Trojan.Vundo and more

[dawnreb]

Hello guys!  Thanks for doing what you do.  I accidently downloaded a trojan earlier in the week when I got what I now assume was a fake message from AVG.  I ended up with some mess called XP Restorer that said my HD was bad, etc and wanted me to buy a fixer software.  My computer shut down everytime I ran AVG so I saved a free microsoft virus scan to a flash drive and after a couple of tries was able to run that.  It found 2 files of win32/FakeSysdat.  After going through several others sites I found you guys.  I went through all of the Malware Steps and will paste in the logs.  Everything on my computer seems to be intact, but from my start menu my program files say they are empty.  If I go to my documents and open a file it opens w/o a problem.  Also my computer seems to freeze shortly after start up.  I have to manually restart it a few times b/4 I can get to it load all of the way.  Any help you can give to solve these lingering problems would be greatly appreciated.

Rebecca     

[dawnreb]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:42:48 PM, on 5/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Online Armor\OAcat.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Online Armor\OAhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\Sniper.exe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080626
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080626
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\Laplink\PCmover\CookieMerge.exe" "C:\Documents and Settings\LocalService\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca25d2787f1ffc) (gupdate1ca25d2787f1ffc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 15152 bytes

[dawnreb]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6612

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/18/2011 9:03:47 PM
mbam-log-2011-05-18 (21-03-47).txt

Scan type: Quick scan
Objects scanned: 169334
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 3
Registry Data Items Infected: 6
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\rebecca woods\application data\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\rebecca woods\application data\funwebproducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\rebecca woods\application data\funwebproducts\Data\rebecca woods (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\rebecca woods\application data\funwebproducts\Data\rebecca woods\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

[dawnreb]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/18/2011 at 08:09 PM

Application Version : 4.52.1000

Core Rules Database Version : 7084
Trace Rules Database Version: 4896

Scan type       : Complete Scan
Total Scan Time : 03:19:00

Memory items scanned      : 693
Memory threats detected   : 2
Registry items scanned    : 9378
Registry threats detected : 176
File items scanned        : 128272
File threats detected     : 49

Disabled.TaskManager
   HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System#DisableTaskMgr
   HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
   HKU\S-1-5-21-109568239-1760306711-3351161423-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR

Adware.MyWebSearch
   C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOESTB.DLL
   C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOESTB.DLL
   C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
   C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE
   [MyWebSearch bar Uninstall] C:\PROGRA~1\UNINST~1.DLL
   C:\PROGRA~1\UNINST~1.DLL
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-21-109568239-1760306711-3351161423-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKU\S-1-5-21-109568239-1760306711-3351161423-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
   HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
   HKU\S-1-5-21-109568239-1760306711-3351161423-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-21-109568239-1760306711-3351161423-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
   C:\PROGRAM FILES\UNINSTALL FUN WEB PRODUCTS.DLL

Adware.ShopAtHomeSelect
   HKU\S-1-5-21-109568239-1760306711-3351161423-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
   HKCR\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}

Adware.Tracking Cookie
   C:\Documents and Settings\Rebecca Woods\Cookies\[email protected][2].txt
   C:\Documents and Settings\Rebecca Woods\Cookies\[email protected][1].txt
   C:\Documents and Settings\Rebecca Woods\Cookies\rebecca_woods@mediaplex[2].txt
   C:\Documents and Settings\Rebecca Woods\Cookies\rebecca_woods@apmebf[1].txt
   C:\Documents and Settings\LocalService\Local Settings\Application Data\Laplink\PCmover\Cookies\system@mywebsearch[2].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\rebecca_s_woods@adinterax[2].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\[email protected][1].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\[email protected][1].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\[email protected][1].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\[email protected][2].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\[email protected][1].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\[email protected][1].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\rebecca_s_woods@insightexpressai[1].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\rebecca_s_woods@partner2profit[1].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\[email protected][1].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\[email protected][1].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\rebecca_s_woods@specificclick[2].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\[email protected][1].txt
   C:\Documents and Settings\Rebecca Woods\Local Settings\Application Data\Laplink\PCmover\Cookies\[email protected][3].txt

Adware.MyWebSearch/FunWebProducts
   HKU\S-1-5-21-109568239-1760306711-3351161423-1009\SOFTWARE\Fun Web Products
   HKLM\SOFTWARE\Fun Web Products
   HKLM\SOFTWARE\Fun Web Products#CacheDir
   HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
   HKLM\SOFTWARE\Fun Web Products\MSNMessenger
   HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
   HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
   HKLM\SOFTWARE\Fun Web Products\ScreenSaver
   HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
   HKLM\SOFTWARE\Fun Web Products\ScreenSaver#PM
   HKLM\SOFTWARE\Fun Web Products\Settings
   HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
   HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#ETag
   HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#ETag
   HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
   HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#iexplore.exe.pos
   HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn
   HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#LastHTMLMenuURL
   HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#HTMLMenuRevision
   HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#ETag
   HKU\S-1-5-21-109568239-1760306711-3351161423-1009\SOFTWARE\FunWebProducts
   HKLM\SOFTWARE\FunWebProducts
   HKLM\SOFTWARE\FunWebProducts\Installer
   HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir
   HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
   HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
   HKLM\SOFTWARE\FunWebProducts\Installer#Dir
   HKLM\SOFTWARE\FunWebProducts\Installer#pl
   HKLM\SOFTWARE\FunWebProducts\Installer#sr
   HKLM\SOFTWARE\FunWebProducts\Installer\downloaded
   HKU\.DEFAULT\SOFTWARE\MyWebSearch
   HKU\S-1-5-21-109568239-1760306711-3351161423-1009\SOFTWARE\MyWebSearch
   HKU\S-1-5-18\SOFTWARE\MyWebSearch
   HKLM\SOFTWARE\MyWebSearch
   HKLM\SOFTWARE\MyWebSearch\bar
   HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
   HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
   HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
   HKLM\SOFTWARE\MyWebSearch\bar#Dir
   HKLM\SOFTWARE\MyWebSearch\bar#Flags
   HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
   HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
   HKLM\SOFTWARE\MyWebSearch\bar#Id
   HKLM\SOFTWARE\MyWebSearch\bar#pid
   HKLM\SOFTWARE\MyWebSearch\bar#pl
   HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
   HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
   HKLM\SOFTWARE\MyWebSearch\bar#sr
   HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
   HKLM\SOFTWARE\MyWebSearch\bar#sscURL
   HKLM\SOFTWARE\MyWebSearch\bar#tiec
   HKLM\SOFTWARE\MyWebSearch\bar#UseFWB
   HKLM\SOFTWARE\MyWebSearch\bar#UninstallString
   HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath
   HKLM\SOFTWARE\MyWebSearch\bar#ConfigCustomButtons
   HKLM\SOFTWARE\MyWebSearch\bar#AutocompleteURL
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#eintl
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fs
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sscEnabled
   HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ie8h
   HKLM\SOFTWARE\MyWebSearch\SkinTools
   HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
   HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
   HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
   HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
   HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
   HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
   HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
   HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
   HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
   HKLM\Software\FocusInteractive
   HKLM\Software\FocusInteractive\bar
   HKLM\Software\FocusInteractive\bar\Switches
   HKLM\Software\FocusInteractive\bar\Switches#aim.exe
   HKLM\Software\FocusInteractive\bar\Switches#au
   HKLM\Software\FocusInteractive\bar\Switches#icq.exe
   HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
   HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
   HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
   HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
   HKLM\Software\FocusInteractive\bar\Switches#msn.exe
   HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
   HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
   HKLM\Software\FocusInteractive\bar\Switches#nd
   HKLM\Software\FocusInteractive\bar\Switches#nk
   HKLM\Software\FocusInteractive\bar\Switches#od
   HKLM\Software\FocusInteractive\bar\Switches#ok
   HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
   HKLM\Software\FocusInteractive\bar\Switches#waol.exe
   HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
   HKLM\Software\FocusInteractive\bar\Switches#ua
   HKLM\Software\FocusInteractive\bar\Switches#ps
   HKLM\Software\FocusInteractive\Email-IM
   HKLM\Software\FocusInteractive\Email-IM\0
   HKLM\Software\FocusInteractive\Email-IM\0#AppName
   HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
   HKLM\Software\FocusInteractive\Outlook
   C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
   C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
   C:\Program Files\MyWebSearch\bar\2.bin
   C:\Program Files\MyWebSearch\bar\History\search2
   C:\Program Files\MyWebSearch\bar\History\search3
   C:\Program Files\MyWebSearch\bar\History
   C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
   C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
   C:\Program Files\MyWebSearch\bar\Settings\settings.dat
   C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
   C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
   C:\Program Files\MyWebSearch\bar\Settings
   C:\Program Files\MyWebSearch\bar
   C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
   C:\Program Files\MyWebSearch\SrchAstt\1.bin
   C:\Program Files\MyWebSearch\SrchAstt
   C:\Program Files\MyWebSearch
   C:\Program Files\FunWebProducts\ScreenSaver\Images\14F4E7F4.urr
   C:\Program Files\FunWebProducts\ScreenSaver\Images
   C:\Program Files\FunWebProducts\ScreenSaver
   C:\Program Files\FunWebProducts\Shared
   C:\Program Files\FunWebProducts

Adware.SelectRebates
   C:\Program Files\SELECTREBATES\SelectRebatesUninstall.exe
   C:\Program Files\SELECTREBATES

Adware.CouponBar
   C:\WINDOWS\CPNPRT2.CID

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

*****************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

[dawnreb]

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Rebecca Woods at 7:16:04 on 2011-05-21
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1115 [GMT -5:00]
.
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Online Armor\OAui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rebecca Woods\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080626
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [hpqSRMon]
mRun: [eBook Library Launcher] c:\program files\sony\reader\data\bin\launcher\eBook Library Launcher.exe
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [StartUp This] "c:\program files\laplink\pcmover\LaunchSt.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\google\go333c~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - No File
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-12-21 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-12-21 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-12-21 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-12-21 243152]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-5-18 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-5-18 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-5-18 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2011-5-18 29464]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-12-21 308136]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-12-29 10448]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-5-18 381512]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-5-18 4326472]
S2 gupdate1ca25d2787f1ffc;Google Update Service (gupdate1ca25d2787f1ffc);c:\program files\google\update\GoogleUpdate.exe [2009-8-25 133104]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2009-2-12 401920]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2011-5-9 947528]
S3 cpuz134;cpuz134;\??\c:\docume~1\rebecc~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\rebecc~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-3-2 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-25 133104]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2005-8-3 4736]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2005-8-3 8960]
.
=============== Created Last 30 ================
.
2011-05-21 12:06:10   388096   ----a-r-   c:\documents and settings\rebecca woods\application

data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-19 19:38:30   --------   d-----w-   c:\program files\Trend Micro
2011-05-19 19:34:33   1402880   ----a-w-   c:\program files\HiJackThis.msi
2011-05-19 01:55:05   --------   d-----w-   c:\documents and settings\rebecca woods\application data\Malwarebytes
2011-05-19 01:54:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-19 01:54:53   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-05-19 01:54:47   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-19 01:54:43   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-05-18 22:45:05   --------   d-----w-   c:\documents and settings\rebecca woods\application data\SUPERAntiSpyware.com
2011-05-18 22:45:05   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-18 22:44:42   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-05-18 22:14:45   --------   d-----w-   c:\program files\CCleaner
2011-05-18 22:12:50   3063136   ----a-w-   C:\ccsetup306.exe
2011-05-18 18:27:00   --------   d-----w-   c:\documents and settings\rebecca woods\application data\OnlineArmor
2011-05-18 18:27:00   --------   d-----w-   c:\documents and settings\all users\application data\OnlineArmor
2011-05-18 18:26:13   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-05-18 18:26:13   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-05-18 18:26:13   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-05-18 18:26:13   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-05-18 18:26:09   --------   d-----w-   c:\program files\Online Armor
2011-05-18 14:16:52   --------   d-----w-   c:\documents and settings\all users\application data\iolo
2011-05-17 21:01:27   --------   d--h--w-   c:\windows\system32\GroupPolicy
2011-05-17 20:31:14   222080   ------w-   c:\windows\system32\MpSigStub.exe
.
==================== Find3M  ====================
.
2011-05-06 14:15:42   243152   ---ha-w-   c:\windows\system32\drivers\avgtdix.sys
2011-04-14 10:07:59   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-04-14 07:40:22   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-03-07 05:33:50   692736   ---ha-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06   420864   ---ha-w-   c:\windows\system32\vbscript.dll
2011-03-03 14:47:34   398760   ---ha-r-   c:\windows\system32\cpnprt2.cid
2011-03-03 13:21:11   1857920   ---ha-w-   c:\windows\system32\win32k.sys
2011-02-23 22:23:41   1409   ----a-w-   c:\windows\QTFont.for
2011-02-22 23:06:29   916480   ---ha-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06:29   43520   ---ha-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29   1469440   ---ha-w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59   385024   ---ha-w-   c:\windows\system32\html.iec
.
============= FINISH:  7:18:25.65 ===============

[dawnreb]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/5/2008 5:34:06 PM
System Uptime: 5/20/2011 8:46:09 AM (23 hours ago)
.
Motherboard: Dell Inc. |  | 0NX907
Processor: Intel(R) Core(TM)2 Duo CPU     T5270  @ 1.40GHz |

Microprocessor | 1396/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 99.631 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1188: 5/17/2011 5:44:08 PM - System Checkpoint
RP1189: 5/17/2011 5:45:13 PM - Software Distribution Service 3.0
RP1190: 5/18/2011 8:17:28 AM - Restore Operation
RP1191: 5/18/2011 12:38:11 PM - Software Distribution Service 3.0
RP1192: 5/18/2011 1:26:24 PM - Online Armor installation
RP1193: 5/18/2011 2:44:49 PM - Software Distribution Service 3.0
RP1194: 5/18/2011 9:36:14 PM - Installed Java(TM) 6 Update 25
RP1195: 5/18/2011 9:41:13 PM - Installed HiJackThis
RP1196: 5/18/2011 9:46:46 PM - Software Distribution Service 3.0
RP1197: 5/19/2011 2:32:52 PM - Removed HiJackThis
RP1198: 5/19/2011 2:38:29 PM - Installed HiJackThis
RP1199: 5/20/2011 8:05:59 AM - Software Distribution Service 3.0
RP1200: 5/20/2011 8:09:35 AM - Software Distribution Service 3.0
RP1201: 5/20/2011 8:13:02 AM - Software Distribution Service 3.0
RP1202: 5/20/2011 8:17:38 AM - Software Distribution Service 3.0
RP1203: 5/20/2011 8:20:55 AM - Software Distribution Service 3.0
RP1204: 5/20/2011 8:24:38 AM - Software Distribution Service 3.0
RP1205: 5/20/2011 8:27:59 AM - Software Distribution Service 3.0
RP1206: 5/20/2011 8:31:48 AM - Software Distribution Service 3.0
RP1207: 5/20/2011 8:36:28 AM - Software Distribution Service 3.0
RP1208: 1/1/1601 - Software Distribution Service 3.0
RP1209: 5/20/2011 8:45:24 AM - Software Distribution Service 3.0
RP1210: 5/20/2011 8:49:31 AM - Software Distribution Service 3.0
RP1211: 5/20/2011 10:27:06 AM - Removed Java(TM) 6 Update 7
RP1212: 5/20/2011 10:29:21 AM - Removed Java(TM) 6 Update 5
RP1213: 5/21/2011 6:56:58 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
4500_Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.2
Adobe Shockwave Player 11
AGEIA PhysX v7.07.09
Amazon Games & Software Downloader
Amazon Kindle
Amazon MP3 Downloader 1.0.5
Amazon Unbox Video
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOLIcon
ATI Catalyst Control Center
ATI Display Driver
AVG 9.0
bpd_scan
BPDSoftware
BPDSoftware_Ini
Broadcom Management Programs
Browser Address Error Redirector
BufferChm
Business Contact Manager for Outlook 2007 SP2
CCleaner
Cisco Network Magic
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Conexant HDA D330 MDC V.92 Modem
Coupon Printer for Windows
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Critical Update for Windows Media Player 11 (KB959772)
Dell Automated PC TuneUp
Dell Digital Jukebox Driver
Dell Network Assistant
Dell Support 3.2
Dell Support Center (Support Software)
Dell System Restore
Dell Touchpad
Dell Wireless WLAN Card
Digital Content Portal
Digital Line Detect
DocMgr
DocProc
DocProcQFolder
Documentation & Support Launcher
eBook Library by Sony
ELIcon
eReader
eReg
ESPNMotion
Final Media Player 2010
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
GoToMeeting 4.5.0.457
GPBaseService
GPBaseService2
HGTV Home & Interior Painter
HGTV Home & Landscape Platinum Suite
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Manager 1.0
HP Driver Diagnostics
HP Officejet J4500 Series
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
ItsDeductible Express
J2SE Runtime Environment 5.0 Update 6
J4500
Java Auto Updater
Java(TM) 6 Update 25
LiveUpdate 2.6 (Symantec Corporation)
Logitech SetPoint 6.20
LogMeIn Hamachi
Malwarebytes' Anti-Malware
MarketResearch
MCU
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 98
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86

9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Mobipocket Reader 6.2
Modem Diagnostic Tool
Modem Helper
MS Word to Excel Import, Export & Convert Software 7.0
MSN
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
NetLibrary Media Center
NetWaiting
Network Magic
NOOK for PC
OCR Software by I.R.I.S. 10.0
Online Armor 5.0
OpenOffice.org Installer 1.0
OutlookAddinSetup
OverDrive Media Console
PCmover
PowerDVD 5.7
PRISM Remote Buyback
PRISM Remote Buyback Updater
ProductContext
PRS-500 USB driver
PSSWCORE
Pure Networks Platform
QuickBooks
QuickBooks Simple Start 2009
QuickSet
QuickTime
RealPlayer
RealUpgrade 1.0
Remove TCS Software\TCS GUI
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sonic Encoders
SUPERAntiSpyware
SupportSoft Assisted Service
Toolbox
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinBizFedFormset
TurboTax 2009 WinBizReleaseEngine
TurboTax 2009 WinBizTaxSupport
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2009 wtxcbpm
TurboTax 2010
TurboTax 2010 WinBizFedFormset
TurboTax 2010 WinBizReleaseEngine
TurboTax 2010 WinBizTaxSupport
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2010 wtxcbpm
TurboTax Business 2009
TurboTax Business 2010
TurboTax Home & Business 2006
TurboTax Home & Business 2007
TurboTax ItsDeductible 2006
TurboTax Premier 2004
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VideoToolkit01
Viewpoint Media Player
Visual Studio 2005 Tools for Office Second Edition Runtime
VNC Free Edition 4.1.2
WebEx
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006

1.0.03.08080)
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/20/2011 8:51:03 AM, error: Windows Update Agent [20]  - Installation

Failure: Windows failed to install the following update with error

0x80070643: Security Update for SQL Server 2000 Service Pack 4

(KB960082).
5/19/2011 2:24:47 PM, error: Server [2505]  - The server could not bind

to the transport

\Device\NetBT_Tcpip_{F49C06B7-0A7B-4691-B82C-D8632F867D37} because

another computer on the network has the same name.  The server could

not start.
5/19/2011 12:47:19 PM, error: Dhcp [1002]  - The IP address lease

192.168.1.100 for the Network Card with network address 001FE1509EAF

has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a

DHCPNACK message).
5/18/2011 9:14:17 PM, error: Print [23]  - Printer Microsoft Office

Document Image Writer failed to initialize because a suitable Microsoft

Office Document Image Writer Driver driver could not be found.
5/18/2011 9:14:17 PM, error: Print [23]  - Printer HP Officejet 5600

series fax failed to initialize because a suitable HP Officejet 5600

series fax driver could not be found.
5/18/2011 9:14:17 PM, error: Print [23]  - Printer HP Officejet 5600

series failed to initialize because a suitable HP Officejet 5600 series

driver could not be found.
5/18/2011 8:38:34 PM, error: Dhcp [1002]  - The IP address lease

5.105.83.75 for the Network Card with network address 0023C369534B has

been denied by the DHCP server 0.0.0.1 (The DHCP Server sent a DHCPNACK

message).
5/18/2011 3:13:54 PM, error: Dhcp [1001]  - Your computer was not

assigned an address from the network (by the DHCP Server) for the

Network Card with network address 0023C369534B.  The following error

occurred:  The semaphore timeout period has expired. . Your computer

will continue to try and obtain an address on its own from the network

address (DHCP) server.
5/18/2011 2:41:17 PM, error: System Error [1003]  - Error code

100000d1, parameter1 000f0037, parameter2 00000002, parameter3

00000000, parameter4 a877ad42.
5/18/2011 2:37:05 PM, error: Service Control Manager [7000]  - The WMI

Performance Adapter service failed to start due to the following error:

 Access is denied.
5/18/2011 2:14:38 PM, error: System Error [1003]  - Error code

0000004e, parameter1 00000099, parameter2 0007d5a6, parameter3

00000000, parameter4 00000000.
5/18/2011 2:09:55 PM, error: Service Control Manager [7034]  - The

Online Armor service terminated unexpectedly.  It has done this 1

time(s).
.
==== End Of File ===========================

[dawnreb]

I'm not sure why the firewall shows it was turned off during the last scan.  It asked me to allow HJT before I ran it.  I did not turn it off.  I did turn it back on.  The first and last items were found and fixed on HJT.

Rebecca

[SuperDave]

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

C:\WINDOWS\system32\WSCRIPT.exe
 
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
************************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
*******************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
Trusted Zone: intuit.com\ttlc

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
This next program, ComboFix, may not work with AVG on your computer. If you get such a message, please let me know and we'll do a work-around.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[dawnreb]

Filename:  cea8f7e45b7b098f5fb085bb6a6a4432 
Status:  Scan finished. 0 out of 20 scanners reported malware.
Scan taken on:   Fri 29 Apr 2011 22:40:50 (CET) Permalink

[dawnreb]

Additional Info on scan:

File size:  155648 bytes 
Filetype:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit 
MD5:  cea8f7e45b7b098f5fb085bb6a6a4432 
SHA1:  36632da9b915460f45ffdf040c459bc4ab9cb05 a 

[dawnreb]

All processes killed
========== OTL ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41661 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 4134840 bytes
 
User: NetworkService
->Temp folder emptied: 26170 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Rebecca Woods
->Temp folder emptied: 478042974 bytes
->Temporary Internet Files folder emptied: 37732124 bytes
->Java cache emptied: 97544210 bytes
->Flash cache emptied: 49709 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15863154 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104226478 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 704.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05212011_144909

Files\Folders moved on Reboot...
C:\Documents and Settings\Rebecca Woods\Local Settings\Temp\~DF3293.tmp moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temp\~DF3FCD.tmp moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temporary Internet Files\Content.IE5\N3JXMYD0\jsc[1] moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temporary Internet Files\Content.IE5\N3JXMYD0\showMessage[1].htm moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temporary Internet Files\Content.IE5\N3JXMYD0\viewpoint-plunge-into-adware[1].htm moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temporary Internet Files\Content.IE5\N3JXMYD0\widgets[1].js moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temporary Internet Files\Content.IE5\LLME7RA8\echo-stream[1].js moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temporary Internet Files\Content.IE5\LLME7RA8\jquery-pack[1].js moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temporary Internet Files\Content.IE5\CNXX9GDF\combo[1].css moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temporary Internet Files\Content.IE5\CNXX9GDF\comments[1].js moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temporary Internet Files\Content.IE5\CNXX9GDF\sharethis[1].js moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temporary Internet Files\Content.IE5\CNXX9GDF\yahoo_com[1].txt moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temporary Internet Files\Content.IE5\4CF70N9W\topic,119571.0[1].html moved successfully.
C:\Documents and Settings\Rebecca Woods\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_590.dat moved successfully.

Registry entries deleted on Reboot...

[dawnreb]

I could not run ComboFix with my AVG.

Rebecca

[SuperDave]

Ok. Here's what you need to do. Select one of the other free AV programs from the list below and install it. Then uninstall AVG and then run ComboFix.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

[dawnreb]

I went to add or remove programs to remove AVG and I got this error message.


Local machine: installation failed
    Installation:
        Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
            Access is denied.