Laptop Infected

[bunafireman825]

Mother inlaw asking for my help with laptop that is infected here are the logs that are requested.

Also not able to connect to internet on computer after virus started showing (firefox The proxy server is refusing connections) this just started today.

(edit) I have gotten the proxy message taken care of now im getting server not found

Thanks Bunafireman825

[recovering disk space - old attachment deleted by admin]

[bunafireman825]

This laptop has windoes xp home Sp3

Here are the logs

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:11:13 AM, on 8/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2418376
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [FsVdUnReboot]

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8625 bytes


Malwarebytes' Anti-Malware 1.41
Database version: 3213
Windows 5.1.2600 Service Pack 3

8/10/2010 12:29:21 PM
mbam-log-2010-08-10 (12-29-21).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 206801
Time elapsed: 1 hour(s), 12 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/10/2010 at 03:10 PM

Application Version : 4.31.1000

Core Rules Database Version : 4040
Trace Rules Database Version: 1159

Scan type       : Quick Scan
Total Scan Time : 00:24:15

Memory items scanned      : 437
Memory threats detected   : 0
Registry items scanned    : 523
Registry threats detected : 0
File items scanned        : 14024
File threats detected     : 0


Please let me know if any other info is needed

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

***********************************************

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

**************************************
Your SAS and MBAM are outdated programs. Please uninstall them and download these new ones, run the scans and post the logs.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.

**************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

******************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[bunafireman825]

Thanks Super Dave

On Hijack this only:  O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)  there removed as said

here are the other log request (uninstalled and reinstalled new sas and mbam)

mbam
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4450

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/19/2010 9:05:45 PM
mbam-log-2010-08-19 (21-05-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 210643
Time elapsed: 49 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\user\Application Data\PriceGong (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\xgukxzrvux.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
C:\System Volume Information\_restore{D01D3D64-80D1-4B98-9AFC-4E4FF04A0356}\RP4\A0000169.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\1.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\a.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\b.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\c.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\d.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\e.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\f.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\g.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\h.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\i.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\J.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\k.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\l.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\m.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\mru.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\n.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\o.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\p.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\q.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\r.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\s.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\t.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\u.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\v.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\w.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\x.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\y.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\PriceGong\Data\z.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\xgukxzrvux.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msrun.exe (Trojan.Agent) -> Quarantined and deleted successfully.



sas
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/19/2010 at 06:24 PM

Application Version : 4.41.1000

Core Rules Database Version : 5384
Trace Rules Database Version: 3196

Scan type       : Complete Scan
Total Scan Time : 01:00:11

Memory items scanned      : 419
Memory threats detected   : 0
Registry items scanned    : 7410
Registry threats detected : 0
File items scanned        : 72805
File threats detected     : 330

Trojan.Agent/Gen-Exploit
   C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\UPDATE\SEUPD.EXE

Adware.Tracking Cookie
   bc.youporn.com [ C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\SE3AUYDQ ]
   cdn4.specificclick.net [ C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\SE3AUYDQ ]
   content.oddcast.com [ C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\SE3AUYDQ ]
   interclick.com [ C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\SE3AUYDQ ]
   macromedia.com [ C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\SE3AUYDQ ]
   media.mtvnservices.com [ C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\SE3AUYDQ ]
   media1.break.com [ C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\SE3AUYDQ ]
   naiadsystems.com [ C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\SE3AUYDQ ]
   pornotube.com [ C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\SE3AUYDQ ]
   static.youporn.com [ C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\SE3AUYDQ ]
   udn.specificclick.net [ C:\Documents and Settings\Doug\Application Data\Macromedia\Flash Player\#SharedObjects\SE3AUYDQ ]
   .youporn.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .youporn.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .youporn.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .youporn.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .youporngay.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .youporngay.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .youporngay.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .wachovia.112.2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   www.clickmanage.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   www.clickmanage.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .dmcontactmanagement.122.2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .the-*censored*.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .the-*censored*.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .dmtracker.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   pluckit.demandmedia.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   stat.onestat.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   stat.onestat.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .maxporn.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .maxporn.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .pornhub.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .pornhub.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .delivery.trafficjunky.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .delivery.trafficjunky.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .atdmt.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .atdmt.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .advertising.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .questionmarket.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .kontera.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .kontera.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .kontera.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .adbrite.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .adbrite.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .adbrite.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .adbrite.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .questionmarket.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   ads-dev.youporn.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .azjmp.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .azjmp.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   server.iad.liveperson.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .extenzeenhancement.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .extenzeenhancement.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   stat.onestat.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .msnportal.112.2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   user-activity-tracking.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   sales.liveperson.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   sales.liveperson.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .bizrate.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   www5.addfreestats.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   www.3dstats.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   *Blocked Russian URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .paypal.112.2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .stats.paypal.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   counter.top.dkd.lt [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   counter.top.dkd.lt [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   counter.top.chebra.lt [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   counter.top.chebra.lt [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .ewarezteam.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .ewarezteam.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   flagcounter.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .topwarez.spaceddl.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .topwarez.spaceddl.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .fuckovermyex.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .br.naked.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .br.naked.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   www.inthecrack.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .inthecrack.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .inthecrack.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .inthecrack.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   www.inthecrack.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   server.iad.liveperson.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   click.superpaysys.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   bridge2.admarketplace.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .admarketplace.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .enhance.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .enhance.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .nextag.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   link.mercent.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   server.iad.liveperson.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   server.iad.liveperson.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   *Blocked Russian URL* [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .travidia.112.2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .s.clickability.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .s.clickability.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   findit.hcnonline.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .findit.hcnonline.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .findit.hcnonline.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .overture.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .overture.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .draftfcb.112.2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .traffic-sales-profits.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .traffic-sales-profits.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .associatedcontent.112.2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .traveladvertising.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .traveladvertising.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   www.linktrack66.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   www8.addfreestats.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .xiti.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .oddcast.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   web4.realtracker.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   server.iad.liveperson.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   sales.liveperson.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   uporn.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   uporn.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .gostats.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   ad.zanox.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .real-sexlife.blogspot.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .real-sexlife.blogspot.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .sextipsfree.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .sextipsfree.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   caloriecount.about.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   caloriecount.about.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .caloriecount.about.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .caloriecount.about.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   caloriecount.about.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .aff.primaryads.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .aff.primaryads.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .aff.primaryads.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .aff.primaryads.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .aff.primaryads.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .2o7.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   sales.liveperson.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .sex-superstore.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .sex-superstore.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .sex-superstore.com [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   sales.liveperson.net [ C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\xonq20un.default\cookies.sqlite ]
   cdn4.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\QQ8P7VMH ]
   media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\QQ8P7VMH ]
   media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\QQ8P7VMH ]
   media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\QQ8P7VMH ]
   objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\QQ8P7VMH ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\QQ8P7VMH ]
   C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adbrite[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adecn[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adjuggler[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adtechus[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adtech[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertising[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@apmebf[3].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@atdmt[4].txt
   C:\Documents and Settings\NetworkService\Cookies\system@bannertgt[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[3].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@burstnet[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@burstnet[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@collective-media[3].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][6].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][7].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@enhance[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@mediadakine[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[3].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@pointroll[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt
   C:\Documents and Settings\NetworkService\Cookies\system@pointroll[5].txt
   C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@ru4[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@smartadx[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@specificclick[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@tacoda[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@tacoda[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@zedo[3].txt



 Security check
Results of screen317's Security Check version 0.99.5 
 Windows XP Service Pack 3 
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 avast! Antivirus     
 avast! successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 HijackThis 2.0.2   
 CCleaner     
 Java(TM) 6 Update 21 
 Adobe Flash Player 10.1.53.64 
Adobe Reader 9.1
Out of date Adobe Reader installed!
 Mozilla Firefox (3.6.
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Windows Defender MSMpEng.exe
 Windows Defender MsMpEng.exe   
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

(edit: this laptops uses verizon broadband card to use internet we are able to connect now but have use network connections Under DIAL UP Broadband then we can connect verizon uses software to connect but that software will not detect device we have uninstalled and reinstalled still nothing)

Thanks for all your help Bunafireman825

[SuperDave]

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
**************************************************
Download ComboFix by sUBs from one of the below links. 

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.
 
Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

[bunafireman825]

I have updated adobe reader and uninstalled all older versions. I ran combo fix but I had to do a system restore after to be able to connect to the internet Here is the log.

ComboFix 10-09-04.05 - user 09/04/2010  21:43:09.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1495 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100904-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Doug\Desktop\[Torrentsworld.net] - Expert Guide to the G-Spot By [ibrahimsaas@yahoo com].torrent
c:\documents and settings\Doug\Desktop\[Torrentsworld.net] - Expert Guide to the G-Spot By [ibrahimsaas@yahoo com].torrent
c:\documents and settings\Doug\Desktop\[Torrentsworld.net] - Expert Guide To The G Spot 2 XXX DVDRiP XviD.torrent
c:\documents and settings\Doug\Desktop\[Torrentsworld.net] - Expert Guide To The G Spot 2 XXX DVDRiP XviD.torrent
c:\program files\Mozilla Firefox\searchplugins\google_search.xml

Infected copy of c:\windows\system32\drivers\WudfPf.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_ndisrd


(((((((((((((((((((((((((   Files Created from 2010-08-05 to 2010-09-05  )))))))))))))))))))))))))))))))
.

2010-09-05 02:31 . 2010-09-05 02:32   --------   d-----w-   c:\program files\Common Files\Adobe
2010-08-20 04:05 . 2007-04-09 14:56   21248   ----a-w-   c:\windows\system32\drivers\lgusbdiag.sys
2010-08-20 04:05 . 2007-04-09 14:55   22912   ----a-w-   c:\windows\system32\drivers\lgusbmodem.sys
2010-08-20 04:05 . 2007-04-09 14:53   12672   ----a-w-   c:\windows\system32\drivers\lgusbbus.sys
2010-08-20 04:05 . 2010-08-20 04:05   --------   d-----w-   c:\program files\LG Electronics
2010-08-20 03:12 . 2010-08-20 03:13   --------   d-----w-   c:\program files\V CAST Music with Rhapsody
2010-08-20 01:10 . 2010-04-29 20:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 01:10 . 2010-04-29 20:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-08-20 01:10 . 2010-08-20 01:10   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-08-19 22:43 . 2010-08-19 22:43   --------   d-----w-   c:\program files\LAVAROULETTE
2010-08-13 23:52 . 2010-08-13 23:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\IObit
2010-08-13 23:52 . 2010-08-13 23:52   --------   d-----w-   c:\program files\IObit
2010-08-13 23:51 . 2010-08-13 23:51   --------   d-----w-   c:\program files\VS Revo Group
2010-08-13 23:44 . 2010-08-13 23:44   --------   d-----w-   c:\documents and settings\user\Application Data\IObit
2010-08-13 22:34 . 2010-08-28 03:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-13 22:23 . 2010-08-13 22:23   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-12 00:57 . 2010-08-12 00:57   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Verizon Wireless
2010-08-12 00:57 . 2010-08-12 00:57   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2010-08-12 00:56 . 2010-08-12 01:13   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-08-12 00:56 . 2010-08-12 01:13   --------   d-----w-   c:\documents and settings\Administrator
2010-08-12 00:45 . 2010-08-12 01:16   --------   d-----w-   c:\program files\Verizon Wireless
2010-08-10 21:07 . 2010-08-10 21:07   --------   d-----w-   c:\documents and settings\user\Local Settings\Application Data\Help
2010-08-09 00:13 . 2010-08-09 00:13   --------   d-----w-   c:\documents and settings\user\Application Data\Smith Micro
2010-08-08 21:52 . 2008-04-13 17:40   34688   -c--a-w-   c:\windows\system32\dllcache\lbrtfdc.sys
2010-08-08 21:52 . 2008-04-13 17:40   34688   ----a-w-   c:\windows\system32\drivers\lbrtfdc.sys
2010-08-08 21:50 . 2008-04-13 17:41   8576   -c--a-w-   c:\windows\system32\dllcache\i2omgmt.sys
2010-08-08 21:50 . 2008-04-13 17:41   8576   ----a-w-   c:\windows\system32\drivers\i2omgmt.sys
2010-08-08 21:48 . 2008-04-13 17:40   8192   -c--a-w-   c:\windows\system32\dllcache\changer.sys
2010-08-08 21:42 . 2010-08-11 12:53   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\vwxkmxack
2010-08-08 21:42 . 2010-08-08 21:42   20480   ----a-w-   c:\windows\system32\drivers\ndisrd.sys
2010-08-08 21:42 . 2010-08-20 01:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\Update

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 14:24 . 2010-07-23 04:31   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-08-20 04:05 . 2007-09-01 18:06   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-08-19 22:20 . 2010-08-19 22:20   63488   ----a-w-   c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-19 22:20 . 2010-08-19 22:20   52224   ----a-w-   c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-19 22:20 . 2010-08-19 22:20   117760   ----a-w-   c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-19 22:17 . 2009-08-07 04:17   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-19 22:17 . 2009-10-25 18:16   --------   d-----w-   c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2010-08-12 01:16 . 2010-08-12 01:16   --------   d-----w-   c:\documents and settings\Administrator\Application Data\InstallShield
2010-08-12 01:16 . 2010-04-08 19:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Verizon Wireless
2010-08-12 01:16 . 2010-08-12 01:16   --------   d-----w-   c:\program files\Novatel Wireless
2010-08-12 01:16 . 2009-08-07 01:04   --------   d-----w-   c:\program files\Common Files\eSellerate
2010-08-12 01:16 . 2009-07-28 02:43   --------   d-----w-   c:\documents and settings\Doug\Application Data\Memeo
2010-08-12 01:16 . 2009-07-14 04:40   --------   d-----w-   c:\program files\SpeedFan
2010-08-12 01:16 . 2007-09-26 00:49   --------   d-----w-   c:\program files\LimeWire
2010-08-12 01:16 . 2010-08-12 01:16   --------   d-----w-   c:\program files\Trend Micro
2010-08-12 01:14 . 2010-07-04 17:18   --------   d-----w-   c:\program files\Common Files\Apple
2010-08-12 00:45 . 2010-08-12 00:45   25214   ----a-r-   c:\documents and settings\user\Application Data\Microsoft\Installer\{629CCE02-041D-4577-892C-577861181771}\Start.exe_B50352861C9E40AB92092A8E9DE06306.exe
2010-08-12 00:45 . 2010-08-12 00:45   25214   ----a-r-   c:\documents and settings\user\Application Data\Microsoft\Installer\{629CCE02-041D-4577-892C-577861181771}\DesktopShortcut_B50352861C9E40AB92092A8E9DE06306.exe
2010-08-12 00:45 . 2010-08-12 00:45   25214   ----a-r-   c:\documents and settings\user\Application Data\Microsoft\Installer\{629CCE02-041D-4577-892C-577861181771}\ARPPRODUCTICON.exe
2010-08-12 00:14 . 2007-09-01 18:13   --------   d-----w-   c:\program files\Compal
2010-08-11 15:09 . 2010-08-11 15:09   388096   ----a-r-   c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-09 01:39 . 2010-05-26 02:21   --------   d-----w-   c:\program files\Carbonite
2010-08-09 01:36 . 2007-09-01 19:37   --------   d-----w-   c:\program files\CyberLink
2010-08-05 00:32 . 2010-07-13 21:49   452104   ----a-w-   c:\documents and settings\user\Application Data\Real\Update\setup3.12\setup.exe
2010-08-03 16:56 . 2010-08-03 16:56   --------   d-----w-   c:\program files\Common Files\Java
2010-08-03 16:55 . 2007-09-26 00:51   --------   d-----w-   c:\program files\Java
2010-07-19 01:51 . 2010-07-19 01:51   --------   d-----w-   c:\documents and settings\LocalService\Application Data\McAfee
2010-07-17 10:00 . 2010-05-26 02:20   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-15 15:41 . 2008-12-25 04:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2010-07-11 20:24 . 2010-07-11 20:24   --------   d-----w-   c:\program files\Google
2010-07-11 20:21 . 2010-07-04 17:25   --------   d-----w-   c:\documents and settings\user\Application Data\Apple Computer
2010-07-08 05:19 . 2010-03-25 22:52   --------   d-----w-   c:\documents and settings\user\Application Data\FrostWire
2010-07-01 17:38 . 2010-04-30 23:28   439816   ----a-w-   c:\documents and settings\user\Application Data\Real\Update\setup3.10\setup.exe
2010-06-14 14:31 . 2007-09-01 15:39   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-01-12 22:17 . 2010-01-12 22:17   5120   --sha-w-   c:\program files\Thumbs.db
2009-06-11 02:52 . 2009-06-11 02:52   288280   ----a-w-   c:\program files\100_1487 (1204 x 903).jpg
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
backup=c:\windows\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04   35760   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2009-11-24 23:51   81000   ----a-w-   c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 00:03   152872   ----a-w-   c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2002-03-19 22:30   45632   ----a-w-   c:\windows\system32\TaskSwitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataMngr]
2010-03-28 16:16   797112   ----a-w-   c:\progra~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-08-08 02:18   159744   ----a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-08-08 02:18   135168   ----a-w-   c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
2010-06-11 23:14   1280344   ----a-w-   c:\program files\IObit\IObit Security 360\is360tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-08-09 11:03   221184   -c--a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 20:39   1090952   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57   153136   ----a-w-   c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-08-08 02:17   131072   ----a-w-   c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-05-10 23:08   16342528   ----a-w-   c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44   248552   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50   2403568   ----a-w-   c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-07-22 21:21   185896   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VF0060 STISvc]
2004-11-01 14:00   36864   ----a-w-   c:\windows\system32\V0060Pin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20   866584   ----a-w-   c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WLSS]
2007-04-23 23:55   190000   -c--a-w-   c:\program files\Compal\Wireless Select Switch\WLSS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [9/1/2007 1:14 PM 9856]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/8/2009 8:14 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/8/2009 8:14 PM 20560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [9/1/2007 1:56 PM 32256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/19/2010 8:10 PM 38224]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/18/2009 12:13 PM 20480]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 3:43 PM 32408]
S4 AmplusnetPrivacyTools;AmplusnetPrivacyTools;c:\windows\system32\AmplusnetPrivacyTools.exe --> c:\windows\system32\AmplusnetPrivacyTools.exe [?]
S4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [8/13/2010 6:52 PM 312152]
.
Contents of the 'Scheduled Tasks' folder

2010-09-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\vrbd1np0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101046100&s=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101046100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-AOL Fast Start - c:\program files\AOL 9.1\AOL.EXE
MSConfigStartUp-CarboniteSetupLite - c:\program files\Carbonite\CarbonitePreinstaller.exe
MSConfigStartUp-Creative WebCam Tray - c:\program files\Creative\Shared Files\CamTray.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1188684094\ee\AOLSoftware.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Memeo AutoBackup - c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
MSConfigStartUp-Memeo AutoSync - c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-Power2GoExpress - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-SMSERIAL - c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-T-Mobile Connection Manager - c:\program files\T-Mobile\Connection Manager\TMobileCM.exe
MSConfigStartUp-T-Mobile webConnect Manager - c:\program files\T-Mobile\webConnect Manager\TMobileCM.exe
MSConfigStartUp-Ultimate Defender - c:\program files\Ultimate Defender\UltimateDefender.exe
MSConfigStartUp-Wow Video&Audio - c:\program files\Compal\Wow Video&Audio\WVAMain.exe
MSConfigStartUp-xgukxzrvux - c:\xgukxzrvux.exe\xgukxzrvux.exe
AddRemove-HijackThis - f:\doug (e)\Program Files\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 21:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(832)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2010-09-04  22:03:19 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-05 03:03
ComboFix2.txt  2009-08-07 03:56

Pre-Run: 124,912,529,408 bytes free
Post-Run: 129,888,174,080 bytes free

- - End Of File - - 6956B16009BF0D4B7A657D10C1F528E1

[SuperDave]

P2P - I see you have P2P software installed on your machine (LimeWire). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
******************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

*******************************************
* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

[bunafireman825]

Limewire was uninstalled previous to asking for help by inlaws, as far as i know no other p2p software on this computer. Ran root repeal here is the log.


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/09/06 00:27
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0x9CA46000   Size: 143744   File Visible: -   Signed: -
Status: Hidden from the Windows API!

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7A51000   Size: 1664   File Visible: No   Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000   Size: 574976   File Visible: -   Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9DC6D000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0x9FC92000   Size: 361600   File Visible: -   Signed: -
Status: Hidden from the Windows API!

SSDT
-------------------
#: 025   Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0x9d606cd2

#: 041   Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0x9d606b8e

#: 063   Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0x9d607142

#: 065   Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0x9d60706c

#: 068   Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0x9d606764

#: 119   Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0x9d606c68

#: 122   Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0x9d6066a4

#: 128   Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0x9d606708

#: 177   Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0x9d606d88

#: 192   Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0x9d607210

#: 204   Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0x9d606d48

#: 247   Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0x9d606ec8

==EOF==

[SuperDave]

Limewire was uninstalled previous to asking for help by inlaws

Sorry but it's still showing up in the ComboFix log. Look for it in Control panel, Add/Remove programs. If you can't find it there, try this:

Delete An Uninstall Entry

•Start HijackThis

•Click on the Open the Misc Tools section

•Click on the Open Uninstall Manager button.

•Highlight the entry you want to remove. (LimeWire)
•Click Delete this entry
************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[bunafireman825]

Could not find limewire using highjack this here are the logs for eset

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\2ce4f5cf-789fcfd2   multiple threats   deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\70761e4f-2ed9d2a0   multiple threats   deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-28150ea6   multiple threats   deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\34db286c-27cd216d   multiple threats   deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\1f240c7a-4a064f94   multiple threats   deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\6acfc7ba-4825e85d   multiple threats   deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\gsdsqwgx.ini.vir   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\ikekpdgj.ini.vir   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\juxsukkk.ini.vir   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\ppqss.ini.vir   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\ppqss.ini2.vir   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\xaomvdqq.ini.vir   Win32/Adware.Virtumonde.NEO application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\WudfPf.sys.vir   Win32/Olmarik.ZC trojan   cleaned - quarantined
C:\RECYCLER\S-1-5-21-1801674531-308236825-725345543-1004\Dc11.exe   multiple threats   deleted - quarantined
C:\RECYCLER\S-1-5-21-1801674531-308236825-725345543-1004\Dc7.exe   multiple threats   deleted - quarantined
C:\System Volume Information\_restore{D01D3D64-80D1-4B98-9AFC-4E4FF04A0356}\RP22\A0007935.exe   multiple threats   deleted - quarantined
C:\System Volume Information\_restore{D01D3D64-80D1-4B98-9AFC-4E4FF04A0356}\RP22\A0007936.exe   multiple threats   deleted - quarantined
C:\System Volume Information\_restore{D01D3D64-80D1-4B98-9AFC-4E4FF04A0356}\RP7\A0005901.sys   Win32/Olmarik.ZC trojan   cleaned - quarantined


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=84aaec2f50bdc64ebaef48dcb7623f7d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-06 11:06:51
# local_time=2010-09-06 06:06:51 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1313542 1313542 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=84211
# found=18
# cleaned=18
# scan_time=3494
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\2ce4f5cf-789fcfd2   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\70761e4f-2ed9d2a0   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-28150ea6   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\34db286c-27cd216d   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\1f240c7a-4a064f94   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\6acfc7ba-4825e85d   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\gsdsqwgx.ini.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ikekpdgj.ini.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\juxsukkk.ini.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ppqss.ini.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ppqss.ini2.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\xaomvdqq.ini.vir   Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\WudfPf.sys.vir   Win32/Olmarik.ZC trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\RECYCLER\S-1-5-21-1801674531-308236825-725345543-1004\Dc11.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\RECYCLER\S-1-5-21-1801674531-308236825-725345543-1004\Dc7.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{D01D3D64-80D1-4B98-9AFC-4E4FF04A0356}\RP22\A0007935.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{D01D3D64-80D1-4B98-9AFC-4E4FF04A0356}\RP22\A0007936.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{D01D3D64-80D1-4B98-9AFC-4E4FF04A0356}\RP7\A0005901.sys   Win32/Olmarik.ZC trojan (cleaned - quarantined)   00000000000000000000000000000000   C

[SuperDave]

Ok. If there are no other issues, it's time for some cleanup.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

********************************

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

***********************************

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[bunafireman825]

Thanks for all your help superdave, but we are still having some problems. First on boot up or restart desktop will appear with all icons(working icons) but cannot access start menu for about 5 to 10 min(windows start-up sound will then play and then able access). Also getting a few popups when browsing the net all of which WOT gives bad ratings. Thanks again bunafireman825

[SuperDave]

Please update and run SAS and MBAM again and post the logs.

[bunafireman825]

Mother in law has asked for help again with this computer refresher laptop running windows xp sp3.  i am not able to do anything other than boot up this machine. Boot up takes a long time to do and once it has start-up menu works but all programs have the OPEN WITH box pop up.   I'm not sure what to do with this i cannot run any virus/malware software or get online.  Note: folders will open but like music in folder box will pop up (WINDOWS) cannot support this file.

also is there a way to take computer back to factory setting without disk (do not have)
Does have system recovery console

Thanks Bunafireman825

[SuperDave]

Please start  a new thread and someone will help you with this problem.

also is there a way to take computer back to factory setting without disk (do not have)
Does have system recovery console

Recovery Console will take you back to when the computer was originally purchased.