WiredWX Hobby Weather ToolsLog in

 


Internet security 2010

2 posters

descriptionInternet security 2010 - Page 2 EmptyRe: Internet security 2010

more_horiz
GooredFix by jpshortstuff (02.01.10.1)
Log created at 18:46 on 05/01/2010 (Lexi_2)
Firefox version 3.5.5 (en-US)

========== GooredScan ==========

Removing Orphan:
"m3ffxtbr@mywebsearch.com"="C:\Program Files\MyWebSearch\bar\firefox\" -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{6EA9A2DB-49E6-4C82-A74B-F254544B73E0} -> Success!
Deleting C:\Documents and Settings\Wanda_2\Local Settings\Application Data\{6EA9A2DB-49E6-4C82-A74B-F254544B73E0} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [05:21 07/09/2008]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:18 13/11/2009]

C:\Documents and Settings\Lexi_2\Application Data\Mozilla\Firefox\Profiles\zj3jvf37.default\extensions\
plugin@yontoo.com [02:38 27/11/2009]
{20a82645-c095-46ed-80e3-08825760534b} [16:37 14/11/2009]
{9565115d-c7d6-46d3-bd63-b67b481a4368} [02:39 27/11/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [12:52 08/08/2009]

-=E.O.F=-

descriptionInternet security 2010 - Page 2 EmptyRe: Internet security 2010

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    C:\eujbmv.exe
    C:\khkil.exe
    c:\windows\Jwodiperewehap.dat
    c:\windows\Ynoqiwepas.bin

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =

    Firefox::
    FF - ProfilePath - c:\documents and settings\Lexi_2\Application Data\Mozilla\Firefox\Profiles\zj3jvf37.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - MyWebSearch
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2418376&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=Bw9wbe9Kdu3I4Gq8YhO73w&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77c0c73b&searchfor=

    RegLockDel::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{79db2c42-83a4-4118-94ac-3223238d2dcd}\InprocServer32]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7cfdd9bd-4c24-450b-af89-1b8206b1292e}\InprocServer32]

    RegLock::
    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\QuickComplete]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Internet security 2010 - Page 2 Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionInternet security 2010 - Page 2 EmptyRe: Internet security 2010

more_horiz
Im sorry, I dont understand what your asking me to do.

descriptionInternet security 2010 - Page 2 EmptyRe: Internet security 2010

more_horiz
Copy all what's inside my quote box into a notepad file. Save the file as CFScript.txt, then drop and drop the .txt file onto Combofix.

descriptionInternet security 2010 - Page 2 EmptyRe: Internet security 2010

more_horiz
ComboFix 10-01-04.01 - Lexi_2 01/06/2010 22:08:32.12.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1381 [GMT -5:00]
Running from: c:\documents and settings\Lexi_2\Desktop\Combo-Fix.exe
AV: Avanquest VirusScanner Pro *On-access scanning enabled* (Updated) {6A383D4C-7657-408f-BD0D-B379B5C7C3BE}
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.

2010-01-05 15:36 . 2010-01-05 15:36 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-01-05 15:22 . 2010-01-05 15:22 388096 ----a-r- c:\documents and settings\Lexi_2\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-05 02:36 . 2010-01-05 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-05 02:36 . 2010-01-05 02:36 -------- d-----w- c:\program files\NOS
2010-01-05 02:34 . 2009-12-17 21:37 31936 ----a-w- c:\documents and settings\Wanda_2\Application Data\Mozilla\Firefox\Profiles\ogdutm03.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-01-05 02:34 . 2009-12-17 21:37 29344 ----a-w- c:\documents and settings\Wanda_2\Application Data\Mozilla\Firefox\Profiles\ogdutm03.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-01-04 14:23 . 2010-01-04 14:23 388096 ----a-r- c:\documents and settings\Wanda_2\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-04 14:23 . 2010-01-04 14:23 -------- d-----w- c:\program files\TrendMicro
2010-01-04 02:55 . 2010-01-04 02:55 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-04 02:28 . 2010-01-04 02:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Malwarebytes
2010-01-02 03:32 . 2010-01-02 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2009-12-20 01:28 . 2009-12-20 01:28 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-19 18:22 . 2009-12-20 01:31 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\hftqfq
2009-12-12 05:52 . 2009-12-12 05:52 -------- d-----w- c:\documents and settings\Jewel\Application Data\IObit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 20:00 . 2008-04-19 04:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-05 16:09 . 2009-11-15 14:23 -------- d-----w- c:\program files\PlaySushi
2010-01-04 15:44 . 2004-08-04 03:59 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-01-02 03:38 . 2008-11-03 02:48 -------- d-----w- c:\program files\iWin.com
2010-01-02 03:31 . 2008-07-26 16:11 -------- d-----w- c:\program files\Yahoo! Games
2010-01-02 02:40 . 2008-07-24 21:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-27 14:02 . 2008-10-01 01:42 1153816 ----a-w- c:\documents and settings\Jewel\Application Data\elefundesktops\autumntree_screensaver\flash.exe
2009-12-27 14:02 . 2008-10-01 01:42 81920 ----a-w- c:\documents and settings\Jewel\Application Data\elefundesktops\autumntree_screensaver\screensavercontoller.dll
2009-12-27 14:02 . 2008-10-01 01:42 1638404 ----a-w- c:\documents and settings\Jewel\Application Data\elefundesktops\autumntree_screensaver\swfplayer.exe
2009-12-27 14:02 . 2008-10-01 01:42 151552 ----a-w- c:\documents and settings\Jewel\Application Data\elefundesktops\autumntree_screensaver\sysinfo.exe
2009-12-27 01:10 . 2009-11-13 17:57 -------- d-----w- c:\program files\SpywareGuard
2009-12-16 02:20 . 2008-10-26 02:36 97 ----a-w- c:\windows\popcinfot.dat
2009-12-11 19:03 . 2008-12-07 22:07 -------- d-----w- c:\documents and settings\Lexi_2\Application Data\SecondLife
2009-12-08 23:20 . 2009-12-01 19:38 -------- d-----w- c:\documents and settings\Wanda_2\Application Data\IMVU
2009-12-07 20:12 . 2009-12-07 20:12 -------- d-----w- c:\documents and settings\Wanda_2\Application Data\SecondLife
2009-12-01 19:38 . 2009-12-01 19:38 76774 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\Uninstall.exe
2009-12-01 19:38 . 2009-12-01 19:37 -------- d-----w- c:\documents and settings\Wanda_2\Application Data\IMVUClient
2009-12-01 17:28 . 2008-12-07 21:37 -------- d-----w- c:\program files\SecondLife
2009-12-01 02:31 . 2009-12-01 02:31 92192 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\IMVUupdater.exe
2009-12-01 02:31 . 2009-12-01 02:31 22784 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\IMVUQualityAgent.exe
2009-12-01 02:31 . 2009-12-01 02:31 52992 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\IMVUClient.exe
2009-12-01 02:30 . 2009-12-01 02:30 54784 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\ui\plugins\nphwndproxy.dll
2009-12-01 02:30 . 2009-12-01 02:30 1188864 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\SceneWindow.dll
2009-12-01 02:30 . 2009-12-01 02:30 17408 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\MemoryHook.dll
2009-12-01 02:29 . 2009-12-01 02:29 301568 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\cal3d.dll
2009-12-01 02:29 . 2009-12-01 02:29 30720 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\CallStack.dll
2009-12-01 02:29 . 2009-12-01 02:29 190976 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\boost_python.dll
2009-12-01 02:29 . 2009-12-01 02:29 258048 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\audiere.dll
2009-11-29 20:24 . 2009-11-29 20:24 -------- d-----w- c:\documents and settings\Lexi_2\Application Data\PopCapv1002
2009-11-29 20:23 . 2008-10-26 02:36 0 ----a-w- c:\windows\popcreg.dat
2009-11-29 20:23 . 2008-10-05 01:03 -------- d-----w- c:\program files\PopCap Games
2009-11-29 14:35 . 2009-11-29 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-11-28 17:38 . 2009-08-08 02:47 117760 ----a-w- c:\documents and settings\Lexi_2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-28 15:41 . 2008-09-20 04:01 -------- d-----w- c:\program files\FROG
2009-11-28 15:41 . 2009-11-27 02:39 -------- d-----w- c:\program files\PageRage
2009-11-27 02:38 . 2009-11-27 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2009-11-23 20:48 . 2009-11-23 20:48 7490192 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\ui\plugins\VivoxVoiceManager.exe
2009-11-23 20:48 . 2009-11-23 20:48 345744 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\ui\plugins\npvivoxvoiceplugin.dll
2009-11-23 20:48 . 2009-11-23 20:48 184832 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\ui\plugins\ssleay32.dll
2009-11-23 20:48 . 2009-11-23 20:48 1006080 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\ui\plugins\libeay32.dll
2009-11-14 19:32 . 2009-11-14 19:32 -------- d-----w- c:\documents and settings\Lexi_2\Application Data\Apple Computer
2009-11-14 19:21 . 2009-11-14 19:21 -------- d-----w- c:\program files\IObitCom
2009-11-14 19:21 . 2009-11-14 19:21 -------- d-----w- c:\program files\Conduit
2009-11-14 18:25 . 2009-11-14 01:53 -------- d-----w- c:\documents and settings\Lexi_2\Application Data\IObit
2009-11-14 01:48 . 2008-09-09 01:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-14 01:47 . 2009-08-07 18:22 117760 ----a-w- c:\documents and settings\Wanda_2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-13 17:54 . 2009-11-13 17:54 -------- d-----w- c:\documents and settings\Wanda_2\Application Data\IObit
2009-11-13 17:54 . 2009-11-13 17:54 -------- d-----w- c:\program files\IObit
2009-11-13 17:35 . 2009-11-13 01:23 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-13 17:35 . 2009-11-13 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-13 17:35 . 2009-11-13 17:35 -------- d-----w- c:\program files\iWin Games
2009-11-13 17:35 . 2009-11-13 15:44 -------- d-----w- c:\program files\iWin Games(2)
2009-11-13 17:35 . 2008-11-03 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2009-11-13 01:23 . 2009-11-13 01:23 -------- d-----w- c:\program files\Agnitum
2009-11-13 01:22 . 2009-11-13 01:22 -------- d-----w- c:\program files\Lavasoft
2009-11-13 01:20 . 2009-11-13 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-11-12 23:27 . 2009-11-12 23:27 3771296 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\ui\plugins\NPSWF32.dll
2009-11-12 23:19 . 2009-11-12 23:19 5005968 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\ui\plugins\vivoxsdk.dll
2009-11-12 23:19 . 2009-11-12 23:19 329872 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\ui\plugins\libsndfile-1.dll
2009-11-12 23:19 . 2009-11-12 23:19 283280 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\ui\plugins\vivoxoal.dll
2009-11-12 23:19 . 2009-11-12 23:19 246416 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\ui\plugins\ortp.dll
2009-11-12 23:19 . 2009-11-12 23:19 1034896 ----a-w- c:\documents and settings\Wanda_2\Application Data\IMVUClient\ui\plugins\DbgHelp.dll
2009-11-10 21:23 . 2009-10-29 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 19:25 . 2009-03-23 15:30 -------- d-----w- c:\program files\Spyware Doctor
2009-11-10 19:13 . 2009-11-10 19:13 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-10 19:13 . 2009-11-10 19:13 -------- d-----w- c:\documents and settings\Wanda_2\Application Data\PC Tools
2009-11-10 19:13 . 2009-11-10 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-06 13:59 . 2009-11-06 13:59 4720 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-11-04 21:49 . 2009-11-14 18:25 635664 ----a-w- c:\documents and settings\Lexi_2\Application Data\IObit\Common\TB_Helper.exe
2009-11-02 20:58 . 2009-11-02 20:58 188928 ----a-w- c:\documents and settings\Lexi_2\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
2009-10-30 01:18 . 2009-10-30 01:18 118784 ----a-w- c:\windows\Web\Wallpaper\Waterfalls Animated Wallpaper.exe
2009-10-12 19:17 . 2008-11-12 14:49 524 ----a-w- c:\documents and settings\Lexi_2\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-05_16.12.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-20 19:21 . 2010-01-06 01:03 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-20 19:21 . 2010-01-05 14:05 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-01 22:29 2166296 ----a-w- c:\program files\IObitCom\tbIObi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirusScannerPro"="c:\progra~1\AVANQU~1\Fix-It\MemCheck.exe" [2008-08-26 173312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\Wanda_2\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jewel^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lexi_2^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Lexi_2\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wanda_2^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\Wanda_2\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-04-07 02:25 69632 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-01-20 01:46 342848 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 18:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2008-02-15 11:03 1052672 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-12 00:01 46368 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 02:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-04-07 02:41 8466432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-04-07 02:42 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-04-07 02:42 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-12 00:03 29984 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 11:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2008-07-28 19:01 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-04-07 02:25 16859648 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1208580525\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpsvc.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\iWin Games\\iWinTrusted.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [7/20/2008 3:33 PM 16855]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 10:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 10:01 AM 74480]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/2/2009 12:30 PM 78104]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2/28/2008 5:57 PM 18944]
R2 tmpreflt;tmpreflt;c:\progra~1\AVANQU~1\Fix-It\tmpreflt.sys [8/31/2007 1:36 PM 32528]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [7/20/2008 3:33 PM 21808]
R3 MailScan;MailScan;c:\progra~1\AVANQU~1\Fix-It\MailScan.sys [8/26/2008 4:14 PM 20496]
S2 gupdate1ca26895b87caa0;Google Update Service (gupdate1ca26895b87caa0);c:\program files\Google\Update\GoogleUpdate.exe [8/26/2009 3:11 PM 133104]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 JL2005;JL2005A Camera;c:\windows\system32\drivers\toywdm.sys [10/8/2005 5:22 PM 71512]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 10:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 20:11]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 20:11]

2010-01-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 21:36]

2010-01-07 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 21:36]

2010-01-06 c:\windows\Tasks\Norton Security Scan for Wanda_2.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-10-29 23:58]

2010-01-07 c:\windows\Tasks\User_Feed_Synchronization-{693C586D-CC8A-4A8C-A683-B2CD2CD201FC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: {{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\PlaySushi\PSText.dll
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
FF - ProfilePath - c:\documents and settings\Lexi_2\Application Data\Mozilla\Firefox\Profiles\zj3jvf37.default\
FF - component: c:\documents and settings\Lexi_2\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 22:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,a1,c4,fd,1b,8c,63,41,81,ee,ef,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,b6,31,0a,9e,6c,6b,45,bc,e9,8d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\WININET.dll
c:\progra~1\AVANQU~1\Fix-It\WinHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-06 22:13:31
ComboFix-quarantined-files.txt 2010-01-07 03:13
ComboFix2.txt 2010-01-07 01:19
ComboFix3.txt 2010-01-05 16:18

Pre-Run: 130,420,482,048 bytes free
Post-Run: 130,462,568,448 bytes free

- - End Of File - - B0441ECC4BD307E82A4307EBD485B8F0

descriptionInternet security 2010 - Page 2 EmptyRe: Internet security 2010

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

descriptionInternet security 2010 - Page 2 EmptyRe: Internet security 2010

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum