Total Security

2 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

Total Security14th October 2009, 4:12 am

I cannot get rid of the Total Security virus and have been unable to get Malware. Malware will not save; I get an error message each time. I have tried to rename the file to winlogon but it will not save the mbam.exe file.

I have full use of the computer except for the web redirects and if I restart the computer I get the whole Toal Security run around again. Here is the notepad from HiJack This. I sure hopre you can help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:09 PM, on 10/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1187041000\ee\AOLSoftware.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bryan\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187041000\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [FastAccess Help] C:\Program Files\BellSouth Application Management\content\..\Start.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [09982836] C:\DOCUME~1\ALLUSE~1\APPLIC~1\09982836\09982836.exe
O4 - HKLM\..\Run: [rukojujas] Rundll32.exe "c:\windows\system32\zeyotalu.dll",a
O4 - HKLM\..\Run: [40907828] C:\Documents and Settings\All Users\Application Data\40907828\40907828.exe
O4 - HKLM\..\Run: [01046112] C:\DOCUME~1\ALLUSE~1\APPLIC~1\01046112\01046112.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Download] "C:\Program Files\HelpCenterDecomJob\ssGet.exe" 120 "http://patttbc.att.motive.com/motivedocs/installers/ATT_SST_Installer.exe" "ATT_SST_Installer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255143838187
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://www.andersonfloors.com:8000/ibdc/databases/actimage40930.cab
O20 - AppInit_DLLs: nezapivu.dll c:\windows\system32\zeyotalu.dll
O21 - SSODL: jotatihes - {12ed866e-4f77-4490-82f9-1827fd0455d3} - c:\windows\system32\zeyotalu.dll
O22 - SharedTaskScheduler: jugezatag - {12ed866e-4f77-4490-82f9-1827fd0455d3} - c:\windows\system32\zeyotalu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10120 bytes

Re: Total Security14th October 2009, 5:08 am

Welcome to GeekPolice. We are here to save you money. Our expertise here can help you get rid of threats.

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a Tech Staff member, administrator, or moderator. Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.

As this topic is for you only, I just need to issue a warning to outside readers:
Roger that

Warning: Instructions issued in this topic are for this user only. We are not responsible for damages, so if you need help; please register for this site, and start a new topic requesting help.

Please download ComboFix Total Security Combofix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first:

Total Security Cf110

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

Re: Total Security14th October 2009, 11:40 pm

Here is the Combo-Fix.txt......

ComboFix 09-10-14.01 - Bryan 10/14/2009 18:56.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.224 [GMT -4:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\01046112
c:\documents and settings\All Users\Application Data\01046112\01046112.exe
c:\documents and settings\All Users\Application Data\09982836
c:\documents and settings\All Users\Application Data\09982836\09982836.exe
c:\documents and settings\All Users\Application Data\37417729
c:\documents and settings\All Users\Application Data\37417729\37417729.exe
c:\documents and settings\All Users\Application Data\40907828
c:\documents and settings\All Users\Application Data\40907828\40907828.exe
c:\documents and settings\All Users\Application Data\51913019
c:\documents and settings\All Users\Application Data\51913019\51913019.exe
c:\documents and settings\All Users\Documents\diser.pif
c:\documents and settings\All Users\Documents\hehis.scr
c:\documents and settings\All Users\Documents\uqeq.reg
c:\documents and settings\Bryan\Cookies\cuzohoqe.bat
c:\documents and settings\Bryan\Local Settings\Temporary Internet Files\cujurazasy.sys
c:\documents and settings\Bryan\Local Settings\Temporary Internet Files\enibafevi.dat
c:\documents and settings\Bryan\Local Settings\Temporary Internet Files\owuneteg.dll
c:\documents and settings\Bryan\Local Settings\Temporary Internet Files\qomate.pif
c:\documents and settings\Bryan\Local Settings\Temporary Internet Files\ujusyj.dat
c:\documents and settings\Bryan\My Documents\winlogon.exe
c:\documents and settings\Bryan\My Documents\ZbThumbnail.info
c:\program files\INSTALL.LOG
c:\windows\Installer\b189464.msp
c:\windows\Installer\b189465.msp
c:\windows\Installer\b189466.msp
c:\windows\Installer\b189467.msp
c:\windows\Installer\b189468.msp
c:\windows\Installer\b189469.msp
c:\windows\Installer\b18946a.msp
c:\windows\Installer\b18946b.msp
c:\windows\Installer\b18946c.msp
c:\windows\Installer\b240bc6.msp
c:\windows\Installer\b240bc7.msp
c:\windows\Installer\b240bc8.msp
c:\windows\Installer\b240bc9.msp
c:\windows\Installer\b240bca.msp
c:\windows\Installer\b240bcb.msp
c:\windows\Installer\b240bcc.msp
c:\windows\Installer\b240bcd.msp
c:\windows\Installer\b240bce.msp
c:\windows\Installer\b240bcf.msp
c:\windows\Installer\b6c97f4.msp
c:\windows\Installer\c7c542e.msp
c:\windows\Installer\c7c5438.msp
c:\windows\Installer\c7c5443.msp
c:\windows\olod._dl
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\bolizabi.dll
c:\windows\system32\busofiyo.dll
c:\windows\system32\daviyepe.dll
c:\windows\system32\dewuzeko.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\gidogiso.dll
c:\windows\system32\gutiyuya.dll
c:\windows\system32\jezoyayu.dll
c:\windows\system32\jufigonu.dll
c:\windows\system32\kayutijo.dll.tmp
c:\windows\system32\kehebuge.dll
c:\windows\system32\nezapivu.dll.tmp
c:\windows\system32\nivedusa.dll
c:\windows\system32\radanoku.dll
c:\windows\system32\riwevito.dll.tmp
c:\windows\system32\ruvoyenu.dll
c:\windows\system32\tifihafe.dll
c:\windows\system32\tugoheri.dll
c:\windows\system32\vapotolo.dll
c:\windows\system32\vebupefi.dll
c:\windows\system32\velubave.dll
c:\windows\system32\vinekole.dll
c:\windows\system32\vuzofafu.dll
c:\windows\system32\zeyotalu.dll
c:\windows\system32\ziwafume.dll

Infected copy of c:\windows\SYSTEM32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :^)
.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-14 23:15 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-14 23:15 . 2009-10-14 23:15 -------- d-----w- c:\windows\LastGood
2009-10-14 01:13 . 2009-10-14 02:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-13 21:30 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-13 21:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-13 21:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-13 21:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-13 21:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-13 21:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-13 21:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-13 21:30 . 2009-10-13 21:31 -------- d-----w- C:\951892db331d83b0214e8e7ee114
2009-10-13 21:14 . 2009-10-13 21:14 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-11 04:38 . 2009-10-11 04:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2009-10-10 04:35 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-10 04:32 . 2009-10-10 04:33 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-10-10 04:28 . 2009-10-10 04:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-10 03:52 . 2009-10-10 03:52 -------- d-sh--w- c:\documents and settings\Bryan\PrivacIE
2009-10-10 03:51 . 2009-10-10 03:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-10 03:47 . 2009-10-10 03:47 -------- d-sh--w- c:\documents and settings\Bryan\IETldCache
2009-10-10 03:44 . 2009-10-10 03:44 -------- d-----w- c:\windows\ie8updates
2009-10-10 03:40 . 2009-10-10 03:41 -------- dc-h--w- c:\windows\ie8
2009-10-10 03:35 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-10 03:35 . 2009-07-03 17:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-10 03:35 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-10 03:35 . 2009-07-03 17:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-10 03:35 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-10 03:35 . 2009-07-03 17:09 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-10 02:35 . 2009-10-10 02:35 -------- d-----w- c:\documents and settings\Rachel\Local Settings\Application Data\PCHealth
2009-10-10 00:23 . 2009-10-10 02:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-09 22:02 . 2009-10-14 22:00 -------- d-----w- c:\program files\HelpCenterDecomJob
2009-10-09 20:49 . 2009-06-12 11:50 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-10-09 20:47 . 2009-06-10 14:21 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-10-09 20:06 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-09 19:56 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-09 19:55 . 2009-07-13 14:08 5537792 ------w- c:\windows\system32\dllcache\wmp.dll
2009-10-09 19:55 . 2009-07-17 18:55 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-10-09 19:54 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-09 19:53 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-10-09 19:49 . 2009-10-09 19:49 -------- d-----w- c:\documents and settings\Bryan\Local Settings\Application Data\PCHealth
2009-10-09 19:39 . 2009-10-09 19:39 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-09 19:21 . 2009-10-09 19:21 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-04 15:36 . 2009-10-04 15:36 -------- d-----w- c:\documents and settings\Bryan\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
2009-10-04 15:35 . 2009-10-04 15:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-04 15:35 . 2009-10-04 15:35 -------- d-----w- c:\program files\DIRECTV
2009-09-24 17:29 . 2009-09-24 17:29 -------- d-----w- c:\documents and settings\Bryan\Application Data\Malwarebytes
2009-09-24 17:29 . 2009-09-24 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-17 18:15 . 2009-09-17 18:15 11474 ----a-w- c:\windows\icoryqiqo.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 23:51 . 2004-10-27 22:19 60200 ----a-w- c:\documents and settings\Bryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 01:14 . 2004-10-28 04:53 50870 ----a-w- c:\documents and settings\Bryan\Application Data\wklnhst.dat
2009-10-10 03:46 . 2004-10-28 04:31 -------- d-----w- c:\program files\SymNetDrv
2009-10-10 03:28 . 2009-02-25 20:13 -------- d-----w- c:\documents and settings\Bryan\Application Data\Yahoo!
2009-10-10 03:28 . 2009-02-25 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-10 03:02 . 2004-10-21 19:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-10 02:50 . 2004-10-21 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-10 02:34 . 2004-10-28 16:44 60200 ----a-w- c:\documents and settings\Rachel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 22:45 . 2007-11-16 14:02 -------- d-----w- c:\program files\blstoolbar
2009-10-09 19:48 . 2008-07-07 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2009-10-09 19:22 . 2004-10-21 19:26 -------- d-----w- c:\program files\Common Files\Real
2009-09-17 18:15 . 2009-09-17 18:15 18321 ----a-w- c:\program files\Common Files\malysyse.db
2009-09-16 02:19 . 2004-11-25 01:57 -------- d-----w- c:\documents and settings\Bryan\Application Data\AdobeUM
2009-09-09 13:13 . 2007-11-16 13:13 -------- d-----w- c:\program files\Common Files\Motive
2009-09-05 18:11 . 2009-09-05 18:11 19741 ----a-w- c:\windows\ydyzivo.bin
2009-09-05 18:11 . 2009-09-05 18:11 10922 ----a-w- c:\program files\Common Files\usogybof.dat
2009-08-06 23:24 . 2004-08-04 10:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-04 10:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-10-28 21:51 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-04 10:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 10:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-04 10:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-04 10:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2009-08-06 23:23 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:11 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-10 04:44 . 2009-07-10 04:44 112128 --sha-w- c:\windows\SYSTEM32\bumokoju.dll.tmp
2009-07-09 14:04 . 2009-07-09 14:04 116736 --sha-w- c:\windows\SYSTEM32\dugodabi.dll.tmp
2009-07-10 04:44 . 2009-07-10 04:44 112128 --sha-w- c:\windows\SYSTEM32\fupipivo.dll.tmp
2009-07-09 14:04 . 2009-07-09 14:04 116736 --sha-w- c:\windows\SYSTEM32\furafigi.dll.tmp
2009-07-10 04:45 . 2009-07-10 04:45 50688 --sha-w- c:\windows\SYSTEM32\gimuhohe.dll
2009-07-10 04:45 . 2009-07-10 04:45 172544 --sha-w- c:\windows\SYSTEM32\haferabo.dll
2009-07-09 14:04 . 2009-07-09 14:04 116736 --sha-w- c:\windows\SYSTEM32\holaguyo.dll.tmp
2009-07-13 04:46 . 2009-07-13 04:46 1011529 --sha-w- c:\windows\SYSTEM32\jarohomo.exe
2009-07-10 04:47 . 2009-07-10 04:47 50688 --sha-w- c:\windows\SYSTEM32\kiwasuge.dll.tmp
2009-07-10 04:47 . 2009-07-10 04:47 50688 --sha-w- c:\windows\SYSTEM32\lusumune.dll.tmp
2009-07-14 04:46 . 2009-07-14 04:46 3 --sha-w- c:\windows\SYSTEM32\mohafilu.dll
2009-07-13 16:46 . 2009-07-13 16:46 1050147 --sha-w- c:\windows\SYSTEM32\nahasuyi.exe
2009-07-14 04:46 . 2009-07-14 04:46 1011605 --sha-w- c:\windows\SYSTEM32\norozuse.exe
2009-07-14 04:46 . 2009-07-14 04:46 1050147 --sha-w- c:\windows\SYSTEM32\soseyuma.exe
2009-07-13 16:46 . 2009-07-13 16:46 1011572 --sha-w- c:\windows\SYSTEM32\tamotumu.exe
2009-07-14 16:47 . 2009-07-14 16:47 52224 --sha-w- c:\windows\SYSTEM32\vuzagaga.dll
2009-07-14 16:47 . 2009-07-14 16:47 52224 --sha-w- c:\windows\SYSTEM32\yiritaja.dll
2009-07-10 04:45 . 2009-07-10 04:45 69120 --sha-w- c:\windows\SYSTEM32\zepepewa.dll
2009-07-10 04:44 . 2009-07-10 04:44 112128 --sha-w- c:\windows\SYSTEM32\zidewomi.dll.tmp
2009-07-10 04:47 . 2009-07-10 04:47 50688 --sha-w- c:\windows\SYSTEM32\zukenezo.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b07c1a91-696f-4863-bcf0-b4bbd509fdd0}]
2009-07-14 16:47 52224 --sha-w- c:\windows\SYSTEM32\yiritaja.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Download"="c:\program files\HelpCenterDecomJob\ssGet.exe" [2009-07-20 917504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-21 180269]
"HostManager"="c:\program files\Common Files\AOL\1187041000\ee\AOLSoftware.exe" [2006-09-26 50736]
"HelpCenter4.1"="c:\program files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-29 198184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"FastAccess Help"="c:\program files\BellSouth Application Management\content\..\Start.exe" [2007-10-03 108421]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-10-21 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli busofiyo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BellSouth\\HelpCenter40b\\agent\\bin\\bcont_nm.exe"=
"c:\\WINDOWS\\SYSTEM32\\LOGON.SCR"=
"c:\\WINDOWS\\SYSTEM32\\wuauclt.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=
"c:\\WINDOWS\\explorer.exe"=

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/18/2008 9:13 AM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.net
uInternet Settings,ProxyOverride = *.local
Trusted Zone: download.com
Trusted Zone: turbotax.com
DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} - hxxp://www.andersonfloors.com:8000/ibdc/databases/actimage40930.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
HKLM-Run-09982836 - c:\docume~1\ALLUSE~1\APPLIC~1\09982836\09982836.exe
HKLM-Run-40907828 - c:\documents and settings\All Users\Application Data\40907828\40907828.exe
HKLM-Run-01046112 - c:\docume~1\ALLUSE~1\APPLIC~1\01046112\01046112.exe
HKLM-Run-51913019 - c:\documents and settings\All Users\Application Data\51913019\51913019.exe
HKLM-Run-37417729 - c:\docume~1\ALLUSE~1\APPLIC~1\37417729\37417729.exe
HKLM-Run-rukojujas - c:\windows\system32\gidogiso.dll
HKLM-Run-wiwurozohe - vebupefi.dll
SharedTaskScheduler-{a9ebde9a-183f-4c9a-a245-886d434e2b16} - c:\windows\system32\gidogiso.dll
SSODL-gavivawej-{a9ebde9a-183f-4c9a-a245-886d434e2b16} - c:\windows\system32\gidogiso.dll
AddRemove-HijackThis - c:\documents and settings\Bryan\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 19:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2940)
c:\windows\system32\WININET.dll
c:\windows\system32\yiritaja.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-10-14 19:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-14 23:26

Pre-Run: 15,444,860,928 bytes free
Post-Run: 16,217,423,872 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

310 --- E O F --- 2009-10-13 21:55

Re: Total Security15th October 2009, 12:53 am

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\icoryqiqo.dat
c:\program files\Common Files\malysyse.db
c:\windows\ydyzivo.bin
c:\program files\Common Files\usogybof.dat
c:\windows\SYSTEM32\bumokoju.dll.tmp
c:\windows\SYSTEM32\dugodabi.dll.tmp
c:\windows\SYSTEM32\fupipivo.dll.tmp
c:\windows\SYSTEM32\furafigi.dll.tmp
c:\windows\SYSTEM32\gimuhohe.dll
c:\windows\SYSTEM32\haferabo.dll
c:\windows\SYSTEM32\holaguyo.dll.tmp
c:\windows\SYSTEM32\jarohomo.exe
c:\windows\SYSTEM32\kiwasuge.dll.tmp
c:\windows\SYSTEM32\lusumune.dll.tmp
c:\windows\SYSTEM32\mohafilu.dll
c:\windows\SYSTEM32\nahasuyi.exe
c:\windows\SYSTEM32\norozuse.exe
c:\windows\SYSTEM32\soseyuma.exe
c:\windows\SYSTEM32\tamotumu.exe
c:\windows\SYSTEM32\vuzagaga.dll
c:\windows\SYSTEM32\yiritaja.dll
c:\windows\SYSTEM32\zepepewa.dll
c:\windows\SYSTEM32\zidewomi.dll.tmp
c:\windows\SYSTEM32\zukenezo.dll.tmp

Folder::
c:\program files\blstoolbar
c:\program files\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b07c1a91-696f-4863-bcf0-b4bbd509fdd0}]
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Total Security15th October 2009, 1:43 am

Here are the contents of the log:

ComboFix 09-10-14.01 - Bryan 10/14/2009 21:15.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.207 [GMT -4:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bryan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\program files\Common Files\malysyse.db"
"c:\program files\Common Files\usogybof.dat"
"c:\windows\icoryqiqo.dat"
"c:\windows\SYSTEM32\bumokoju.dll.tmp"
"c:\windows\SYSTEM32\dugodabi.dll.tmp"
"c:\windows\SYSTEM32\fupipivo.dll.tmp"
"c:\windows\SYSTEM32\furafigi.dll.tmp"
"c:\windows\SYSTEM32\gimuhohe.dll"
"c:\windows\SYSTEM32\haferabo.dll"
"c:\windows\SYSTEM32\holaguyo.dll.tmp"
"c:\windows\SYSTEM32\jarohomo.exe"
"c:\windows\SYSTEM32\kiwasuge.dll.tmp"
"c:\windows\SYSTEM32\lusumune.dll.tmp"
"c:\windows\SYSTEM32\mohafilu.dll"
"c:\windows\SYSTEM32\nahasuyi.exe"
"c:\windows\SYSTEM32\norozuse.exe"
"c:\windows\SYSTEM32\soseyuma.exe"
"c:\windows\SYSTEM32\tamotumu.exe"
"c:\windows\SYSTEM32\vuzagaga.dll"
"c:\windows\SYSTEM32\yiritaja.dll"
"c:\windows\SYSTEM32\zepepewa.dll"
"c:\windows\SYSTEM32\zidewomi.dll.tmp"
"c:\windows\SYSTEM32\zukenezo.dll.tmp"
"c:\windows\ydyzivo.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\blstoolbar
c:\program files\Common Files\malysyse.db
c:\program files\Common Files\usogybof.dat
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0303001D.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\BlueStreak.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\IEUI.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts2Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\MTS3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
c:\program files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9\FLFBootStrap.mtx
c:\program files\Viewpoint\Viewpoint Manager\CPtask.xml
c:\program files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewCP.cpl
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
c:\program files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
c:\windows\icoryqiqo.dat
c:\windows\SYSTEM32\bumokoju.dll.tmp
c:\windows\SYSTEM32\dugodabi.dll.tmp
c:\windows\SYSTEM32\fupipivo.dll.tmp
c:\windows\SYSTEM32\furafigi.dll.tmp
c:\windows\SYSTEM32\gimuhohe.dll
c:\windows\SYSTEM32\haferabo.dll
c:\windows\SYSTEM32\holaguyo.dll.tmp
c:\windows\SYSTEM32\jarohomo.exe
c:\windows\SYSTEM32\kiwasuge.dll.tmp
c:\windows\SYSTEM32\lusumune.dll.tmp
c:\windows\SYSTEM32\mohafilu.dll
c:\windows\SYSTEM32\nahasuyi.exe
c:\windows\SYSTEM32\norozuse.exe
c:\windows\SYSTEM32\soseyuma.exe
c:\windows\SYSTEM32\tamotumu.exe
c:\windows\SYSTEM32\vuzagaga.dll
c:\windows\SYSTEM32\yiritaja.dll
c:\windows\SYSTEM32\zepepewa.dll
c:\windows\SYSTEM32\zidewomi.dll.tmp
c:\windows\SYSTEM32\zukenezo.dll.tmp
c:\windows\ydyzivo.bin

.
((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-14 23:15 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-14 23:15 . 2009-10-14 23:17 -------- d-----w- c:\windows\LastGood.Tmp
2009-10-14 01:13 . 2009-10-14 02:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-13 21:30 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-13 21:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-13 21:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-13 21:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-13 21:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-13 21:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-13 21:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-13 21:30 . 2009-10-13 21:31 -------- d-----w- C:\951892db331d83b0214e8e7ee114
2009-10-13 21:14 . 2009-10-13 21:14 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-11 04:38 . 2009-10-11 04:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2009-10-10 04:35 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-10 04:32 . 2009-10-10 04:33 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-10-10 04:28 . 2009-10-10 04:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-10 03:52 . 2009-10-10 03:52 -------- d-sh--w- c:\documents and settings\Bryan\PrivacIE
2009-10-10 03:51 . 2009-10-10 03:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-10 03:47 . 2009-10-10 03:47 -------- d-sh--w- c:\documents and settings\Bryan\IETldCache
2009-10-10 03:44 . 2009-10-10 03:44 -------- d-----w- c:\windows\ie8updates
2009-10-10 03:40 . 2009-10-10 03:41 -------- dc-h--w- c:\windows\ie8
2009-10-10 03:35 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-10 03:35 . 2009-07-03 17:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-10 03:35 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-10 03:35 . 2009-07-03 17:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-10 03:35 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-10 03:35 . 2009-07-03 17:09 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-10 02:35 . 2009-10-10 02:35 -------- d-----w- c:\documents and settings\Rachel\Local Settings\Application Data\PCHealth
2009-10-10 00:23 . 2009-10-10 02:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-09 22:02 . 2009-10-14 22:00 -------- d-----w- c:\program files\HelpCenterDecomJob
2009-10-09 20:49 . 2009-06-12 11:50 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-10-09 20:47 . 2009-06-10 14:21 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-10-09 20:06 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-09 19:56 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-09 19:55 . 2009-07-13 14:08 5537792 ------w- c:\windows\system32\dllcache\wmp.dll
2009-10-09 19:55 . 2009-07-17 18:55 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-10-09 19:54 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-09 19:53 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-10-09 19:49 . 2009-10-09 19:49 -------- d-----w- c:\documents and settings\Bryan\Local Settings\Application Data\PCHealth
2009-10-09 19:39 . 2009-10-09 19:39 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-09 19:21 . 2009-10-09 19:21 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-04 15:36 . 2009-10-04 15:36 -------- d-----w- c:\documents and settings\Bryan\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
2009-10-04 15:35 . 2009-10-04 15:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-04 15:35 . 2009-10-04 15:35 -------- d-----w- c:\program files\DIRECTV
2009-09-24 17:29 . 2009-09-24 17:29 -------- d-----w- c:\documents and settings\Bryan\Application Data\Malwarebytes
2009-09-24 17:29 . 2009-09-24 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 23:51 . 2004-10-27 22:19 60200 ----a-w- c:\documents and settings\Bryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 01:14 . 2004-10-28 04:53 50870 ----a-w- c:\documents and settings\Bryan\Application Data\wklnhst.dat
2009-10-10 03:46 . 2004-10-28 04:31 -------- d-----w- c:\program files\SymNetDrv
2009-10-10 03:28 . 2009-02-25 20:13 -------- d-----w- c:\documents and settings\Bryan\Application Data\Yahoo!
2009-10-10 03:28 . 2009-02-25 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-10 03:02 . 2004-10-21 19:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-10 02:50 . 2004-10-21 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-10 02:34 . 2004-10-28 16:44 60200 ----a-w- c:\documents and settings\Rachel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 19:48 . 2008-07-07 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ATTToolbar
2009-10-09 19:22 . 2004-10-21 19:26 -------- d-----w- c:\program files\Common Files\Real
2009-09-16 02:19 . 2004-11-25 01:57 -------- d-----w- c:\documents and settings\Bryan\Application Data\AdobeUM
2009-09-09 13:13 . 2007-11-16 13:13 -------- d-----w- c:\program files\Common Files\Motive
2009-08-06 23:24 . 2004-08-04 10:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-04 10:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-10-28 21:51 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-04 10:00 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 10:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-04 10:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-04 10:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2009-08-06 23:23 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:11 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-14_23.20.27 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Download"="c:\program files\HelpCenterDecomJob\ssGet.exe" [2009-07-20 917504]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-21 180269]
"HostManager"="c:\program files\Common Files\AOL\1187041000\ee\AOLSoftware.exe" [2006-09-26 50736]
"HelpCenter4.1"="c:\program files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-29 198184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"FastAccess Help"="c:\program files\BellSouth Application Management\content\..\Start.exe" [2007-10-03 108421]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"wiwurozohe"="vebupefi.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-10-21 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BellSouth\\HelpCenter40b\\agent\\bin\\bcont_nm.exe"=
"c:\\WINDOWS\\SYSTEM32\\LOGON.SCR"=
"c:\\WINDOWS\\SYSTEM32\\wuauclt.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.net
uInternet Settings,ProxyOverride = *.local
Trusted Zone: download.com
Trusted Zone: turbotax.com
DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} - hxxp://www.andersonfloors.com:8000/ibdc/databases/actimage40930.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Viewpoint Manager - c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 21:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4032)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\WSCNTFY.EXE
.
**************************************************************************
.
Completion time: 2009-10-15 21:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-15 01:38
ComboFix2.txt 2009-10-14 23:27

Pre-Run: 16,187,400,192 bytes free
Post-Run: 16,047,980,544 bytes free

309 --- E O F --- 2009-10-13 21:55

Re: Total Security15th October 2009, 3:15 pm

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Re: Total Security15th October 2009, 11:09 pm

Here is the log. It appears to have found and removed the viruses. Sweeeeet!!

Malwarebytes' Anti-Malware 1.41
Database version: 2968
Windows 5.1.2600 Service Pack 2

10/15/2009 7:02:37 PM
mbam-log-2009-10-15 (19-02-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 189284
Time elapsed: 1 hour(s), 20 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wiwurozohe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\01046112\01046112.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\09982836\09982836.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\37417729\37417729.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\40907828\40907828.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\51913019\51913019.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nivedusa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1696\A0112202.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1732\A0123521.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1732\A0123522.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1732\A0123526.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1732\A0123527.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1756\A0136290.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1756\A0136291.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1756\A0136292.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1756\A0136293.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1756\A0136294.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1756\A0136306.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Re: Total Security16th October 2009, 1:17 am

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==

Please include the Malwarebytes and Security Check logs in your next reply.

Re: Total Security16th October 2009, 2:26 am

All of the help is much appreciated. I only wish I had found this site sooner.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2970
Windows 5.1.2600 Service Pack 2

10/15/2009 10:16:56 PM
mbam-log-2009-10-15 (22-16-56).txt

Scan type: Quick Scan
Objects scanned: 104751
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Security check log:

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
``````````````````````````````
Anti-malware/Other Utilities Check:
Java 2 Runtime Environment, SE v1.4.2_03
Adobe Reader 6.0.1
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Re: Total Security16th October 2009, 7:20 am

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

NEXT

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Please tell me how the upgrades went and how your computer is running. This is important, because any problems in updating or mysterious activity may be a sign of malware still lurking.

Total Security

descriptionTotal Security14th October 2009, 4:12 am

descriptionRe: Total Security14th October 2009, 5:08 am

descriptionRe: Total Security14th October 2009, 11:40 pm

descriptionRe: Total Security15th October 2009, 12:53 am

descriptionRe: Total Security15th October 2009, 1:43 am

descriptionRe: Total Security15th October 2009, 3:15 pm

descriptionRe: Total Security15th October 2009, 11:09 pm

descriptionRe: Total Security16th October 2009, 1:17 am

descriptionRe: Total Security16th October 2009, 2:26 am

descriptionRe: Total Security16th October 2009, 7:20 am

descriptionRe: Total Security