My system is infected

[Dakeyras]

Hi.

Computer still seems OK.

Good to know.

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

A question do you actually use Adobe Reader or Foxit Reader instead?

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 7.0.9
AOLIcon
Coupon Printer for Windows <-- Unless you actually use this software.
HijackThis 2.0.2 <-- This is the Beta version so please do uninstall. When you next run RSIT it will prompt to download/install the stable version of HijackThis.
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Custom ComboFix-Script:

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  

  File::
  c:\program files\wt3d.ini
  C:\program files\skynet.dat
  
  Folder::
  C:\Program Files\AVG
  c:\program files\Spybot - Search & Destroy
  c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
  c:\program files\Lavasoft
  c:\documents and settings\All Users\Application Data\Lavasoft
  c:\documents and settings\All Users\Application Data\avg9
  c:\program files\AVG
  c:\documents and settings\All Users\Application Data\Avg8
  c:\documents and settings\Mommy\Application Data\AVG8
  
  Registry::
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
  [-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
  [-HKEY_CLASSES_ROOT\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner]
  
  RegNull::
  [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\(* ª*]
  [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\(*! ª*]
  
  SecCenter::
  {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
  
  Reboot::

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

• Double click once on RSIT.exe
• RSIT will start running, at the disclaimer click on Continue.
• When done, 1 log will be produced.
• Post that in your next reply.

When completed the above, please post back the following:

• How is your computer performing now? Any problems encountered and or any further symptoms?
• Anwser to my question.
• ComboFix Log.
• A new RSIT Log. <-- Only one log will be produced this time and that is all I need to review.

 

[Orrin]

System continues to show no problems.

I can live without Adobe.

ComboFix 10-02-12.01 - Mommy 02/15/2010 13:12:11.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.541 [GMT -5:00]
Running from: c:\documents and settings\Mommy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mommy\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\program files\skynet.dat"
"c:\program files\wt3d.ini"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Avg8
c:\documents and settings\All Users\Application Data\avg9
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log.lock
c:\documents and settings\All Users\Application Data\Lavasoft
c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update\new\%APPDATA%\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe.new
c:\documents and settings\All Users\Application Data\Lavasoft\License\adaware.da2
c:\documents and settings\All Users\Application Data\Lavasoft\License\adaware2007.dat
c:\documents and settings\All Users\Application Data\Lavasoft\MiniMessage\2
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\SDHelper.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GJeans.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TagASaurus.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TagASaurus1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TagASaurus10.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TagASaurus2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TagASaurus3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TagASaurus4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TagASaurus5.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TagASaurus6.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TagASaurus7.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TagASaurus8.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TagASaurus9.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch.zip
c:\documents and settings\Mommy\Application Data\AVG8
c:\program files\AVG
c:\program files\AVG\AVG8\avg7api.dll.prepare
c:\program files\AVG\AVG8\avgapix.dll.prepare
c:\program files\AVG\AVG8\avgdumpx.exe.prepare
c:\program files\AVG\AVG8\avglogx.dll.prepare
c:\program files\AVG\AVG8\avgmail.dll.prepare
c:\program files\AVG\AVG8\avgmvflx.dll.prepare
c:\program files\AVG\AVG8\avgmwdef_us.mht.prepare
c:\program files\AVG\AVG8\avgscanx.dll.prepare
c:\program files\AVG\AVG8\avgscanx.exe.prepare
c:\program files\AVG\AVG8\avgsched.dll.prepare
c:\program files\AVG\AVG8\avgse.dll.prepare
c:\program files\AVG\AVG8\avgsrmax.exe.prepare
c:\program files\AVG\AVG8\avgsrmx.dll.prepare
c:\program files\AVG\AVG8\avgvvx.dll.prepare
c:\program files\AVG\AVG8\avgwd.dll.prepare
c:\program files\AVG\AVG8\avgwdsvc.exe.prepare
c:\program files\AVG\AVG8\avgwdwsc.dll.prepare
c:\program files\AVG\AVG8\dfncfg.dat.prepare
c:\program files\AVG\AVG8\fixcfg.exe.prepare
c:\program files\AVG\AVG8\setup.dat.prepare
c:\program files\AVG\AVG8\setupus.lns.prepare
c:\program files\Lavasoft
c:\program files\skynet.dat
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\sqlite3.dll
c:\program files\wt3d.ini

.
((((((((((((((((((((((((( Files Created from 2010-01-15 to 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-15 17:50 . 2010-02-15 17:50 -------- d-----w- c:\documents and settings\Mommy\Application Data\GetRight
2010-02-13 20:07 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-13 20:07 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-13 20:07 . 2010-02-13 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-11 16:21 . 2010-02-11 16:21 -------- d--h--w- c:\windows\system32\WLANProfiles
2010-02-11 16:21 . 2010-02-11 16:21 -------- d-----w- C:\Settings
2010-02-10 23:07 . 2010-02-10 23:07 -------- d-----w- C:\rsit
2010-02-10 22:49 . 2010-02-10 22:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-01-27 18:08 . 2010-01-27 18:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-27 18:08 . 2010-01-27 18:08 -------- d-----w- c:\program files\DVDVideoSoft
2010-01-27 18:06 . 2010-02-14 20:46 -------- d-----w- C:\source files
2010-01-18 19:39 . 2010-01-18 19:39 -------- d-----w- c:\documents and settings\ChaCha\Local Settings\Application Data\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 19:43 . 2010-01-03 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-15 17:59 . 2005-08-15 14:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-15 17:58 . 2008-10-24 16:37 -------- d-----w- c:\program files\Maxtor
2010-02-15 17:51 . 2008-11-12 05:14 -------- d-----w- c:\program files\GetRight
2010-02-15 17:48 . 2007-05-30 14:33 -------- d-----w- c:\program files\FeedReader30
2010-02-15 17:48 . 2009-01-26 23:38 -------- d-----w- c:\program files\Exact Audio Copy
2010-02-15 17:47 . 2009-01-16 15:25 -------- d-----w- c:\program files\Juice
2010-02-15 17:47 . 2005-08-15 14:10 -------- d-----w- c:\program files\Java
2010-02-15 17:33 . 2009-10-15 19:20 -------- d-----w- c:\program files\Coupons
2010-02-14 12:42 . 2007-11-26 21:18 -------- d-----w- c:\program files\Trend Micro
2010-01-25 00:58 . 2010-01-25 00:58 1956072 ----a-w- c:\documents and settings\Mommy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-12 00:12 . 2010-01-11 22:55 -------- d-----w- c:\documents and settings\Mommy\Application Data\LEGO Company
2010-01-11 22:54 . 2010-01-11 22:54 -------- d-----w- c:\program files\LEGO Company
2010-01-05 22:47 . 2010-01-05 22:47 -------- d-----w- c:\program files\Flip Video
2010-01-03 05:04 . 2010-01-03 05:04 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-03 05:04 . 2010-01-03 05:04 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-03 05:04 . 2010-01-03 05:04 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-03 05:04 . 2010-01-03 05:04 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-03 05:04 . 2010-01-03 05:04 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-03 05:03 . 2010-01-03 05:03 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-03 05:03 . 2010-01-03 05:03 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-03 05:03 . 2010-01-03 05:03 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-03 05:03 . 2010-01-03 05:03 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-03 05:03 . 2010-01-03 05:03 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-03 05:03 . 2010-01-03 05:03 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-03 05:03 . 2010-01-03 05:03 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-03 05:03 . 2010-01-03 05:03 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-03 05:03 . 2010-01-03 05:03 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-03 05:03 . 2010-01-03 05:03 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-03 04:44 . 2010-01-03 04:44 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-03 04:44 . 2010-01-03 04:44 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-03 04:42 . 2010-01-03 04:42 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-03 04:36 . 2010-01-03 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-03 04:04 . 2010-01-03 04:04 152576 ----a-w- c:\documents and settings\Mommy\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-03 04:04 . 2009-11-12 12:21 79488 ----a-w- c:\documents and settings\Mommy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-03 02:18 . 2010-01-03 02:18 -------- d-----w- c:\documents and settings\Mommy\Application Data\Malwarebytes
2010-01-03 02:18 . 2010-01-03 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-31 16:50 . 2005-08-15 13:49 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 19:50 . 2009-12-29 19:50 -------- d-----w- c:\program files\ERUNT
2009-12-28 23:16 . 2009-12-28 23:14 -------- d-----w- c:\documents and settings\Mommy\Application Data\QuickScan
2009-12-24 07:52 . 2009-12-28 23:14 684032 ----a-w- c:\documents and settings\Mommy\Application Data\Mozilla\Firefox\Profiles\j0yb55ai.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-24 07:52 . 2009-12-28 23:14 776704 ----a-w- c:\documents and settings\Mommy\Application Data\Mozilla\Firefox\Profiles\j0yb55ai.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-21 19:14 . 2004-08-19 20:49 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-19 21:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-19 20:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 23:18 . 2005-08-23 21:40 41432 ----a-w- c:\documents and settings\Mommy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 18:22 . 2005-08-15 13:48 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 01:59 . 2009-12-03 01:56 1924440 ----a-w- c:\documents and settings\Mommy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-11-27 17:11 . 2004-08-19 20:49 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 05:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-19 20:49 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-19 20:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-19 20:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 05:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2004-08-19 20:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 16:14 . 2009-11-19 16:14 4732800 ----a-w- c:\documents and settings\All Users\Application Data\Flip Video\FlipShare\Updates\FirmwareExec_Windows_en-US_83.06_83.07\FlipVideoFWUpdate.exe
2008-04-29 05:46 . 2008-04-29 05:47 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-04 344064]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]

c:\documents and settings\Mommy\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-3 40960]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-12-3 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11/23/2008 12:47 PM 16512]
.
Contents of the 'Scheduled Tasks' folder

2008-06-05 c:\windows\Tasks\$$$ntbackup_temp$$$.job
- c:\windows\system32\ntbackup.exe [2004-08-19 00:12]

2010-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-04 c:\windows\Tasks\FRU Task 2002-12-04 03:40ewlett-Packard2002-12-04 03:40p officejet 6100 series324C9EBEBB389A3CB37E16C7992E8342068F8B15241291994.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 23:40]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-203240765-3212423445-3393529514-1014Core.job
- c:\documents and settings\ChaCha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 21:59]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-203240765-3212423445-3393529514-1014UA.job
- c:\documents and settings\ChaCha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-09 21:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://70.155.93.6:82/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Mommy\Application Data\Mozilla\Firefox\Profiles\j0yb55ai.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={4DA528D3-D22E-2944-C25A-898391E239B2}&q=
FF - component: c:\documents and settings\Mommy\Application Data\Mozilla\Firefox\Profiles\j0yb55ai.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Mommy\Application Data\Mozilla\Firefox\Profiles\j0yb55ai.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
HKLM-Run-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 14:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\(* ª*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\(*! ª*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1512)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(2708)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2010-02-15 14:53:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-15 19:52
ComboFix2.txt 2010-02-14 21:09

Pre-Run: 12,967,215,104 bytes free
Post-Run: 13,046,321,152 bytes free

- - End Of File - - EB793DEB017957A49B3136AD131FE884

 

[Orrin]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mommy at 2010-02-15 16:10:53
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (17%) free of 72 GB
Total RAM: 1023 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:28 PM, on 2/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\Mommy\Desktop\RSIT.exe
C:\Program Files\trend micro\Mommy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137014789156
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://70.155.93.6:82/activex/AMC.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://creditplus.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia.com/common/cab/ikcntrls.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9417 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\$$$ntbackup_temp$$$.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1241291994.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-203240765-3212423445-3393529514-1014Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-203240765-3212423445-3393529514-1014UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-12-03 344064]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2006-11-06 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Documents and Settings\Mommy\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-12-04 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-15 14:53:10 ----D---- C:\WINDOWS\temp
2010-02-15 14:53:06 ----A---- C:\ComboFix.txt
2010-02-15 12:50:28 ----D---- C:\Documents and Settings\Mommy\Application Data\GetRight
2010-02-15 12:31:37 ----D---- C:\Config.Msi
2010-02-14 15:50:56 ----AD---- C:\Qoobox
2010-02-14 03:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-14 03:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-14 03:05:49 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-14 03:05:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-14 03:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-14 03:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-14 03:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-14 03:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-14 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-13 15:07:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-11 11:21:43 ----HD---- C:\WINDOWS\system32\WLANProfiles
2010-02-11 11:21:43 ----D---- C:\Settings
2010-02-11 11:21:43 ----A---- C:\Settings.ini
2010-02-10 18:07:27 ----D---- C:\rsit
2010-01-27 13:08:04 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-01-27 13:08:03 ----D---- C:\Program Files\DVDVideoSoft
2010-01-27 13:06:48 ----D---- C:\source files
2010-01-18 03:05:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-15 16:11:14 ----D---- C:\Program Files\Trend Micro
2010-02-15 16:11:10 ----D---- C:\WINDOWS\Prefetch
2010-02-15 16:09:33 ----D---- C:\Program Files\Mozilla Firefox
2010-02-15 14:53:13 ----D---- C:\WINDOWS\system32\drivers
2010-02-15 14:53:10 ----D---- C:\WINDOWS
2010-02-15 14:50:47 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-15 14:43:42 ----N---- C:\WINDOWS\system.ini
2010-02-15 14:43:26 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-02-15 14:31:25 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt
2010-02-15 13:25:42 ----D---- C:\WINDOWS\Registration
2010-02-15 13:22:47 ----AD---- C:\Program Files
2010-02-15 13:18:46 ----D---- C:\WINDOWS\system32
2010-02-15 13:18:46 ----D---- C:\WINDOWS\AppPatch
2010-02-15 13:18:36 ----D---- C:\Program Files\Common Files
2010-02-15 13:10:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-15 13:06:57 ----SHD---- C:\WINDOWS\Installer
2010-02-15 12:59:50 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-15 12:59:48 ----D---- C:\WINDOWS\WinSxS
2010-02-15 12:58:58 ----D---- C:\Program Files\Maxtor
2010-02-15 12:51:37 ----D---- C:\Program Files\GetRight
2010-02-15 12:48:55 ----D---- C:\Program Files\FeedReader30
2010-02-15 12:48:45 ----D---- C:\Program Files\Exact Audio Copy
2010-02-15 12:47:30 ----D---- C:\Program Files\Juice
2010-02-15 12:47:09 ----D---- C:\Program Files\Java
2010-02-15 12:33:50 ----SD---- C:\Documents and Settings\Mommy\Application Data\Microsoft
2010-02-15 12:33:14 ----D---- C:\Program Files\Coupons
2010-02-14 16:08:14 ----SD---- C:\WINDOWS\Tasks
2010-02-14 03:10:50 ----HD---- C:\WINDOWS\inf
2010-02-14 03:10:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-14 03:09:25 ----A---- C:\WINDOWS\imsins.BAK
2010-02-14 03:09:20 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-12 07:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB911565$
2010-02-11 16:16:36 ----SHD---- C:\WINDOWS\CSC
2010-02-11 11:25:05 ----D---- C:\WINDOWS\erdnt
2010-02-11 11:23:08 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-29 13:45:37 ----A---- C:\WINDOWS\win.ini
2010-01-23 03:02:40 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-01-03 315408]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-15 17056]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-12-04 800768]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBEMPIA;Dazzle DVC Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2005-12-21 100957]
S3 dwusbdnt;dwusbdnt; C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 10368]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 emAudio;Dazzle DVC Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2006-12-12 22528]
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2005-12-21 5245]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2002-12-04 50960]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2002-12-04 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2002-12-04 22384]
S3 mbr;mbr; \??\C:\DOCUME~1\Mommy\LOCALS~1\Temp\mbr.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2005-12-21 4493]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-03-24 38937]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-15 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-12-04 405504]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-09-28 195584]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 FlipShare Service;FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [2009-11-19 455944]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-03 356352]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-25 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-12-04 65536]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

 

[Dakeyras]

Hi.

At present you have Erunt set to run after very system reboot and create a registry backup. If you would prefer this not to be the case and create backups manually remove the entry highlighted below in red.

Next:

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

C:\Program Files\Trend Micro\hijackthis.exe

and click on OK

Now select Do a system scan only. Check the boxes next to all the entries listed below (if present):

O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

Now click on Fix Checked. Close HiJackThis.

Next:

Click Start >> Run and type cleanmgr in the box and press OK.

• Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
• You can choose to check other boxes if you wish but they are not required.
• Click on OK then Yes.
• Now Reboot(restart) your computer.

New Java Installation:

• Click here to visit Java's website.
• Scroll down to DK 6 Update 18 (JDK or JRE). Click on Download JRE.
• Select Windows from the drop-down list for Platform.
• Select Multi-language from the drop-down list for Language.
• Check (tick) Java SE Runtime Environment 6u18 with JavaFX 1 License Agreement box and click on Continue.
• Click on jre-6u18-windows-i586.exe link to download it and save this to a convenient location.
• Double click on jre-6u18-windows-i586.exe to install Java.

Update Mozilla Firefox:

• Launch Mozilla Firefox.
• Click on Help >> Check for updates...
• If any updates found, apply them and then restart Mozilla Firefox.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

• Please go here then click on:
  
  
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

1. Scan for potentially unwanted applications
2. Scan for potentially unsafe applications
3. Enable Anti-Stealth Technology

• Now click on:
  
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
  
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

When completed the above, please post back the following:

• How is your computer performing now? Any problems encountered and or any further symptoms?
• ESET Log.

 

[Orrin]

No unusal behavior.

ESET log:

C:\Documents and Settings\Mommy\Application Data\Sun\Java\Deployment\cache\6.0\21\30263fd5-135b0bb7 multiple threats
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1495\A0173456.exe probably a variant of Win32/Genetik trojan
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1495\A0173458.exe probably a variant of Win32/Adware.SAHAgent application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1495\A0173460.exe a variant of Win32/Adware.SAHAgent application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1495\A0173462.dll Win32/Adware.SAHAgent application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1495\A0173464.dll probably a variant of Win32/BHO trojan
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1501\A0174414.exe a variant of Win32/Adware.ADON application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176644.dll a variant of Win32/Adware.SuperJuan.V application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176645.dll a variant of Win32/Adware.SuperJuan.V application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176646.dll a variant of Win32/Adware.SuperJuan.V application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176664.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176672.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176680.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176688.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176700.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176720.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176728.dll a variant of Win32/Kryptik.CIP trojan
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176730.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176740.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176748.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176756.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176764.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176772.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176780.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176788.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176796.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176804.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176812.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176820.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176828.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176881.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0177888.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0177903.exe Win32/Adware.WinAntiVirus application
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0178910.exe Win32/Adware.WinAntiVirus application
C:\WINDOWS\Installer\17aa0e.msi a variant of Win32/Adware.ADON application
E:\Maxtor backup\LAPTOP\C\Documents and Settings\Mommy\Application Data\Sun\Java\Deployment\cache\6.0\21\30263fd5-135b0bb7 multiple threats
E:\Maxtor backup\LAPTOP\History\Level2\C\Documents and Settings\Mommy\Local Settings\temp\n.exn a variant of Win32/Adware.SuperJuan.V application
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-b9c7a1e-71488beb.zip Java/Bytverify trojan
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4f5e28c-6d07ebb3.zip Java/ClassLoader.AA trojan
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5c9ed667-4ceee849.zip Java/ClassLoader.AA trojan
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7eeef0f2-78ed802f.zip Java/ClassLoader.AA trojan

 

[Dakeyras]

Hi.

Could you post the complete ESET log please, thank you.

It can be located as follows:-

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

C:\Program Files\ESET\ESET Online Scanner

and click on OK

In the ESET Online Scanner window that appears locate log.txt, open it and copy the contents and post it in your next reply.

 

[Orrin]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d133d33c9c9b5f4b898c30e40479a3aa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-02-16 03:52:58
# local_time=2010-02-16 10:52:58 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777175 100 0 2871547 2871547 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=323804
# found=41
# cleaned=0
# scan_time=52285
C:\Documents and Settings\Mommy\Application Data\Sun\Java\Deployment\cache\6.0\21\30263fd5-135b0bb7 multiple threats 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1495\A0173456.exe probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1495\A0173458.exe probably a variant of Win32/Adware.SAHAgent application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1495\A0173460.exe a variant of Win32/Adware.SAHAgent application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1495\A0173462.dll Win32/Adware.SAHAgent application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1495\A0173464.dll probably a variant of Win32/BHO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1501\A0174414.exe a variant of Win32/Adware.ADON application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176644.dll a variant of Win32/Adware.SuperJuan.V application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176645.dll a variant of Win32/Adware.SuperJuan.V application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176646.dll a variant of Win32/Adware.SuperJuan.V application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176664.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176672.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176680.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176688.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176700.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1530\A0176720.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176728.dll a variant of Win32/Kryptik.CIP trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176730.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176740.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176748.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176756.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176764.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176772.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176780.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176788.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176796.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176804.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176812.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176820.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176828.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0176881.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0177888.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0177903.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1531\A0178910.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\WINDOWS\Installer\17aa0e.msi a variant of Win32/Adware.ADON application 00000000000000000000000000000000 I
E:\Maxtor backup\LAPTOP\C\Documents and Settings\Mommy\Application Data\Sun\Java\Deployment\cache\6.0\21\30263fd5-135b0bb7 multiple threats 00000000000000000000000000000000 I
E:\Maxtor backup\LAPTOP\History\Level2\C\Documents and Settings\Mommy\Local Settings\temp\n.exn a variant of Win32/Adware.SuperJuan.V application 00000000000000000000000000000000 I
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-b9c7a1e-71488beb.zip Java/Bytverify trojan 00000000000000000000000000000000 I
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4f5e28c-6d07ebb3.zip Java/ClassLoader.AA trojan 00000000000000000000000000000000 I
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5c9ed667-4ceee849.zip Java/ClassLoader.AA trojan 00000000000000000000000000000000 I
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7eeef0f2-78ed802f.zip Java/ClassLoader.AA trojan 00000000000000000000000000000000 I

 

[Orrin]

Just a note. The "big buck" files towards the end of the list are an old back up from an old machine.

 

[Dakeyras]

Hi.

Just a note. The "big buck" files towards the end of the list are an old back up from an old machine.

OK, it would be prudent to remove these as they are out of date and probably been compromised by the infections that were on-board the system.

Next:

Please download OTM to your Desktop.

• Double-click OTM to start the program.
• Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes

:Files
C:\Documents and Settings\Mommy\Application Data\Sun\Java\Deployment\cache\6.0\21\30263fd5-135b0bb7
C:\WINDOWS\Installer\17aa0e.msi
E:\Maxtor backup\LAPTOP\C\Documents and Settings\Mommy\Application Data\Sun\Java\Deployment\cache\6.0\21\30263fd5-135b0bb7 
E:\Maxtor backup\LAPTOP\History\Level2\C\Documents and Settings\Mommy\Local Settings\temp\n.exn 
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-b9c7a1e-71488beb.zip
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4f5e28c-6d07ebb3.zip
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5c9ed667-4ceee849.zip
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7eeef0f2-78ed802f.zip 

:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]

• Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
• Then click the red MoveIt! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

When completed the above, please post back the following:

• How is your computer performing now? Any problems encountered and or any further symptoms?
• OTM Log.

 

[Orrin]

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Documents and Settings\Mommy\Application Data\Sun\Java\Deployment\cache\6.0\21\30263fd5-135b0bb7 moved successfully.
C:\WINDOWS\Installer\17aa0e.msi moved successfully.
E:\Maxtor backup\LAPTOP\C\Documents and Settings\Mommy\Application Data\Sun\Java\Deployment\cache\6.0\21\30263fd5-135b0bb7 moved successfully.
E:\Maxtor backup\LAPTOP\History\Level2\C\Documents and Settings\Mommy\Local Settings\temp\n.exn moved successfully.
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-b9c7a1e-71488beb.zip moved successfully.
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4f5e28c-6d07ebb3.zip moved successfully.
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5c9ed667-4ceee849.zip moved successfully.
E:\Personal\Big Buck 05.06.2009\Documents and Settings\oahola\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7eeef0f2-78ed802f.zip moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 0 bytes

User: Aedan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: ChaCha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: Daddy

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: grandbob
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 0 bytes

User: Max
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Mommy
->Temp folder emptied: 59792 bytes
->Temporary Internet Files folder emptied: 6022032 bytes
->Java cache emptied: 471 bytes
->FireFox cache emptied: 36917605 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 41.00 mb


OTM by OldTimer - Version 3.1.8.0 log created on 02172010_113942

Files moved on Reboot...

Registry entries deleted on Reboot...

 

[Dakeyras]

Hi.

Congratulations your computer now appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

• Click on Start >> Run...
• Now type in ComboFix /Uninstall into the and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
• 

Clean up with OTM:

• Double-click OTM to start the program.
• Close all other programs apart from OTM as this step will require a reboot
• On the OTM main screen, press the CleanUp! button
• Say Yes to the prompt and then allow the program to reboot your computer.

The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed combination security application, Kaspersky Internet Security automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

• I advise you visit: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
• Install the Active X
• Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
• Start >> All Programs >> Microsoft Updates

Be careful when opening attachments and downloading files:

• Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
• Never open emails from unknown senders.
• Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
• Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

• MVPS Hosts File
• Bluetack's Hosts File
• Bluetack's Host Manager
• hpHosts

Only use one of the above.

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein(updated by tashi):

So how did I get infected in the first place?

Any questions? Feel free to ask, if not stay safe!

 

[Orrin]

:angel: Dakeyras :angel:,

We cannot express how grateful we are for your generosity in sharing your expertise! Thank you so much. :thanks:

Orrin

 

[Dakeyras]

You're most welcome!

 

[Dakeyras]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.