
    IE: &Search - http://edits.mywebsearch.com/toolbar...S_ZUxdm080YYUS
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Notify: ssttq - c:\windows\system32\ssttq.dll
    Notify: WRNotifier - WRLogonNTF.dll
    AppInit_DLLs: c:\windows\system32\wuboyiki.dll c:\windows\system32\huwuzavo.dll c:\windows\system32\lefomero.dll c:\windows\system32\zogekiga.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lefomero.dll
    STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\lefomero.dll
    LSA: Notification Packages = scecli c:\windows\system32\wuboyiki.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\yhnp9vp2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.neopets.com/
    FF - prefs.js: keyword.URL - hxxp://search.myway.com/search/cfg_redir2.jhtml?action=config&id=XB&ptnrs=XB&st=DNS&url=AJmain.jhtml&searchfor=
    FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava11.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava12.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava13.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava14.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava32.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJPI150_08.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPOJI610.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPMySrWB.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npvirtools.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - HiddenExtension: XUL Cache: {684142EB-E8C7-4008-A474-5B599619F977} - c:\documents and settings\compaq_owner\local settings\application data\{684142EB-E8C7-4008-A474-5B599619F977}

    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-17 201320]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-17 359248]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-17 144704]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-17 79304]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-17 35240]
    R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-17 33832]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-17 40488]
    S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2004-12-22 17616]
    S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2004-12-22 69680]
    S4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
    S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-17 695624]
    S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]

    =============== Created Last 30 ================

    2009-02-27 23:32 129,024 a--sh--- c:\windows\system32\mvhmor.dll
    2009-02-27 09:44 129,024 a--sh--- c:\windows\system32\oywvfj.dll
    2009-02-26 21:44 129,024 a--sh--- c:\windows\system32\azlkqs.dll
    2009-02-26 09:40 129,024 a--sh--- c:\windows\system32\jzmgmy.dll
    2009-02-25 21:40 129,024 a--sh--- c:\windows\system32\lwvoqq.dll
    2009-02-25 10:58 <DIR> --d----- c:\program files\Trend Micro
    2009-02-25 09:39 9,728 a------- c:\windows\system32\iehelper.dll
    2009-02-25 09:38 129,024 a--sh--- c:\windows\system32\jrrqil.dll
    2009-02-24 22:30 134,656 a------- c:\windows\esayakiw.dll
    2009-02-24 22:18 364,556 a------- c:\windows\sysguard.exe
    2009-02-24 22:18 39,424 a------- c:\windows\Khowomatum.dll
    2009-02-24 17:01 129,024 a--sh--- c:\windows\system32\habnkw.dll
    2009-02-24 06:27 61,224 a------- c:\documents and settings\compaq_owner\GoToAssistDownloadHelper.exe
    2009-02-24 06:16 <DIR> --d----- c:\docume~1\compaq~1\applic~1\McAfee
    2009-02-24 03:10 129,024 a--sh--- c:\windows\system32\ofhskc.dll
    2009-02-24 03:03 47,616 a------- c:\windows\system32\~.exe

    ==================== Find3M ====================

    2009-02-27 23:32 84,992 a--sh--- c:\windows\system32\lefomero.dll
    2009-02-27 23:32 129,024 a--sh--- c:\windows\system32\belinawi.dll
    2009-02-27 23:32 79,872 a--sh--- c:\windows\system32\nekalaru.dll
    2009-02-27 09:44 129,024 a--sh--- c:\windows\system32\weredaho.dll
    2009-02-27 09:44 84,992 a--sh--- c:\windows\system32\venehoja.dll
    2009-02-27 09:44 79,872 -------- c:\windows\system32\jezomapa.dll
    2009-02-26 21:44 84,992 a--sh--- c:\windows\system32\debejeda.dll
    2009-02-26 21:44 129,024 a--sh--- c:\windows\system32\hodisuye.dll
    2009-02-26 21:44 79,872 -------- c:\windows\system32\wijusigi.dll
    2009-02-26 09:40 84,992 a--sh--- c:\windows\system32\kavinepe.dll
    2009-02-26 09:40 129,024 a--sh--- c:\windows\system32\wepavira.dll
    2009-02-26 09:40 79,872 a--sh--- c:\windows\system32\siyaturi.dll
    2009-02-25 21:40 129,024 a--sh--- c:\windows\system32\nubigojo.dll
    2009-02-25 21:40 84,992 a--sh--- c:\windows\system32\yokagumo.dll
    2009-02-25 21:40 79,872 -------- c:\windows\system32\litikene.dll
    2009-02-25 09:38 129,024 a--sh--- c:\windows\system32\munokesu.dll
    2009-02-25 09:38 84,992 a--sh--- c:\windows\system32\huwuzavo.dll
    2009-02-25 09:38 79,872 -------- c:\windows\system32\noyahopi.dll
    2009-02-24 17:01 84,992 a--sh--- c:\windows\system32\zogekiga.dll
    2009-02-24 17:01 129,024 a--sh--- c:\windows\system32\wusifage.dll
    2009-02-24 17:01 79,872 a--sh--- c:\windows\system32\sagujele.dll
    2009-02-24 03:10 84,992 a--sh--- c:\windows\system32\peheduke.dll
    2009-02-24 03:10 129,024 a--sh--- c:\windows\system32\koheraja.dll
    2008-12-27 00:33 81,971 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2008-12-27 00:31 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphwwrf4duet\plugin\bin\jsharpde\util.dll
    2008-12-27 00:31 315,392 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphwwrf4duet\plugin\bin\pchmsxml.dll
    2008-12-27 00:31 4,096 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphwwrf4duet\plugin\bin\winverifytrustwrapper.dll
    2008-12-27 00:31 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphwwrf4duet\plugin\bin\pchnotify.exe
    2008-12-27 00:31 212,992 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphwwrf4duet\plugin\bin\jsharpde\jsharpinterp.dll
    2008-12-27 00:31 26,572 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphwwrf4duet\plugin\bin\jsharpde\INV16.dll
    2008-09-11 15:35 75,712 a------- c:\docume~1\compaq~1\applic~1\GDIPFONTCACHEV1.DAT
    2006-04-29 22:22 32 a----r-- c:\documents and settings\all users\hash.dat
    0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\furutedu.dll
    2006-03-16 11:41 418,097 ---sh--- c:\windows\system32\ghhkj.bak1
    2006-04-06 22:04 714,083 ---sh--- c:\windows\system32\ghhkj.bak2
    2005-11-20 10:16 426,267 ---sh--- c:\windows\system32\mpqss.bak2
    2005-11-20 10:56 425,944 ---sh--- c:\windows\system32\mpqss.ini2
    2006-01-05 11:10 223,166 ---sh--- c:\windows\system32\qttss.bak1
    2006-01-09 23:10 220,652 ---sh--- c:\windows\system32\qttss.bak2
    2005-09-17 00:06 420,797 a--sh--- c:\windows\system32\vycdd.bak2
    2005-09-18 19:15 422,563 a--sh--- c:\windows\system32\vycdd.ini2
    0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\wuboyiki.dll
    0000-00-00 00:00 47,616 a--sh--- c:\windows\system32\yobokusa.dll

    ============= FINISH: 0:50:47.04 ===============

  6. #6
    Junior Member
    Join Date
    Feb 2009
    Posts
    12

    Default

    Blade, I enabled McAfee again after I finished with DDS and I've left my computer on and running while seeking help. Is this okay? I wasn't sure if I should shut my computer off or not, so I just left it on.

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again


    Ad-Aware SE is not supported anymore. I recommend uninstalling it and getting the latest Ad-Aware AE. You may do it later after cleaning process is finished.


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds.txt log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Junior Member
    Join Date
    Feb 2009
    Posts
    12

    Default

    Hey Blade. I finally did the scan with ComboFix. I was a bit nervous but here is the log.

    ComboFix 09-03-01.01 - Compaq_Owner 2009-03-02 3:17:06.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.160 [GMT -8:00]
    Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *disabled*
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\FunWebProducts
    c:\program files\FunWebProducts\PopSwatr\History\allowed
    c:\program files\FunWebProducts\PopSwatr\History\notallow
    c:\program files\FunWebProducts\ScreenSaver\Images\000633C4.urr
    c:\program files\FunWebProducts\ScreenSaver\Images\01886BB7.urr
    c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
    c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
    c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
    c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
    c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
    c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    c:\program files\Internet Explorer\msimg32.dll
    c:\program files\MyWebSearch
    c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
    c:\program files\MyWebSearch\bar\2.bin\F3BROVLY.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
    c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
    c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL
    c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
    c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
    c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
    c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
    c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
    c:\program files\MyWebSearch\bar\2.bin\M3MSG.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
    c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
    c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
    c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
    c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
    c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
    c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
    c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
    c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
    c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
    c:\program files\MyWebSearch\bar\Cache\0003853E
    c:\program files\MyWebSearch\bar\Cache\00051CB7
    c:\program files\MyWebSearch\bar\Cache\000563C2
    c:\program files\MyWebSearch\bar\Cache\0173FF81.bin
    c:\program files\MyWebSearch\bar\Cache\01885689
    c:\program files\MyWebSearch\bar\Cache\01885E0B.bin
    c:\program files\MyWebSearch\bar\Cache\01885FC1.bin
    c:\program files\MyWebSearch\bar\Cache\018860CA.bin
    c:\program files\MyWebSearch\bar\Cache\018861E3.bin
    c:\program files\MyWebSearch\bar\Cache\01A9021F.bin
    c:\program files\MyWebSearch\bar\Cache\02B4BCB2.bin
    c:\program files\MyWebSearch\bar\Cache\03C32CB1.bin
    c:\program files\MyWebSearch\bar\Cache\03C33106.bin
    c:\program files\MyWebSearch\bar\Cache\03C33452.bin
    c:\program files\MyWebSearch\bar\Cache\03C335E8.bin
    c:\program files\MyWebSearch\bar\Cache\042BCD2D.bin
    c:\program files\MyWebSearch\bar\Cache\042BCEB4.bin
    c:\program files\MyWebSearch\bar\Cache\042BCFBD.bin
    c:\program files\MyWebSearch\bar\Cache\files.ini
    c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
    c:\program files\MyWebSearch\bar\Game\CHESS.F3S
    c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
    c:\program files\MyWebSearch\bar\History\search2
    c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
    c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
    c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
    c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
    c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
    c:\program files\MyWebSearch\bar\Search\COMMON.F3S
    c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
    c:\program files\MyWebSearch\bar\Settings\s_pid.dat
    c:\program files\MyWebSearch\bar\Settings\setting2.htm
    c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
    c:\program files\MyWebSearch\bar\Settings\settings.dat
    c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
    c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    c:\program files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    c:\windows\IE4 Error Log.txt
    c:\windows\sysguard.exe
    c:\windows\system32\~.exe
    c:\windows\system32\azlkqs.dll
    c:\windows\system32\belinawi.dll
    c:\windows\system32\f3PSSavr.scr
    c:\windows\system32\furutedu.dll
    c:\windows\system32\ghhkj.bak1
    c:\windows\system32\ghhkj.bak2
    c:\windows\system32\ghhkj.ini
    c:\windows\system32\habnkw.dll
    c:\windows\system32\hodisuye.dll
    c:\windows\system32\hododofu.dll
    c:\windows\system32\hogeyeri.dll
    c:\windows\system32\iehelper.dll
    c:\windows\system32\iwurafib.ini
    c:\windows\system32\jrrqil.dll
    c:\windows\system32\jzmgmy.dll
    c:\windows\system32\koheraja.dll
    c:\windows\system32\lwvoqq.dll
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\mpqss.bak2
    c:\windows\system32\mpqss.ini
    c:\windows\system32\mpqss.ini2
    c:\windows\system32\mpqss.tmp
    c:\windows\system32\munokesu.dll
    c:\windows\system32\mvhmor.dll
    c:\windows\system32\nalelale.dll
    c:\windows\system32\nubigojo.dll
    c:\windows\system32\ofhskc.dll
    c:\windows\system32\oywvfj.dll
    c:\windows\system32\peheduke.dll
    c:\windows\system32\qttss.bak1
    c:\windows\system32\qttss.bak2
    c:\windows\system32\qttss.ini
    c:\windows\system32\qyudci.dll
    c:\windows\system32\radegeyi.dll
    c:\windows\system32\skwmmq.dll
    c:\windows\system32\tiwcrh.dll
    c:\windows\system32\vmipor.dll
    c:\windows\system32\vycdd.bak2
    c:\windows\system32\vycdd.ini2
    c:\windows\system32\vycdd.tmp
    c:\windows\system32\wepavira.dll
    c:\windows\system32\weredaho.dll
    c:\windows\system32\wuboyiki.dll
    c:\windows\system32\wusifage.dll
    c:\windows\system32\yobokusa.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
    .

    2009-03-02 03:30 . 2009-03-02 03:30 1,665,505 ---hs---- c:\windows\system32\iwurafib.ini
    2009-02-25 10:58 . 2009-02-25 10:58 <DIR> d-------- c:\program files\Trend Micro
    2009-02-24 22:30 . 2009-02-24 22:30 134,656 --a------ c:\windows\esayakiw.dll
    2009-02-24 22:18 . 2009-02-24 22:18 39,424 --a------ c:\windows\Khowomatum.dll
    2009-02-24 06:27 . 2009-02-24 06:27 61,224 --a------ c:\documents and settings\Compaq_Owner\GoToAssistDownloadHelper.exe
    2009-02-24 06:16 . 2009-02-24 06:16 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\McAfee

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-28 12:13 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Lavasoft
    2009-02-24 14:17 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
    2009-01-31 09:03 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\ZoomBrowser EX
    2009-01-03 23:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-01-03 06:27 --------- d-----w c:\program files\iTunes
    2009-01-03 06:27 --------- d-----w c:\program files\iPod
    2009-01-03 06:27 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-01-03 06:25 --------- d-----w c:\program files\QuickTime
    2009-01-03 06:25 --------- d-----w c:\program files\Bonjour
    2009-01-03 06:21 --------- d-----w c:\program files\Apple Software Update
    2008-09-11 23:35 75,712 ----a-w c:\documents and settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
    2006-04-30 06:22 32 ----a-r c:\documents and settings\All Users\hash.dat
    .

    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 158,208 2004-08-04 19:00:00 c:\windows\pchealth\helpctr\binaries\bak\MSConfig.exe
    ----a-w 169,984 2008-04-14 00:12:27 c:\windows\pchealth\helpctr\binaries\msconfig.exe

    ----a-w 15,360 2004-08-04 19:00:00 c:\windows\system32\bak\ctfmon.exe
    ----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
    "Jyogu"="c:\windows\esayakiw.dll" [2009-02-24 134656]
    "Spezebodamujumu"="c:\windows\Khowomatum.dll" [2009-02-24 39424]
    "d86f29fc"="c:\windows\system32\bifaruwi.dll" [2009-03-01 79872]
    "CPMdb5c1a60"="c:\windows\system32\huwuzavo.dll" [2009-02-25 84992]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\huwuzavo.dll" [2009-02-25 84992]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huwuzavo.dll [2009-02-25 84992]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\huwuzavo.dll
    "LoadAppInit_DLLs"=1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
    backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
    backup=c:\windows\pss\Event Reminder.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
    backup=c:\windows\pss\ymetray.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^wkcalrem.LNK]
    path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\wkcalrem.LNK
    backup=c:\windows\pss\wkcalrem.LNKStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EarthLink Installer]
    /C [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanUp]
    --a------ 2006-07-09 14:42 136752 c:\progra~1\McAfee.com\Shared\mcappins.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMdb5c1a60]
    --ahs---- 2009-02-24 17:01 84992 c:\windows\system32\zogekiga.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-13 16:12 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d86f29fc]
    --------- 2009-02-25 09:38 79872 c:\windows\system32\noyahopi.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Calendar]
    --a------ 2003-10-31 11:38 442368 c:\program files\Desktop Calendar\Desktop Calendar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Quick Keylogger]
    c:\program files\WideStep Software\Free Quick Keylogger\qpanel.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    --a------ 2005-01-12 13:54 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2005-02-16 22:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    --a------ 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jyogu]
    --a------ 2009-02-24 22:30 134656 c:\windows\esayakiw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2003-02-11 19:02 61440 c:\hp\KBD\kbd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
    --a------ 2007-11-01 18:12 582992 c:\progra~1\McAfee.com\Agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
    --a------ 2007-11-01 18:12 582992 c:\program files\McAfee.com\Agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
    --a------ 2007-12-06 14:10 419152 c:\progra~1\McAfee.com\Agent\mcupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
    c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
    c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
    c:\program files\McAfee.com\VSO\oasclnt.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
    --a------ 2003-09-12 19:13 98304 c:\windows\system32\ps2.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a------ 2004-04-14 19:43 233472 c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spezebodamujumu]
    --a------ 2009-02-24 22:18 39424 c:\windows\Khowomatum.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-07-26 02:03 49263 c:\program files\Java\jre1.5.0_08\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
    c:\windows\sysguard.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-10-16 17:08 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\veyenodoyi]
    c:\windows\system32\furutedu.dll [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
    c:\program files\McAfee.com\VSO\mcvsshld.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
    c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    --a------ 2006-04-07 14:02 1343488 c:\program files\AWS\WeatherBug\Weather.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-08-30 16:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
    --a------ 2008-02-05 13:29 6190320 c:\program files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    --a------ 2005-03-04 11:01 88209 c:\windows\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    --a------ 2004-09-07 13:47 57344 c:\windows\ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    --a------ 2004-10-22 11:53 53248 c:\windows\system32\VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "PhotoshopElementsDeviceConnect"=2 (0x2)
    "mcmispupdmgr"=3 (0x3)
    "AdobeActiveFileMonitor"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2004-12-22 17616]
    S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2004-12-22 69680]
    S4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - MDM
    *Deregistered* - MpfService
    *Deregistered* - Netman
    *Deregistered* - Nla
    *Deregistered* - PolicyAgent
    *Deregistered* - ProtectedStorage
    *Deregistered* - RasMan
    *Deregistered* - RpcSs
    *Deregistered* - SamSs
    *Deregistered* - Schedule
    *Deregistered* - seclogon
    *Deregistered* - SENS
    *Deregistered* - SharedAccess
    *Deregistered* - ShellHWDetection
    *Deregistered* - Spooler
    *Deregistered* - srservice
    *Deregistered* - SSDPSRV
    *Deregistered* - stisvc
    *Deregistered* - TapiSrv
    *Deregistered* - TermService
    *Deregistered* - Themes
    *Deregistered* - TrkWks
    *Deregistered* - W32Time
    *Deregistered* - WebClient
    *Deregistered* - winmgmt
    *Deregistered* - wscsvc
    *Deregistered* - wuauserv
    *Deregistered* - WZCSVC
    .
    Contents of the 'Scheduled Tasks' folder

    2008-12-18 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

    2009-02-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{43519d24-0a97-47e6-8979-79f43028575f} - c:\windows\system32\yobokusa.dll
    BHO-{56e10c72-6ac8-4503-8744-8a03aed86f0a} - c:\windows\system32\oywvfj.dll
    WebBrowser-{AB455519-4E14-498B-A0A9-7DCEF42440FC} - (no file)
    Notify-ssttq - c:\windows\system32\ssttq.dll


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.neopets.com/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
    uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
    uInternet Settings,ProxyOverride = cdn;*.local
    IE: &Search - http://edits.mywebsearch.com/toolbar...S_ZUxdm080YYUS
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\yhnp9vp2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.neopets.com/
    FF - prefs.js: keyword.URL - hxxp://search.myway.com/search/cfg_redir2.jhtml?action=config&id=XB&ptnrs=XB&st=DNS&url=AJmain.jhtml&searchfor=
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPJPI150_08.dll
    FF - plugin: c:\program files\Java\jre1.5.0_08\bin\NPOJI610.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrWB.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-02 03:29:25
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\system32\iwurafib.tmp

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
    c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
    c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\progra~1\McAfee\MSC\mcuimgr.exe
    c:\program files\Internet Explorer\iexplore.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    c:\progra~1\McAfee\MSC\mcupdmgr.exe
    c:\progra~1\McAfee\MSC\mcupdui.exe
    .
    **************************************************************************
    .
    Completion time: 2009-03-02 3:48:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-03-02 11:48:06

    Pre-Run: 131,681,538,048 bytes free
    Post-Run: 133,006,868,480 bytes free

    458 --- E O F --- 2008-12-27 08:38:46

  9. #9
    Junior Member
    Join Date
    Feb 2009
    Posts
    12

    Default

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-02-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/11/2004 7:22:22 PM
    System Uptime: 3/2/2009 3:25:08 AM (0 hours ago)

    Motherboard: ASUSTek Computer INC. | | Kelut
    Processor: AMD Athlon(tm) XP 3200+ | Socket A | 2199/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 123.872 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP940: 12/2/2008 3:21:46 AM - System Checkpoint
    RP941: 12/3/2008 4:08:05 AM - System Checkpoint
    RP942: 12/4/2008 1:58:04 PM - System Checkpoint
    RP943: 12/5/2008 10:54:42 AM - Application kill.
    RP944: 12/5/2008 10:55:01 AM - Installation
    RP945: 12/6/2008 10:59:18 AM - System Checkpoint
    RP946: 12/7/2008 11:20:38 AM - System Checkpoint
    RP947: 12/8/2008 2:50:52 PM - System Checkpoint
    RP948: 12/9/2008 3:33:21 PM - System Checkpoint
    RP949: 12/10/2008 9:51:10 PM - System Checkpoint
    RP950: 12/12/2008 2:47:04 AM - System Checkpoint
    RP951: 12/13/2008 9:09:38 AM - System Checkpoint
    RP952: 12/14/2008 9:36:56 AM - System Checkpoint
    RP953: 12/15/2008 12:58:07 PM - System Checkpoint
    RP954: 12/16/2008 7:34:07 PM - System Checkpoint
    RP955: 12/18/2008 1:11:56 AM - System Checkpoint
    RP956: 12/18/2008 3:07:55 AM - Software Distribution Service 3.0
    RP957: 12/19/2008 3:01:24 AM - Software Distribution Service 3.0
    RP958: 12/20/2008 5:34:59 AM - System Checkpoint
    RP959: 12/21/2008 7:13:01 PM - System Checkpoint
    RP960: 12/23/2008 3:12:41 AM - System Checkpoint
    RP961: 12/24/2008 7:03:47 AM - System Checkpoint
    RP962: 12/25/2008 8:22:00 AM - System Checkpoint
    RP963: 12/26/2008 10:12:15 AM - System Checkpoint
    RP964: 12/26/2008 11:06:09 PM - Software Distribution Service 3.0
    RP965: 12/27/2008 12:10:05 AM - Software Distribution Service 3.0
    RP966: 12/29/2008 3:58:05 AM - System Checkpoint
    RP967: 12/30/2008 7:00:31 AM - System Checkpoint
    RP968: 12/31/2008 8:01:24 AM - System Checkpoint
    RP969: 1/1/2009 9:13:23 AM - System Checkpoint
    RP970: 1/2/2009 4:48:33 PM - System Checkpoint
    RP971: 1/2/2009 10:26:27 PM - Installed iTunes
    RP972: 1/3/2009 10:27:30 PM - System Checkpoint
    RP973: 1/5/2009 2:16:22 AM - System Checkpoint
    RP974: 1/6/2009 6:53:42 AM - System Checkpoint
    RP975: 1/7/2009 12:40:36 PM - System Checkpoint
    RP976: 1/8/2009 3:09:08 PM - System Checkpoint
    RP977: 1/9/2009 3:57:19 PM - System Checkpoint
    RP978: 1/11/2009 12:05:31 AM - System Checkpoint
    RP979: 1/12/2009 12:56:07 AM - System Checkpoint
    RP980: 1/13/2009 3:11:36 AM - System Checkpoint
    RP981: 1/14/2009 4:09:57 AM - System Checkpoint
    RP982: 1/15/2009 12:19:00 PM - System Checkpoint
    RP983: 1/16/2009 9:57:55 PM - System Checkpoint
    RP984: 1/17/2009 10:24:28 PM - System Checkpoint
    RP985: 1/18/2009 10:35:19 PM - System Checkpoint
    RP986: 1/19/2009 11:28:58 PM - System Checkpoint
    RP987: 1/21/2009 12:00:03 AM - System Checkpoint
    RP988: 1/22/2009 12:09:47 AM - System Checkpoint
    RP989: 1/23/2009 12:29:02 AM - System Checkpoint
    RP990: 1/24/2009 1:24:25 AM - System Checkpoint
    RP991: 1/25/2009 9:11:59 AM - System Checkpoint
    RP992: 1/26/2009 9:57:51 AM - System Checkpoint
    RP993: 1/27/2009 3:16:43 PM - System Checkpoint
    RP994: 1/28/2009 3:57:35 PM - System Checkpoint
    RP995: 1/29/2009 4:12:13 PM - System Checkpoint
    RP996: 1/30/2009 5:09:40 PM - System Checkpoint
    RP997: 1/31/2009 6:27:37 PM - System Checkpoint
    RP998: 2/1/2009 10:51:33 PM - System Checkpoint
    RP999: 2/3/2009 1:23:21 AM - System Checkpoint
    RP1000: 2/4/2009 8:38:17 AM - System Checkpoint
    RP1001: 2/5/2009 9:32:12 AM - System Checkpoint
    RP1002: 2/6/2009 10:32:11 AM - System Checkpoint
    RP1003: 2/7/2009 6:18:05 PM - System Checkpoint
    RP1004: 2/8/2009 6:54:06 PM - System Checkpoint
    RP1005: 2/9/2009 10:14:23 PM - System Checkpoint
    RP1006: 2/11/2009 1:02:25 AM - System Checkpoint
    RP1007: 2/12/2009 2:05:11 AM - System Checkpoint
    RP1008: 2/14/2009 12:22:45 AM - System Checkpoint
    RP1009: 2/15/2009 3:13:24 AM - System Checkpoint
    RP1010: 2/16/2009 6:55:44 AM - System Checkpoint
    RP1011: 2/17/2009 3:54:23 PM - System Checkpoint
    RP1012: 2/18/2009 4:00:15 PM - System Checkpoint
    RP1013: 2/20/2009 5:08:50 AM - System Checkpoint
    RP1014: 2/21/2009 6:03:08 AM - System Checkpoint
    RP1015: 2/22/2009 10:02:37 AM - System Checkpoint
    RP1016: 2/23/2009 11:57:06 AM - System Checkpoint
    RP1017: 2/24/2009 5:29:21 PM - System Checkpoint
    RP1018: 2/25/2009 10:03:55 AM - Restore Operation
    RP1019: 2/25/2009 10:07:02 AM - Restore Operation
    RP1020: 2/26/2009 10:05:46 AM - System Checkpoint
    RP1021: 2/27/2009 11:04:29 AM - System Checkpoint
    RP1022: 2/28/2009 12:39:58 PM - System Checkpoint
    RP1023: 3/1/2009 3:00:55 PM - System Checkpoint
    RP1024: 3/2/2009 3:16:19 AM - ComboFix created restore point

    ==== Installed Programs ======================

    2350
    2350_Help
    2350Trb
    ACDSee 32
    Adobe AIR
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Photoshop Elements 3.0
    Adobe Reader 7.0.9
    Adobe Shockwave Player
    Agere Systems PCI Soft Modem
    AiO_Scan
    AiOSoftware
    Apple Mobile Device Support
    Apple Software Update
    Balloon Kaboom
    Balloon Pop Special Edition
    Bonjour
    Bricks Of Egypt (remove only)
    BufferChm
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Collector's Edition 251
    Comcast High-Speed Internet Install Wizard
    Compaq Connections
    Copy
    Coupon Printer for Windows
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    Desktop Calendar 0.42b
    Destinations
    Director
    DocProc
    DocumentViewer
    Fax
    Free Quick Keylogger
    Frog Frenzy 1
    Frog Frenzy 2 - "The Madness Continues"
    Google Earth
    Harry Potter and the Prisoner of Azkaban(TM)
    Help and Support Additions
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Format SDK (KB910998)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    HP Diagnostic Assistant
    HP Image Zone 4.2
    HP PSC & OfficeJet 4.2
    HP Software Update
    HPODiscovery
    HpSdpAppCoreApp
    HPSystemDiagnostics
    Insaniquarium Deluxe 1.0
    InstantShare
    InterVideo WinDVD Player
    iTunes
    iVocalize Web Conference 4
    J2SE Runtime Environment 5.0 Update 8
    Java 2 Runtime Environment, SE v1.4.2_03
    KBD
    Luxor
    Mah Jongg Magic
    Maraqua Screen Saver
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Office XP Professional
    Microsoft Plus! Dancer LE
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works 7.0
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.0.6)
    MSN
    MSN Music Assistant
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    My Web Search (Smiley Central)
    Neopets Petpetpet Habitat
    Netflix Movie Viewer
    Neverland Free Trial
    oggcodecs 0.71.0946
    overland
    Paint.NET v3.31
    PC-Doctor for Windows
    Pdf995 (installed by TaxCut)
    PdfEdit995 (installed by TaxCut)
    PetPetPet Habitats
    PhotoGallery
    Pinball Master Special Edition
    PrintMaster 16
    PrintScreen
    ProductContext
    PS2
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QFolder
    QuickProjects
    QuickTime
    Readme
    RealPlayer
    Rhapsody Player Engine
    S3 S3Display
    S3 S3Gamma2
    S3 S3Info2
    S3 S3Overlay
    Scan
    Scrabble 2
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB960714)
    Shockwave
    SkinsHP1
    Sonic RecordNow!
    TaxCut California 2007
    TaxCut Premium + State 2007
    Terayon DOCSIS Modem
    Top 30 Games 4 Kids
    Top 50 Blazing Games
    TrayApp
    Typing Instructor
    Unload
    Update for Windows XP (KB955839)
    URGE
    VIA Rhine-Family Fast Ethernet Adapter
    VIA/S3G Display Driver
    Virtools 3D Life Player
    Visual Color Picker 2.6
    WeatherBug
    WeatherBug Browser Bar - powered by MyWebSearch
    WebFldrs XP
    WebReg
    Wik And The Fable Of Souls (remove only)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Live installer
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! Messenger
    Yahoo! Music Jukebox

    ==== Event Viewer Messages From Past Week ========

    2/28/2009 4:11:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

    ==== End Of File ===========================



    DDS (Ver_09-02-01.01) - NTFSx86
    Run by Compaq_Owner at 3:55:12.14 on Mon 03/02/2009
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.109 [GMT -8:00]

    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *enabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Canon\CAL\CALMAIN.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.neopets.com/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
    uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
    uInternet Settings,ProxyOverride = cdn;*.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: NoExplorer - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {43519d24-0a97-47e6-8979-79f43028575f} - c:\windows\system32\yobokusa.dll
    BHO: {a0f68dea-30a8-4478-3054-8ca627c01e65}: {56e10c72-6ac8-4503-8744-8a03aed86f0a} - c:\windows\system32\oywvfj.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: My Web Search Bar BHO: {8eab99c1-f9ec-4b64-a4ba-d9bcae8779c2} - c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    TB: WeatherBug Browser Bar - powered by MyWebSearch: {8eab99c9-f9ec-4b64-a4ba-d9bcae8779c2} - c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} -
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {AB455519-4E14-498B-A0A9-7DCEF42440FC} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [Jyogu] rundll32.exe "c:\windows\esayakiw.dll",e
    mRun: [Spezebodamujumu] rundll32.exe "c:\windows\Khowomatum.dll",e
    mRun: [d86f29fc] rundll32.exe "c:\windows\system32\bifaruwi.dll",b
    mRun: [CPMdb5c1a60] Rundll32.exe "c:\windows\system32\huwuzavo.dll",a
    IE: &Search - http://edits.mywebsearch.com/toolbar...S_ZUxdm080YYUS
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Notify: ssttq - c:\windows\system32\ssttq.dll
    Notify: WRNotifier - WRLogonNTF.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\huwuzavo.dll
    STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\huwuzavo.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\yhnp9vp2.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.neopets.com/
    FF - prefs.js: keyword.URL - hxxp://search.myway.com/search/cfg_redir2.jhtml?action=config&id=XB&ptnrs=XB&st=DNS&url=AJmain.jhtml&searchfor=
    FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava11.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava12.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava13.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava14.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava32.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJPI150_08.dll
    FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPOJI610.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPMySrWB.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npvirtools.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - HiddenExtension: XUL Cache: {684142EB-E8C7-4008-A474-5B599619F977} - c:\documents and settings\compaq_owner\local settings\application data\{684142EB-E8C7-4008-A474-5B599619F977}

    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-17 201320]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-17 359248]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-17 144704]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-17 79304]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-17 35240]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-17 33832]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-17 40488]
    S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2004-12-22 17616]
    S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2004-12-22 69680]
    S4 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
    S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-17 695624]
    S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]

    =============== Created Last 30 ================

    2009-03-02 03:30 1,665,518 ---sh--- c:\windows\system32\iwurafib.ini
    2009-03-02 03:15 161,792 a------- c:\windows\SWREG.exe
    2009-03-02 03:15 98,816 a------- c:\windows\sed.exe
    2009-03-02 03:15 <DIR> --d----- C:\ComboFix
    2009-02-25 10:58 <DIR> --d----- c:\program files\Trend Micro
    2009-02-24 22:30 134,656 a------- c:\windows\esayakiw.dll
    2009-02-24 22:18 39,424 a------- c:\windows\Khowomatum.dll
    2009-02-24 06:27 61,224 a------- c:\documents and settings\compaq_owner\GoToAssistDownloadHelper.exe
    2009-02-24 06:16 <DIR> --d----- c:\docume~1\compaq~1\applic~1\McAfee

    ==================== Find3M ====================

    2009-03-01 23:36 84,992 a--sh--- c:\windows\system32\fazejupu.dll
    2009-03-01 23:36 79,872 a--sh--- c:\windows\system32\bifaruwi.dll
    2009-03-01 11:36 84,992 a--sh--- c:\windows\system32\jivipoto.dll
    2009-02-28 23:36 84,992 a--sh--- c:\windows\system32\zeluguye.dll
    2009-02-28 11:36 79,872 -------- c:\windows\system32\negagora.dll
    2009-02-28 11:36 84,992 a--sh--- c:\windows\system32\dokuzule.dll
    2009-02-27 23:32 84,992 a--sh--- c:\windows\system32\lefomero.dll
    2009-02-27 23:32 79,872 -------- c:\windows\system32\nekalaru.dll
    2009-02-27 09:44 84,992 a--sh--- c:\windows\system32\venehoja.dll
    2009-02-27 09:44 79,872 -------- c:\windows\system32\jezomapa.dll
    2009-02-26 21:44 84,992 a--sh--- c:\windows\system32\debejeda.dll
    2009-02-26 21:44 79,872 -------- c:\windows\system32\wijusigi.dll
    2009-02-26 09:40 84,992 a--sh--- c:\windows\system32\kavinepe.dll
    2009-02-26 09:40 79,872 a--sh--- c:\windows\system32\siyaturi.dll
    2009-02-25 21:40 84,992 a--sh--- c:\windows\system32\yokagumo.dll
    2009-02-25 21:40 79,872 -------- c:\windows\system32\litikene.dll
    2009-02-25 09:38 84,992 a--sh--- c:\windows\system32\huwuzavo.dll
    2009-02-25 09:38 79,872 -------- c:\windows\system32\noyahopi.dll
    2009-02-24 17:01 84,992 a--sh--- c:\windows\system32\zogekiga.dll
    2009-02-24 17:01 79,872 a--sh--- c:\windows\system32\sagujele.dll
    2008-12-27 00:33 81,971 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2008-12-27 00:31 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphwwrf4duet\plugin\bin\jsharpde\util.dll
    2008-12-27 00:31 315,392 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphwwrf4duet\plugin\bin\pchmsxml.dll
    2008-12-27 00:31 4,096 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphwwrf4duet\plugin\bin\winverifytrustwrapper.dll
    2008-12-27 00:31 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphwwrf4duet\plugin\bin\pchnotify.exe
    2008-12-27 00:31 212,992 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphwwrf4duet\plugin\bin\jsharpde\jsharpinterp.dll
    2008-12-27 00:31 26,572 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphwwrf4duet\plugin\bin\jsharpde\INV16.dll
    2008-09-11 15:35 75,712 a------- c:\docume~1\compaq~1\applic~1\GDIPFONTCACHEV1.DAT
    2006-04-29 22:22 32 a----r-- c:\documents and settings\all users\hash.dat

    ============= FINISH: 3:55:50.75 ===============

  10. #10
    Junior Member
    Join Date
    Feb 2009
    Posts
    12

    Default

    I hope this is all you needed. Thank you very much, look forward to hearing from you again.


    PS.. When ComboFix was gathering the log, 54 windows of IE opened spontaneously in rapid succession without me even touching the computer.This has been one of my issues since becoming infected. Also, another pop-up happened in FF when I was posting my replies to you. Just thought I would let you know in case it was important.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •