Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

You've won a gift card pop ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: You've won a gift card pop ups

Unread postby Cypher » March 18th, 2011, 5:47 am

Hi LINASING.
Continue with the instructions below please.

We need to disable McAfee Security Center and its components temporarily as it will interfere with the fix.

  • Open McAfee Security Center.
  • Click on Home on the left pane.
  • Beside Computer & Files, click on the arrow button.
  • Next, click on the arrow button beside Configure at the middle right (NOT the bottom one).
  • You will come to a new page. Please check (click) Off for all the protections. Remember to scroll down.
  • You will be prompted, select Never and just click OK.
  • Note: Don't forget to re-enable it after the fix.

Here is an illustration to assist you:
Image

Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



Logs/Information to Post in your Next Reply

  • ComboFix.txt.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: You've won a gift card pop ups

Unread postby LINASING » March 18th, 2011, 3:49 pm

ComboFix 11-03-18.01 - Owner 03/18/2011 14:11:38.1.1 - x86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Owner\Local Settings\Application Data\{E88AC9F4-E73C-4805-8BDA-8913BD89B817}
c:\program files\Drop Down Deals
c:\program files\Drop Down Deals\YontooIEClient.dll
c:\program files\Internet Explorer\msimg32.dll
c:\windows\system32\logs
.
.
((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-16 22:46 . 2011-03-16 22:46 -------- d-----w- C:\_OTM
2011-03-16 22:33 . 2011-03-16 22:33 -------- d-----w- c:\program files\ERUNT
2011-03-16 17:40 . 2011-03-17 03:06 -------- d-----w- c:\program files\trend micro
2011-03-16 17:40 . 2011-03-16 17:42 -------- d-----w- C:\rsit
2011-03-16 02:00 . 2011-03-16 02:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-03-16 02:00 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-16 02:00 . 2011-03-16 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-16 01:59 . 2011-03-16 02:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-16 01:59 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-16 01:14 . 2011-03-16 01:43 -------- d-----w- c:\windows\system32\NtmsData
2011-03-13 22:46 . 2011-03-13 22:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2011-03-13 22:46 . 2011-03-13 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-03-13 22:31 . 2011-03-13 22:31 -------- d-----w- c:\program files\Common Files\Java
2011-03-13 22:29 . 2011-03-13 22:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-05 01:03 . 2011-03-05 01:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Logitech
2011-03-05 01:01 . 2003-11-11 00:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-03-05 01:01 . 2003-11-11 00:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-03-05 01:01 . 2003-11-11 00:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-03-05 01:01 . 2003-11-11 00:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-03-05 01:01 . 2003-11-11 00:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-03-05 01:01 . 2011-03-05 01:01 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-03-05 01:01 . 2011-03-05 01:01 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-03-05 00:57 . 2007-01-23 21:45 34576 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2011-03-05 00:57 . 2007-01-23 21:45 33296 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2011-03-05 00:57 . 2007-01-23 21:45 1419024 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-03-05 00:57 . 2007-01-23 21:44 101136 ----a-w- c:\windows\KHALMNPR.Exe
2011-03-05 00:57 . 2007-01-30 07:46 163840 ----a-w- c:\windows\system32\kemutb.dll
2011-03-05 00:57 . 2007-01-30 07:46 69632 ----a-w- c:\windows\system32\KemXML.dll
2011-03-05 00:57 . 2007-01-30 07:46 110592 ----a-w- c:\windows\system32\KemWnd.dll
2011-03-05 00:57 . 2007-01-30 07:46 135168 ----a-w- c:\windows\system32\KemUtil.dll
2011-03-05 00:56 . 2011-03-05 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2011-03-05 00:55 . 2005-04-04 05:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-03-05 00:55 . 2005-04-04 05:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-03-05 00:55 . 2005-04-04 05:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-03-05 00:55 . 2005-04-04 05:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-03-05 00:55 . 2005-04-04 04:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-03-05 00:55 . 2011-03-05 00:55 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-03-05 00:55 . 2011-03-05 00:55 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-03-05 00:37 . 2008-04-14 02:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-03-05 00:37 . 2008-04-14 02:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-03-05 00:36 . 2001-08-17 19:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-03-05 00:36 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-05 00:36 . 2008-04-13 20:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-03-05 00:36 . 2008-04-13 20:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-03-03 15:13 . 2011-03-03 15:13 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-03-03 11:02 . 2011-03-03 11:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-03 04:54 . 2011-03-03 04:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-02 23:02 . 2011-03-03 03:26 -------- d-----w- c:\windows\tp
2011-03-02 20:32 . 2011-03-02 20:32 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2011-02-24 21:21 . 2011-03-05 00:57 -------- d-----w- c:\program files\Common Files\Logitech
2011-02-24 21:17 . 2011-03-05 00:56 -------- d-----w- c:\program files\Logitech
2011-02-24 20:25 . 2011-02-24 20:25 53248 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2011-02-24 20:25 . 2011-02-24 20:25 126976 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2011-02-24 20:25 . 2011-02-24 20:25 114688 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2011-02-24 19:12 . 2011-02-24 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-02-24 16:08 . 2011-02-24 16:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-02-24 16:08 . 2011-02-24 16:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-02-24 16:08 . 2011-02-24 16:08 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2011-02-24 16:03 . 2011-02-24 16:08 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2011-02-23 23:52 . 2011-02-23 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-23 23:52 . 2011-02-23 23:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-22 03:40 . 2011-03-13 22:44 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2011-02-21 20:01 . 2011-02-21 20:01 0 ----a-w- c:\windows\Pxobovab.bin
2011-02-21 19:39 . 2011-02-21 20:07 -------- d-s---w- c:\documents and settings\Administrator
2011-02-20 17:46 . 2011-02-21 20:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\whitesmoketoolbar(2)
2011-02-20 16:34 . 2011-02-21 20:07 -------- d-----w- c:\program files\whitesmoketoolbar(2)
2011-02-18 23:29 . 2011-02-18 23:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-02-18 23:09 . 2011-02-21 20:08 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-18 20:08 . 2011-02-24 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-02-18 20:08 . 2011-03-13 21:44 -------- d-----w- c:\program files\Yahoo!
2011-02-18 18:39 . 2011-02-18 18:39 88576 --sha-r- c:\windows\system32\dxmasfu.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 22:28 . 2010-12-27 00:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-09 13:53 . 2004-08-12 14:04 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-12 13:57 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-07-08 14:12 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-07-08 14:12 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-12 14:05 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-12 13:55 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-12 14:09 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-12 13:58 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-12 13:59 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-11-05 6174008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Motive SmartBridge"="c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2008-02-13 483415]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CenturyLink Help.lnk - c:\program files\Virtual Assistant\bin\matcli.exe [2010-12-8 217088]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-3-4 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-3-4 688128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 5:13 PM 65584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/15/2010 10:04 AM 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/15/2010 10:04 AM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/15/2010 10:04 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/15/2010 10:04 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [9/15/2010 10:04 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [9/15/2010 9:51 AM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [9/15/2010 10:04 AM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [9/15/2010 10:04 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [9/15/2010 10:04 AM 88544]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [9/15/2010 10:04 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/15/2010 10:04 AM 84264]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-03-18 c:\windows\Tasks\User_Feed_Synchronization-{FEB4C980-ECEF-4A06-A47E-587261CBB01F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
Trusted Zone: oma11pwww05
Trusted Zone: prod.westworlds.com
Trusted Zone: west.com
Trusted Zone: westathome.com
Trusted Zone: westathome.net
Trusted Zone: workathomeagent.net
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Drop Down Deals\YontooIEClient.dll
Toolbar-Locked - (no file)
HKCU-Run-HLTCDMS83A - c:\windows\Dzetyc.exe
HKCU-Run-diawus - c:\documents and settings\Owner\diawus.exe
HKLM-Run-EzPrint - c:\program files\Lexmark 5600-6600 Series\ezprint.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Shockwave - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 14:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
.
c:\windows\TEMP\mcafee_3QkiqtbJqlGTVOH 0 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
Completion time: 2011-03-18 14:36:39
ComboFix-quarantined-files.txt 2011-03-18 19:36
.
Pre-Run: 143,258,071,040 bytes free
Post-Run: 143,337,762,816 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C94D6B6CE6A1CDC82193C073A83A9342


Hi Cypher, Computer performance has greatly improved since we began this journey. Speed is better. I have no internet redirecting or you've won a gift card pop ups. I began having a flickering address bar yesterday though and am not sure if its related in anyway to malware. Thanks for your hardwork!
LINASING
Regular Member
 
Posts: 16
Joined: March 15th, 2011, 2:30 pm

Re: You've won a gift card pop ups

Unread postby Cypher » March 18th, 2011, 4:12 pm

Hi LINASING.
Thanks for your hardwork!

No problem and you are most welcome.
Glad to hear your computer is performing better and no more redirects.
ComboFix has taken care of those two files i asked you to upload, i need you to run one more scan to check for leftovers.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.0.1).
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Next.

Please disable McAfee SecurityCenter again as it may interfere with the below scan.


Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me another update on how your PC is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: You've won a gift card pop ups

Unread postby LINASING » March 19th, 2011, 1:02 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=d1fe755d122a7d4a99a3990a1171ffe5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-18 10:06:57
# local_time=2011-03-18 05:06:57 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777189 100 75 430975 16715790 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63364
# found=1
# cleaned=0
# scan_time=3871
C:\Program Files\FoxTabMP4Converter\MP4Converter.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I


Hello Cypher,

PC seems to be doing well. I honestly am nervous to use it much with all these issues. I just dont wanna mess up all that u have accomplished. ESET found an infection but didnt remove it and that weird program called aaa with the java logo is still there( you said we would get to it later)...just a reminder.
LINASING
Regular Member
 
Posts: 16
Joined: March 15th, 2011, 2:30 pm

Re: You've won a gift card pop ups

Unread postby Cypher » March 19th, 2011, 1:12 pm

Hi LINASING.
That looks like a false positive detection,
Let me know if you were able to do the following successfully.

Please download Add Remove Program Cleaner to your desktop.

  • Double-click on addremovecleaner.
  • Locate aaa in the menu and click once on it to highlight.
  • Now click on Remove from add/remove programs list.
  • At the prompt click on Yes then Exit.
  • Now delete addremovecleaner from the desktop, empty the Recycle Bin and reboot the computer.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: You've won a gift card pop ups

Unread postby LINASING » March 19th, 2011, 8:09 pm

successful! can i use the add remove program cleaner to remove the foxtabmp4 converter program. I have been trying to figure out how to remove it for some time but it doesnt show in the control panel under add/remove programs. But when i go to start then programs it is showing there. Not sure if it will come up in the cleaner program...
LINASING
Regular Member
 
Posts: 16
Joined: March 15th, 2011, 2:30 pm

Re: You've won a gift card pop ups

Unread postby Cypher » March 20th, 2011, 6:10 am

Hi LINASING.
Yes you can keep Add Remove Program Cleaner to use if you wish.
Are you having any problems now how is your PC performing?

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)


Logs/Information to Post in your Next Reply

  • RSIT log.txt.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: You've won a gift card pop ups

Unread postby LINASING » March 20th, 2011, 9:48 am

did not have a run as administrator option when i right clicked. just a run as... option. i clicked that and a box appeared with a prepopulated password. i clicked ok and could not run rsit that way. has to double click desktop icon to produce below log. computer began to move slow again last night ( hourglasses) no pop ups or redirecting though.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2011-03-20 08:43:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 136 GB (89%) free of 153 GB
Total RAM: 510 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:45:21 AM, on 3/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Virtual Assistant\bin\mpbtn.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101209083646.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: CenturyLink Help.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.oma11pwww05
O15 - Trusted Zone: *.prod.westworlds.com
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: *.westathome.com
O15 - Trusted Zone: *.westathome.net
O15 - Trusted Zone: *.workathomeagent.net
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: lxdu_device - Unknown owner - C:\WINDOWS\system32\lxducoms.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11486 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FEB4C980-ECEF-4A06-A47E-587261CBB01F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2009-09-19 1172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2010-11-25 238056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101209083646.dll [2010-10-13 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-03-18 298160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll [2011-03-19 848952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2011-03-09 251928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-03-13 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-09-19 158008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2011-03-09 251928]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2009-09-19 1172280]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-03-18 298160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-06-07 50688]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-09-30 1193848]
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 []
"lxcgmon.exe"=C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [2005-07-21 200704]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-07-12 299008]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-21 47904]
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2009-09-12 103768]
"Motive SmartBridge"=C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe [2008-02-13 483415]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-11-17 421160]
"Monitor"=C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [2010-11-19 193880]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-02-18 2423752]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-11-04 6174008]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-03-18 39408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
CenturyLink Help.lnk - C:\Program Files\Virtual Assistant\bin\matcli.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McciCMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe"="C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe"="C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe"="C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2011-03-18 15:52:43 ----D---- C:\Program Files\ESET
2011-03-18 15:45:43 ----SHD---- C:\RECYCLER
2011-03-18 15:32:54 ----D---- C:\Documents and Settings\Owner\Application Data\Google
2011-03-18 15:28:33 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2011-03-18 14:36:42 ----A---- C:\ComboFix.txt
2011-03-18 13:57:50 ----A---- C:\Boot.bak
2011-03-18 13:57:45 ----RASHD---- C:\cmdcons
2011-03-18 13:37:45 ----A---- C:\WINDOWS\zip.exe
2011-03-18 13:37:45 ----A---- C:\WINDOWS\SWSC.exe
2011-03-18 13:37:45 ----A---- C:\WINDOWS\SWREG.exe
2011-03-18 13:37:45 ----A---- C:\WINDOWS\sed.exe
2011-03-18 13:37:45 ----A---- C:\WINDOWS\PEV.exe
2011-03-18 13:37:45 ----A---- C:\WINDOWS\NIRCMD.exe
2011-03-18 13:37:45 ----A---- C:\WINDOWS\MBR.exe
2011-03-18 13:37:45 ----A---- C:\WINDOWS\grep.exe
2011-03-18 13:37:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-03-18 13:33:41 ----D---- C:\Qoobox
2011-03-16 17:46:06 ----D---- C:\_OTM
2011-03-16 17:35:27 ----D---- C:\WINDOWS\ERDNT
2011-03-16 17:33:23 ----D---- C:\Program Files\ERUNT
2011-03-16 13:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-16 13:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-16 13:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-03-16 12:40:55 ----D---- C:\Program Files\trend micro
2011-03-16 12:40:54 ----D---- C:\rsit
2011-03-15 22:09:28 ----A---- C:\TDSSKiller.2.4.21.0_15.03.2011_22.09.28_log.txt
2011-03-15 21:00:44 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2011-03-15 21:00:10 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-03-15 21:00:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-03-15 20:59:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-03-15 20:59:58 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-03-15 20:14:51 ----D---- C:\WINDOWS\system32\NtmsData
2011-03-13 17:46:42 ----D---- C:\Documents and Settings\Owner\Application Data\Yahoo!
2011-03-13 17:46:20 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2011-03-13 17:31:40 ----D---- C:\Program Files\Common Files\Java
2011-03-13 17:29:46 ----A---- C:\WINDOWS\system32\javaws.exe
2011-03-13 17:29:46 ----A---- C:\WINDOWS\system32\javaw.exe
2011-03-13 17:29:46 ----A---- C:\WINDOWS\system32\java.exe
2011-03-04 20:03:12 ----D---- C:\Documents and Settings\Owner\Application Data\Logitech
2011-03-04 19:59:16 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2011-03-04 19:57:44 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2011-03-04 19:57:44 ----A---- C:\WINDOWS\system32\drivers\LMouFilt.Sys
2011-03-04 19:57:44 ----A---- C:\WINDOWS\system32\drivers\LHidFilt.Sys
2011-03-04 19:57:44 ----A---- C:\WINDOWS\KHALMNPR.Exe
2011-03-04 19:57:14 ----A---- C:\WINDOWS\system32\kemutb.dll
2011-03-04 19:57:13 ----A---- C:\WINDOWS\system32\KemXML.dll
2011-03-04 19:57:13 ----A---- C:\WINDOWS\system32\KemWnd.dll
2011-03-04 19:57:13 ----A---- C:\WINDOWS\system32\KemUtil.dll
2011-03-04 19:56:21 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2011-03-04 19:37:02 ----A---- C:\WINDOWS\system32\hidserv.dll
2011-03-04 19:36:24 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2011-03-04 19:36:07 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2011-03-03 10:13:33 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2011-03-02 23:40:28 ----ASH---- C:\pagefile.sys
2011-03-02 18:02:35 ----D---- C:\WINDOWS\tp
2011-02-24 16:26:06 ----D---- C:\Config.Msi
2011-02-24 16:21:35 ----D---- C:\Program Files\Common Files\Logitech
2011-02-24 16:17:56 ----D---- C:\Program Files\Logitech
2011-02-24 14:12:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-02-23 18:52:53 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-23 18:52:26 ----D---- C:\Program Files\SUPERAntiSpyware
2011-02-21 14:22:52 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2011-03-20 08:44:01 ----D---- C:\WINDOWS\Prefetch
2011-03-20 08:43:44 ----D---- C:\WINDOWS\Temp
2011-03-20 08:03:25 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-19 22:16:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-19 18:50:37 ----RD---- C:\Program Files
2011-03-19 18:50:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-03-19 12:31:17 ----SHD---- C:\WINDOWS\Installer
2011-03-18 15:51:47 ----D---- C:\Program Files\Lx_cats
2011-03-18 15:42:09 ----D---- C:\Program Files\Common Files\Adobe
2011-03-18 15:41:53 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-03-18 15:41:49 ----D---- C:\Program Files\Adobe
2011-03-18 15:38:58 ----D---- C:\WINDOWS\system32
2011-03-18 15:30:00 ----SD---- C:\WINDOWS\Tasks
2011-03-18 15:29:30 ----D---- C:\Program Files\Google
2011-03-18 14:30:58 ----D---- C:\WINDOWS
2011-03-18 14:30:58 ----A---- C:\WINDOWS\system.ini
2011-03-18 14:30:38 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-18 14:27:22 ----D---- C:\Program Files\Internet Explorer
2011-03-18 14:22:20 ----D---- C:\WINDOWS\system32\drivers
2011-03-18 14:22:20 ----D---- C:\WINDOWS\AppPatch
2011-03-18 14:22:08 ----D---- C:\Program Files\Common Files
2011-03-18 13:57:50 ----RASH---- C:\boot.ini
2011-03-17 15:14:58 ----D---- C:\Program Files\McAfee
2011-03-17 11:30:02 ----HD---- C:\WINDOWS\inf
2011-03-16 17:59:44 ----SHD---- C:\System Volume Information
2011-03-16 17:59:44 ----D---- C:\WINDOWS\system32\Restore
2011-03-16 13:06:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-16 13:05:59 ----D---- C:\WINDOWS\Debug
2011-03-16 13:05:52 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-16 13:05:46 ----A---- C:\WINDOWS\imsins.BAK
2011-03-16 08:08:43 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-16 00:57:38 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-15 21:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2011-03-15 20:26:46 ----D---- C:\WINDOWS\repair
2011-03-15 20:26:42 ----D---- C:\WINDOWS\Registration
2011-03-15 20:14:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-03-13 17:28:26 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-03-13 16:44:20 ----D---- C:\Program Files\Yahoo!
2011-03-13 09:04:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-13 09:00:23 ----D---- C:\WINDOWS\SxsCaPendDel
2011-03-13 00:29:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-03-13 00:29:56 ----D---- C:\WINDOWS\WinSxS
2011-03-12 17:13:35 ----D---- C:\WINDOWS\network diagnostic
2011-03-04 20:08:37 ----D---- C:\Documents and Settings
2011-03-04 19:58:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-03-04 19:57:45 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-03-04 19:56:13 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-04 19:56:12 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2011-03-02 23:54:50 ----D---- C:\WINDOWS\system32\wbem
2011-03-02 17:39:36 ----D---- C:\WINDOWS\system32\config
2011-02-24 09:06:17 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2011-02-23 19:50:50 ----D---- C:\WINDOWS\system32\Macromed
2011-02-21 15:08:11 ----D---- C:\Program Files\Yontoo Layers Client
2011-02-21 15:07:53 ----D---- C:\Program Files\whitesmoketoolbar(2)
2011-02-21 14:41:01 ----D---- C:\DELL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2010-10-13 386840]
R1 ctxusbm;Citrix USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2010-10-13 84072]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2010-10-13 55840]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2010-10-13 95600]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-10-13 152960]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-10-13 52104]
R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2010-10-13 313288]
R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-10-13 88544]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []
S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-10-13 88544]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2010-10-13 84264]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-03-13 153376]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2010-11-19 4916568]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-12-16 319488]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-08-24 171168]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2010-10-13 141792]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-17 820008]
R3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-07-25 491520]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-18 136176]
S2 lxdu_device;lxdu_device; C:\WINDOWS\system32\lxducoms.exe -service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-18 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-10-07 364216]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
LINASING
Regular Member
 
Posts: 16
Joined: March 15th, 2011, 2:30 pm

Re: You've won a gift card pop ups

Unread postby LINASING » March 20th, 2011, 9:54 am

ok the fox tab mp4 converter did not show up in the add remove cleaner. any idea how to get rid of this thing? Thanks, Cypher.
LINASING
Regular Member
 
Posts: 16
Joined: March 15th, 2011, 2:30 pm

Re: You've won a gift card pop ups

Unread postby Cypher » March 20th, 2011, 12:20 pm

Hi LINASING.
ok the fox tab mp4 converter did not show up in the add remove cleaner.

Just delete it from the program list.
Ok just a couple of things left to deal with then you should be good to go.

C:\Program Files\whitesmoketoolbar(2) << Delete this folder

Next.

Fix HijackThis entries

Run HijackThis

  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    O15 - Trusted Zone: *.oma11pwww05
    O15 - Trusted Zone: *.prod.westworlds.com
    O15 - Trusted Zone: *.west.com
    O15 - Trusted Zone: *.westathome.com
    O15 - Trusted Zone: *.westathome.net
    O15 - Trusted Zone: *.workathomeagent.net

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.


Once the above is done your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next

Clean up with OTM

  • Double-click OTM.exe to start the program, This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Here are some free programs I recommend that could help you improve your computer's security.

I recommend you keep Malwarebytes' Anti-Malware, keep it updated and run it once a week.
I also recommend you keep ATF Cleaner to clean out temp files.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: You've won a gift card pop ups

Unread postby LINASING » March 21st, 2011, 1:02 am

lots of great info that i will be going through in hopes of this not happening again. Thanks, Cypher!
LINASING
Regular Member
 
Posts: 16
Joined: March 15th, 2011, 2:30 pm

Re: You've won a gift card pop ups

Unread postby Cypher » March 21st, 2011, 5:40 am

Hi LINASING.
You're most welcome.
Good luck and stay safe.
As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware