WiredWX Hobby Weather ToolsLog in

 


descriptionBeen infected with Antivirus Live, please help. EmptyBeen infected with Antivirus Live, please help.

more_horiz
My PC has been infected with Antivirus Live and for the past several hours I've been attempting to remove it in Safe Mode with Malwarebytes' Anti-Malware. I've had no luck as of yet and am going quite batty, so any help would be very much appreciated. Here's my HijackThis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:02 AM, on 1/15/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kat\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [orpefeon] C:\Windows\svhbsysguard.exe
O4 - HKCU\..\Run: [lkerlwrq] C:\Windows\spuxsysguard.exe
O4 - HKCU\..\Run: [fmilryso] C:\Windows\squhsysguard.exe
O4 - HKCU\..\Run: [udnkgiod] C:\Users\Kat\AppData\Local\sthdfb\psussysguard.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Kat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Update Service (gupdate1ca63408bc83028) (gupdate1ca63408bc83028) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9933 bytes

descriptionBeen infected with Antivirus Live, please help. EmptyRe: Been infected with Antivirus Live, please help.

more_horiz
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

descriptionBeen infected with Antivirus Live, please help. EmptyRe: Been infected with Antivirus Live, please help.

more_horiz
ComboFix 10-01-14.06 - Kat 01/15/2010 9:30.1.2 - x86 NETWORK
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.1.1033.18.3582.2936 [GMT -5:00]
Running from: c:\users\Kat\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1204229261-3270194858-436036643-1000
c:\$recycle.bin\S-1-5-21-1204229261-3270194858-436036643-1002
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3858587098-678737914-890489737-500
c:\users\Kat\AppData\Local\axcvbp
c:\users\Kat\AppData\Local\axcvbp\qfnasysguard.exe
c:\users\Kat\AppData\Local\bjmgxs
c:\users\Kat\AppData\Local\bjmgxs\ptudsysguard.exe
c:\users\Kat\AppData\Local\cuwptv
c:\users\Kat\AppData\Local\cuwptv\phcfsysguard.exe
c:\users\Kat\AppData\Local\dlpwgk
c:\users\Kat\AppData\Local\dlpwgk\phlasysguard.exe
c:\users\Kat\AppData\Local\dskfuv
c:\users\Kat\AppData\Local\dskfuv\pnuysysguard.exe
c:\users\Kat\AppData\Local\dxsclh
c:\users\Kat\AppData\Local\dxsclh\pawqsysguard.exe
c:\users\Kat\AppData\Local\ekkgaj
c:\users\Kat\AppData\Local\ekkgaj\suiqsysguard.exe
c:\users\Kat\AppData\Local\eqxtwv
c:\users\Kat\AppData\Local\eqxtwv\ptnssysguard.exe
c:\users\Kat\AppData\Local\etyfeb
c:\users\Kat\AppData\Local\etyfeb\squhsysguard.exe
c:\users\Kat\AppData\Local\ewnlff
c:\users\Kat\AppData\Local\ewnlff\sntisysguard.exe
c:\users\Kat\AppData\Local\fbones
c:\users\Kat\AppData\Local\fbones\qsrdsysguard.exe
c:\users\Kat\AppData\Local\fciesy
c:\users\Kat\AppData\Local\fciesy\piuusysguard.exe
c:\users\Kat\AppData\Local\fhqbjk
c:\users\Kat\AppData\Local\fhqbjk\puwmsysguard.exe
c:\users\Kat\AppData\Local\foliyv
c:\users\Kat\AppData\Local\foliyv\pbglsysguard.exe
c:\users\Kat\AppData\Local\gfeplk
c:\users\Kat\AppData\Local\gfeplk\pbpgsysguard.exe
c:\users\Kat\AppData\Local\glfdqd
c:\users\Kat\AppData\Local\glfdqd\pcuqsysguard.exe
c:\users\Kat\AppData\Local\grhtqh
c:\users\Kat\AppData\Local\grhtqh\qtbxsysguard.exe
c:\users\Kat\AppData\Local\hiabdv
c:\users\Kat\AppData\Local\hiabdv\qtkssysguard.exe
c:\users\Kat\AppData\Local\hjsrsd
c:\users\Kat\AppData\Local\hjsrsd\pjnksysguard.exe
c:\users\Kat\AppData\Local\hqoahn
c:\users\Kat\AppData\Local\hqoahn\powjsysguard.exe
c:\users\Kat\AppData\Local\hvwwxy
c:\users\Kat\AppData\Local\hvwwxy\pbybsysguard.exe
c:\users\Kat\AppData\Local\ihghtd
c:\users\Kat\AppData\Local\ihghtd\ppgesysguard.exe
c:\users\Kat\AppData\Local\iocojn
c:\users\Kat\AppData\Local\iocojn\pvpcsysguard.exe
c:\users\Kat\AppData\Local\lorutg
c:\users\Kat\AppData\Local\lorutg\pqassysguard.exe
c:\users\Kat\AppData\Local\maqisb
c:\users\Kat\AppData\Local\maqisb\svhbsysguard.exe
c:\users\Kat\AppData\Local\mhwmeu
c:\users\Kat\AppData\Local\mhwmeu\pkqusysguard.exe
c:\users\Kat\AppData\Local\Microsoft\Windows\Temporary Internet Files\StreamPlug.dll
c:\users\Kat\AppData\Local\mkxxla
c:\users\Kat\AppData\Local\mkxxla\sgwjsysguard.exe
c:\users\Kat\AppData\Local\muilcp
c:\users\Kat\AppData\Local\muilcp\sjfisysguard.exe
c:\users\Kat\AppData\Local\myiobc
c:\users\Kat\AppData\Local\myiobc\qpedsysguard.exe
c:\users\Kat\AppData\Local\ndxqiu
c:\users\Kat\AppData\Local\ndxqiu\pwchsysguard.exe
c:\users\Kat\AppData\Local\niahhy
c:\users\Kat\AppData\Local\niahhy\qoiosysguard.exe
c:\users\Kat\AppData\Local\nlbsoe
c:\users\Kat\AppData\Local\nlbsoe\skpdsysguard.exe
c:\users\Kat\AppData\Local\nsvbep
c:\users\Kat\AppData\Local\nsvbep\sqxcsysguard.exe
c:\users\Kat\AppData\Local\oblfju
c:\users\Kat\AppData\Local\oblfju\pdubsysguard.exe
c:\users\Kat\AppData\Local\ooibex
c:\users\Kat\AppData\Local\ooibex\pljjsysguard.exe
c:\users\Kat\AppData\Local\ovdisj
c:\users\Kat\AppData\Local\ovdisj\pqsisysguard.exe
c:\users\Kat\AppData\Local\pemqqy
c:\users\Kat\AppData\Local\pemqqy\sacpsysguard.exe
c:\users\Kat\AppData\Local\qehqcf
c:\users\Kat\AppData\Local\qehqcf\qwpmsysguard.exe
c:\users\Kat\AppData\Local\qkjehx
c:\users\Kat\AppData\Local\qkjehx\pxuwsysguard.exe
c:\users\Kat\AppData\Local\qxtdfs
c:\users\Kat\AppData\Local\qxtdfs\sxklsysguard.exe
c:\users\Kat\AppData\Local\rdowsm
c:\users\Kat\AppData\Local\rdowsm\prlxsysguard.exe
c:\users\Kat\AppData\Local\rgdctq
c:\users\Kat\AppData\Local\rgdctq\qpkxsysguard.exe
c:\users\Kat\AppData\Local\rgpiyr
c:\users\Kat\AppData\Local\rgpiyr\snsnsysguard.exe
c:\users\Kat\AppData\Local\rjenbv
c:\users\Kat\AppData\Local\rjenbv\slrnsysguard.exe
c:\users\Kat\AppData\Local\snfpyj
c:\users\Kat\AppData\Local\snfpyj\pqpisysguard.exe
c:\users\Kat\AppData\Local\tffrev
c:\users\Kat\AppData\Local\tffrev\sxdbsysguard.exe
c:\users\Kat\AppData\Local\tkykrp
c:\users\Kat\AppData\Local\tkykrp\psensysguard.exe
c:\users\Kat\AppData\Local\twdpwm
c:\users\Kat\AppData\Local\twdpwm\plpesysguard.exe
c:\users\Kat\AppData\Local\ucllnx
c:\users\Kat\AppData\Local\ucllnx\qxrwsysguard.exe
c:\users\Kat\AppData\Local\udsgfv
c:\users\Kat\AppData\Local\udsgfv\sfvtsysguard.exe
c:\users\Kat\AppData\Local\uhtiei
c:\users\Kat\AppData\Local\uhtiei\qktosysguard.exe
c:\users\Kat\AppData\Local\unavyu
c:\users\Kat\AppData\Local\unavyu\soldsysguard.exe
c:\users\Kat\AppData\Local\uuqeym
c:\users\Kat\AppData\Local\uuqeym\prixsysguard.exe
c:\users\Kat\AppData\Local\vbrree
c:\users\Kat\AppData\Local\vbrree\psnisysguard.exe
c:\users\Kat\AppData\Local\vesdlj
c:\users\Kat\AppData\Local\vesdlj\spuxsysguard.exe
c:\users\Kat\AppData\Local\vgaoup
c:\users\Kat\AppData\Local\vgaoup\pfpasysguard.exe
c:\users\Kat\AppData\Local\vnvvjb
c:\users\Kat\AppData\Local\vnvvjb\plyysysguard.exe
c:\users\Kat\AppData\Local\wcgrnj
c:\users\Kat\AppData\Local\wcgrnj\svnqsysguard.exe
c:\users\Kat\AppData\Local\xpxnss
c:\users\Kat\AppData\Local\xpxnss\paqvsysguard.exe
c:\users\Kat\AppData\Local\xuljxx
c:\users\Kat\AppData\Local\xuljxx\spersysguard.exe
c:\users\Kat\AppData\Local\xwsuhe
c:\users\Kat\AppData\Local\xwsuhe\pgausysguard.exe
c:\users\Kat\AppData\Local\yidfeh
c:\users\Kat\AppData\Local\yidfeh\pthxsysguard.exe
c:\users\Kat\AppData\Local\yleqkm
c:\users\Kat\AppData\Local\yleqkm\spnmsysguard.exe
c:\users\Kat\AppData\Local\yqmnbx
c:\users\Kat\AppData\Local\yqmnbx\scpfsysguard.exe
c:\users\Kat\AppData\Local\ysyyax
c:\users\Kat\AppData\Local\ysyyax\svwlsysguard.exe
c:\users\Kat\AppData\Local\yugkje
c:\users\Kat\AppData\Local\yugkje\pmsosysguard.exe
c:\users\Kat\AppData\Local\yxhvqj
c:\users\Kat\AppData\Local\yxhvqj\siyesysguard.exe
c:\users\Kat\AppData\Roaming\etyfeb
c:\users\Kat\AppData\Roaming\etyfeb\squhsysguard.exe
c:\users\Kat\AppData\Roaming\maqisb
c:\users\Kat\AppData\Roaming\maqisb\svhbsysguard.exe
c:\users\Kat\AppData\Roaming\vesdlj
c:\users\Kat\AppData\Roaming\vesdlj\spuxsysguard.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-15 14:38 . 2010-01-15 14:39 -------- d-----w- c:\users\Kat\AppData\Local\temp
2010-01-15 14:38 . 2010-01-15 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-15 14:29 . 2010-01-15 14:29 -------- d-----w- C:\32788R22FWJFW
2010-01-15 10:32 . 2010-01-15 10:32 388096 ----a-r- c:\users\Kat\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-15 10:32 . 2010-01-15 10:32 -------- d-----w- c:\program files\TrendMicro
2010-01-15 07:06 . 2010-01-15 07:06 -------- d-----w- c:\users\Kat\AppData\Roaming\Malwarebytes
2010-01-15 07:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 07:06 . 2010-01-15 07:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 07:06 . 2010-01-15 07:06 -------- d-----w- c:\programdata\Malwarebytes
2010-01-15 07:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 05:50 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\vqwhqg
2010-01-15 05:50 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\hyqcox
2010-01-15 05:50 . 2010-01-15 05:23 431360 ----a-w- c:\windows\squhsysguard.exe
2010-01-15 05:50 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Roaming\yleqkm
2010-01-15 05:50 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\xxbpac
2010-01-15 05:50 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\lpaple
2010-01-15 05:50 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\oeflas
2010-01-15 05:50 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\yotwmq
2010-01-15 05:50 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\cveklu
2010-01-15 05:50 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Roaming\yxhvqj
2010-01-15 05:48 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\kbaynv
2010-01-15 05:48 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\uqpcay
2010-01-15 05:48 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\gxohls
2010-01-15 05:48 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\uxkjpk
2010-01-15 05:48 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\aoacdx
2010-01-15 05:48 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\ipjjbm
2010-01-15 05:48 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\mrsgbk
2010-01-15 05:48 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\imtdah
2010-01-15 05:48 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\cdysbf
2010-01-15 05:47 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\xtssjq
2010-01-15 05:47 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\fwuqvm
2010-01-15 05:47 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\byqvku
2010-01-15 05:47 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\nbqfxo
2010-01-15 05:35 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\vivdhn
2010-01-15 05:35 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\hafwiw
2010-01-15 05:35 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\bliukq
2010-01-15 05:35 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\mvvgwo
2010-01-15 05:35 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\qyixyr
2010-01-15 05:35 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\jhpkia
2010-01-15 05:35 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\egqeew
2010-01-15 05:35 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\cxlvub
2010-01-15 05:33 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\nniexk
2010-01-15 05:32 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\fraoaa
2010-01-15 05:30 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\upihib
2010-01-15 05:29 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\sbcltm
2010-01-15 05:29 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\sthdfb
2010-01-14 01:48 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-14 01:48 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-12-25 09:44 . 2009-12-25 09:44 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 14:28 . 2009-03-20 12:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-15 14:28 . 2009-03-20 12:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-15 14:08 . 2008-07-01 00:20 -------- d-----w- c:\users\Kat\AppData\Roaming\WTablet
2010-01-15 13:40 . 2007-02-26 20:46 2032 ----a-w- c:\users\Kat\AppData\Local\d3d9caps.dat
2010-01-15 11:16 . 2007-03-16 00:20 -------- d-----w- c:\program files\Java
2010-01-15 07:31 . 2009-06-05 20:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-15 05:57 . 2007-02-18 03:46 -------- d-----w- c:\program files\Common Files\aol
2010-01-15 05:23 . 2010-01-15 05:49 431360 ----a-w- c:\windows\spuxsysguard.exe
2010-01-15 05:23 . 2010-01-15 05:49 431360 ----a-w- c:\windows\svhbsysguard.exe
2010-01-14 13:21 . 2007-07-01 02:19 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-25 16:37 . 2007-02-19 01:08 11828 ----a-w- c:\users\Kat\AppData\Roaming\wklnhst.dat
2009-12-13 21:12 . 2007-03-16 00:08 -------- d-----w- c:\users\Kat\AppData\Roaming\Apple Computer
2009-12-13 21:02 . 2009-12-13 21:01 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-13 21:02 . 2009-12-13 21:01 -------- d-----w- c:\program files\iTunes
2009-12-13 21:01 . 2009-12-13 21:01 -------- d-----w- c:\program files\iPod
2009-12-13 21:01 . 2007-11-04 01:43 -------- d-----w- c:\program files\Common Files\Apple
2009-12-13 20:59 . 2009-12-13 20:58 -------- d-----w- c:\program files\QuickTime
2009-12-13 20:53 . 2009-12-13 20:53 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-11 23:04 . 2009-12-11 23:04 -------- d-----w- c:\program files\Norton Security Scan
2009-12-11 23:04 . 2009-08-08 21:31 -------- d-----w- c:\programdata\Norton
2009-12-11 23:04 . 2009-08-08 21:31 -------- d-----w- c:\programdata\NortonInstaller
2009-12-07 16:57 . 2009-12-07 16:57 -------- d-----w- c:\program files\SimPE
2009-12-01 12:45 . 2009-12-01 12:45 -------- d-----w- c:\program files\Gadwin Systems
2009-12-01 07:23 . 2009-06-02 21:45 -------- d-----w- c:\programdata\Electronic Arts
2009-12-01 07:22 . 2009-06-13 17:42 -------- d-----w- c:\program files\Mad Scientist Productions
2009-12-01 07:20 . 2006-12-26 09:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 07:19 . 2009-05-22 08:42 -------- d-----w- c:\users\Kat\AppData\Roaming\uTorrent
2009-11-22 19:14 . 2009-06-02 21:20 -------- d-----w- c:\program files\Electronic Arts
2009-11-18 19:38 . 2007-03-09 13:06 -------- d-----w- c:\programdata\Roxio
2009-11-17 19:36 . 2009-05-22 11:33 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-09 13:22 . 2009-12-09 11:26 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-09 11:26 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-09 11:26 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-03 01:42 . 2009-10-03 07:26 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-26 22:35 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20 . 2009-12-08 22:54 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-08 22:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-08 22:53 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-20 2000120]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"orpefeon"="c:\windows\svhbsysguard.exe" [2010-01-15 431360]
"lkerlwrq"="c:\windows\spuxsysguard.exe" [2010-01-15 431360]
"fmilryso"="c:\windows\squhsysguard.exe" [2010-01-15 431360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-17 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-17 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-26 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 11:29 67752 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2008-12-09 11:08 495616 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\aol\1171770383\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2006-09-28 13:42 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 15:44 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 02:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-15 16:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-08-20 19:08 2000120 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [5/22/2009 6:33 AM 722416]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [12/26/2006 4:34 AM 202872]
S2 gupdate1ca63408bc83028;Google Update Service (gupdate1ca63408bc83028);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 9:33 PM 133104]
S2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]
S2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [6/30/2008 7:14 PM 1373480]
S3 dhdusb.NTx86;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\System32\drivers\bcmusbdhdlh.sys [8/29/2008 1:32 AM 241656]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [10/24/2006 7:40 AM 37008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-12 02:33]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-12 02:33]

2010-01-02 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Debbie.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

2010-01-14 c:\windows\Tasks\Norton Security Scan for Kat.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Kat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\Kat\AppData\Roaming\Mozilla\Firefox\Profiles\unoq9o32.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=&locale=&q=
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\SceneCaster\Version 3.11.33\NPSceneCaster.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Kat\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Kat\AppData\Roaming\Mozilla\Firefox\Profiles\unoq9o32.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-Aim6 - (no file)
HKCU-Run-udnkgiod - c:\users\Kat\AppData\Local\sthdfb\psussysguard.exe
HKLM-RunOnce- - (no file)
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_02\bin\jusched.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-AIM Toolbar - c:\program files\AIM Toolbar\uninstall.exe
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-HijackThis - c:\users\Kat\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 09:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1204229261-3270194858-436036643-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-01-15 09:40:52
ComboFix-quarantined-files.txt 2010-01-15 14:40

Pre-Run: 240,516,665,344 bytes free
Post-Run: 241,841,328,128 bytes free

- - End Of File - - BCAFA55DEC72ED4D076298954C35A6AA

descriptionBeen infected with Antivirus Live, please help. EmptyRe: Been infected with Antivirus Live, please help.

more_horiz
Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Folder::
    c:\users\Kat\AppData\Local\vqwhqg
    c:\users\Kat\AppData\Local\hyqcox
    c:\users\Kat\AppData\Roaming\yleqkm
    c:\users\Kat\AppData\Local\xxbpac
    c:\users\Kat\AppData\Local\lpaple
    c:\users\Kat\AppData\Local\oeflas
    c:\users\Kat\AppData\Local\yotwmq
    c:\users\Kat\AppData\Local\cveklu
    c:\users\Kat\AppData\Roaming\yxhvqj
    c:\users\Kat\AppData\Local\kbaynv
    c:\users\Kat\AppData\Local\uqpcay
    c:\users\Kat\AppData\Local\gxohls
    c:\users\Kat\AppData\Local\uxkjpk
    c:\users\Kat\AppData\Local\aoacdx
    c:\users\Kat\AppData\Local\ipjjbm
    c:\users\Kat\AppData\Local\mrsgbk
    c:\users\Kat\AppData\Local\imtdah
    c:\users\Kat\AppData\Local\cdysbf
    c:\users\Kat\AppData\Local\xtssjq
    c:\users\Kat\AppData\Local\fwuqvm
    c:\users\Kat\AppData\Local\byqvku
    c:\users\Kat\AppData\Local\nbqfxo
    c:\users\Kat\AppData\Local\vivdhn
    c:\users\Kat\AppData\Local\hafwiw
    c:\users\Kat\AppData\Local\bliukq
    c:\users\Kat\AppData\Local\mvvgwo
    c:\users\Kat\AppData\Local\qyixyr
    c:\users\Kat\AppData\Local\jhpkia
    c:\users\Kat\AppData\Local\egqeew
    c:\users\Kat\AppData\Local\cxlvub
    c:\users\Kat\AppData\Local\nniexk
    c:\users\Kat\AppData\Local\fraoaa
    c:\users\Kat\AppData\Local\upihib
    c:\users\Kat\AppData\Local\sbcltm
    c:\users\Kat\AppData\Local\sthdfb

    File::
    c:\windows\squhsysguard.exe
    c:\windows\spuxsysguard.exe
    c:\windows\svhbsysguard.exe

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "orpefeon"=-
    "lkerlwrq"=-
    "fmilryso"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"=-

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=&locale=&q=
  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Been infected with Antivirus Live, please help. 2v3rg44

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionBeen infected with Antivirus Live, please help. EmptyRe: Been infected with Antivirus Live, please help.

more_horiz
ComboFix 10-01-14.06 - Kat 01/16/2010 11:37:31.2.2 - x86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.1.1033.18.3582.2728 [GMT -5:00]
Running from: c:\users\Kat\Desktop\ComboFix.exe
Command switches used :: c:\users\Kat\Desktop\CFscript.txt

FILE ::
"c:\windows\spuxsysguard.exe"
"c:\windows\squhsysguard.exe"
"c:\windows\svhbsysguard.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Kat\AppData\Local\aoacdx
c:\users\Kat\AppData\Local\bliukq
c:\users\Kat\AppData\Local\byqvku
c:\users\Kat\AppData\Local\cdysbf
c:\users\Kat\AppData\Local\cveklu
c:\users\Kat\AppData\Local\cxlvub
c:\users\Kat\AppData\Local\egqeew
c:\users\Kat\AppData\Local\fraoaa
c:\users\Kat\AppData\Local\fwuqvm
c:\users\Kat\AppData\Local\gxohls
c:\users\Kat\AppData\Local\hafwiw
c:\users\Kat\AppData\Local\hyqcox
c:\users\Kat\AppData\Local\imtdah
c:\users\Kat\AppData\Local\ipjjbm
c:\users\Kat\AppData\Local\jhpkia
c:\users\Kat\AppData\Local\kbaynv
c:\users\Kat\AppData\Local\lpaple
c:\users\Kat\AppData\Local\mrsgbk
c:\users\Kat\AppData\Local\mvvgwo
c:\users\Kat\AppData\Local\nbqfxo
c:\users\Kat\AppData\Local\nniexk
c:\users\Kat\AppData\Local\oeflas
c:\users\Kat\AppData\Local\qyixyr
c:\users\Kat\AppData\Local\sbcltm
c:\users\Kat\AppData\Local\sthdfb
c:\users\Kat\AppData\Local\upihib
c:\users\Kat\AppData\Local\uqpcay
c:\users\Kat\AppData\Local\uxkjpk
c:\users\Kat\AppData\Local\vivdhn
c:\users\Kat\AppData\Local\vqwhqg
c:\users\Kat\AppData\Local\xtssjq
c:\users\Kat\AppData\Local\xxbpac
c:\users\Kat\AppData\Local\yotwmq
c:\users\Kat\AppData\Roaming\yleqkm
c:\users\Kat\AppData\Roaming\yxhvqj
c:\windows\spuxsysguard.exe
c:\windows\squhsysguard.exe
c:\windows\svhbsysguard.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-16 16:47 . 2010-01-16 16:47 -------- d-----w- c:\users\Kat\AppData\Local\temp
2010-01-16 16:47 . 2010-01-16 16:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-16 16:47 . 2010-01-16 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-16 16:31 . 2010-01-16 16:32 -------- d-----w- C:\32788R22FWJFW
2010-01-15 10:32 . 2010-01-15 10:32 388096 ----a-r- c:\users\Kat\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-15 10:32 . 2010-01-15 10:32 -------- d-----w- c:\program files\TrendMicro
2010-01-15 07:06 . 2010-01-15 07:06 -------- d-----w- c:\users\Kat\AppData\Roaming\Malwarebytes
2010-01-15 07:06 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 07:06 . 2010-01-15 07:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 07:06 . 2010-01-15 07:06 -------- d-----w- c:\programdata\Malwarebytes
2010-01-15 07:06 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 05:34 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\abrbdt
2010-01-15 05:33 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\ruaxou
2010-01-15 05:32 . 2010-01-15 07:21 -------- d-----w- c:\users\Kat\AppData\Local\wcumhi
2010-01-14 01:48 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-14 01:48 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-12-25 09:44 . 2009-12-25 09:44 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 16:34 . 2008-07-01 00:20 -------- d-----w- c:\users\Kat\AppData\Roaming\WTablet
2010-01-15 14:28 . 2009-03-20 12:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-15 14:28 . 2009-03-20 12:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-15 13:40 . 2007-02-26 20:46 2032 ----a-w- c:\users\Kat\AppData\Local\d3d9caps.dat
2010-01-15 11:16 . 2007-03-16 00:20 -------- d-----w- c:\program files\Java
2010-01-15 07:31 . 2009-06-05 20:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-15 05:57 . 2007-02-18 03:46 -------- d-----w- c:\program files\Common Files\aol
2010-01-14 13:21 . 2007-07-01 02:19 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-25 16:37 . 2007-02-19 01:08 11828 ----a-w- c:\users\Kat\AppData\Roaming\wklnhst.dat
2009-12-13 21:12 . 2007-03-16 00:08 -------- d-----w- c:\users\Kat\AppData\Roaming\Apple Computer
2009-12-13 21:02 . 2009-12-13 21:01 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-13 21:02 . 2009-12-13 21:01 -------- d-----w- c:\program files\iTunes
2009-12-13 21:01 . 2009-12-13 21:01 -------- d-----w- c:\program files\iPod
2009-12-13 21:01 . 2007-11-04 01:43 -------- d-----w- c:\program files\Common Files\Apple
2009-12-13 20:59 . 2009-12-13 20:58 -------- d-----w- c:\program files\QuickTime
2009-12-13 20:53 . 2009-12-13 20:53 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-11 23:04 . 2009-12-11 23:04 -------- d-----w- c:\program files\Norton Security Scan
2009-12-11 23:04 . 2009-08-08 21:31 -------- d-----w- c:\programdata\Norton
2009-12-11 23:04 . 2009-08-08 21:31 -------- d-----w- c:\programdata\NortonInstaller
2009-12-07 16:57 . 2009-12-07 16:57 -------- d-----w- c:\program files\SimPE
2009-12-01 12:45 . 2009-12-01 12:45 -------- d-----w- c:\program files\Gadwin Systems
2009-12-01 07:23 . 2009-06-02 21:45 -------- d-----w- c:\programdata\Electronic Arts
2009-12-01 07:22 . 2009-06-13 17:42 -------- d-----w- c:\program files\Mad Scientist Productions
2009-12-01 07:20 . 2006-12-26 09:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 07:19 . 2009-05-22 08:42 -------- d-----w- c:\users\Kat\AppData\Roaming\uTorrent
2009-11-22 19:14 . 2009-06-02 21:20 -------- d-----w- c:\program files\Electronic Arts
2009-11-18 19:38 . 2007-03-09 13:06 -------- d-----w- c:\programdata\Roxio
2009-11-17 19:36 . 2009-05-22 11:33 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-09 13:22 . 2009-12-09 11:26 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-09 11:26 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-09 11:26 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-03 01:42 . 2009-10-03 07:26 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-26 22:35 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20 . 2009-12-08 22:54 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16 . 2009-12-08 22:53 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55 . 2009-12-08 22:53 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_14.39.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-26 09:40 . 2010-01-16 16:35 55674 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-16 16:35 72160 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-02-20 20:36 . 2010-01-16 16:35 16344 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1204229261-3270194858-436036643-1001_UserData.bin
+ 2007-02-25 00:25 . 2010-01-16 16:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-02-25 00:25 . 2010-01-15 14:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-02-25 00:25 . 2010-01-16 16:33 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-02-25 00:25 . 2010-01-15 14:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-25 00:25 . 2010-01-16 16:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-02-25 00:25 . 2010-01-15 14:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-15 14:21 . 2010-01-15 14:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-16 16:33 . 2010-01-16 16:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-15 14:21 . 2010-01-15 14:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-16 16:33 . 2010-01-16 16:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-01-16 16:38 595446 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-16 16:38 101144 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-20 2000120]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-17 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-17 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-26 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-12-22 11:29 67752 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2008-12-09 11:08 495616 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\aol\1171770383\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2006-09-28 13:42 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 15:44 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 02:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-15 16:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-08-20 19:08 2000120 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [12/26/2006 4:34 AM 202872]
R2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [6/30/2008 7:14 PM 1373480]
R3 dhdusb.NTx86;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\System32\drivers\bcmusbdhdlh.sys [8/29/2008 1:32 AM 241656]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [10/24/2006 7:40 AM 37008]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [5/22/2009 6:33 AM 722416]
S2 gupdate1ca63408bc83028;Google Update Service (gupdate1ca63408bc83028);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 9:33 PM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-12 02:33]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-12 02:33]

2010-01-02 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Debbie.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

2010-01-14 c:\windows\Tasks\Norton Security Scan for Kat.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Kat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\Kat\AppData\Roaming\Mozilla\Firefox\Profiles\unoq9o32.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=&locale=&q=
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\SceneCaster\Version 3.11.33\NPSceneCaster.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Kat\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Kat\AppData\Roaming\Mozilla\Firefox\Profiles\unoq9o32.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 11:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1204229261-3270194858-436036643-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-01-16 11:49:21
ComboFix-quarantined-files.txt 2010-01-16 16:49
ComboFix2.txt 2010-01-15 14:40

Pre-Run: 237,926,563,840 bytes free
Post-Run: 237,886,427,136 bytes free

- - End Of File - - D12E9AE62A1485DB02673F3D8B88EFB7

descriptionBeen infected with Antivirus Live, please help. EmptyRe: Been infected with Antivirus Live, please help.

more_horiz
Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

descriptionBeen infected with Antivirus Live, please help. EmptyRe: Been infected with Antivirus Live, please help.

more_horiz
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, January 16, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, January 16, 2010 17:50:42
Records in database: 3320222
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Objects scanned 258329
Threats found 1
Infected objects found 1
Suspicious objects found 0
Scan duration 03:01:27

File name Threat Threats count
C:\Users\Kat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5a5ef45b-549369a9 Infected: Trojan-Downloader.Java.OpenStream.af 1
Selected area has been scanned.

descriptionBeen infected with Antivirus Live, please help. EmptyRe: Been infected with Antivirus Live, please help.

more_horiz
Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

descriptionBeen infected with Antivirus Live, please help. EmptyRe: Been infected with Antivirus Live, please help.

more_horiz
Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 1 (UAC is disabled!)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton AntiVirus
Norton Internet Security (Symantec Corporation)
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 16
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

descriptionBeen infected with Antivirus Live, please help. EmptyRe: Been infected with Antivirus Live, please help.

more_horiz
Please consider updating to Windows Vista Service Pack 2 (SP2).
Windows Vista Service Pack 2 (SP2) contains all the updates released since SP1 plus support for new types of hardware and emerging hardware standards.
It is now available via Windows Update or as a standalone installation here.

==

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

  • Firefox may be downloaded from here: http://www.getfirefox.com
  • Opera is available here: http://www.opera.com/download/


Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

descriptionBeen infected with Antivirus Live, please help. EmptyRe: Been infected with Antivirus Live, please help.

more_horiz
No questions, just wanted to say thank you DragonMaster Jay for all your help, I will definitely update my system. Again thanks. ^__^

descriptionBeen infected with Antivirus Live, please help. EmptyRe: Been infected with Antivirus Live, please help.

more_horiz
You are welcome. Smile...

descriptionBeen infected with Antivirus Live, please help. EmptyRe: Been infected with Antivirus Live, please help.

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum