Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2009


  • This topic is locked This topic is locked
11 replies to this topic

#1 syekidorp

syekidorp

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 11 January 2009 - 01:42 PM

Hello,

On my PC, Internet Explorer just produces a page saying "The page cannot be displayed" and then produces a pop-up banner saying:

ATTENTION! If your computer is struck by spyware, you could suffer data loss, unusual PC behaviour, PC freezes and crashes.Detect and remove viruses before they damage your computer!Antivirus 2009 will perform a 100% FREE and quick scan of your PC for viruses, Spyware and Adware.Doyou want to install Antivirus 2009 to scan your computer for malware now? (Recommended)

below are choices OK or Cancel

This seems like rogue spyware to me.

Can you help me get rid of it please.

here is my DDS log:


DDS (Ver_09-01-07.01) - NTFSx86
Run by jay at 17:54:53.57 on 11/01/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.615 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Documents and Settings\jay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by Orange UK
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://uk.yahoo.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google plugin: {63845b64-69b6-4b9a-9461-c59b2afdc0a9} - vgf32.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\progra~1\iwinga~1\IWINGA~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
BHO: {e9264dc3-27c2-48c2-987a-51f3799421bc} - c:\windows\system32\sojerire.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [CPM7ba9e738] Rundll32.exe "c:\windows\system32\madipoha.dll",a
mRun: [duwupirita] Rundll32.exe "c:\windows\system32\loyejosu.dll",s
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [msiexec.exe] msiconf.exe
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Send To &Bluetooth - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\temp\ntdll64.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\lulekosa.dll,c:\windows\system32\weziroze.dll c:\windows\system32\madipoha.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lulekosa.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\lulekosa.dll
LSA: Notification Packages = scecli c:\windows\system32\suyivaye.dll c:\windows\system32\weziroze.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jay\applic~1\mozilla\firefox\profiles\bpj4s8m3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - HiddenExtension: XUL Cache: {FF59048A-F599-4783-B750-4CBE8057D52A} - c:\documents and settings\jay\local settings\application data\{FF59048A-F599-4783-B750-4CBE8057D52A}
FF - HiddenExtension: XUL Cache: {26075AC1-02C8-4491-8971-069E67DDFEA3} - c:\windows\system32\config\systemprofile\local settings\application data\{26075ac1-02c8-4491-8971-069e67ddfea3}\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-21 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-21 35240]
R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-1-12 13696]
R4 iWinGamesInstaller;iWinGamesInstaller;c:\program files\iwin games\iWinGamesInstaller.exe [2008-9-9 78104]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-21 206096]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-21 358736]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-21 144704]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-1-12 13568]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-21 34152]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-21 40488]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-21 605512]

=============== Created Last 30 ================

2009-01-11 16:09 <DIR> --d----- c:\windows\pss
2009-01-11 15:49 120 ---sh--- c:\windows\system32\uyajibig.ini
2009-01-10 16:38 289,144 a------- c:\windows\system32\VCCLSID.exe
2009-01-10 16:38 87,552 a------- c:\windows\system32\VACFix.exe
2009-01-10 16:38 82,944 a------- c:\windows\system32\IEDFix.exe
2009-01-10 16:38 82,944 a------- c:\windows\system32\IEDFix.C.exe
2009-01-10 16:38 82,432 a------- c:\windows\system32\404Fix.exe
2009-01-10 16:38 80,384 a------- c:\windows\system32\o4Patch.exe
2009-01-10 16:38 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-10 16:38 53,248 a------- c:\windows\system32\Process.exe
2009-01-10 16:38 25,600 a------- c:\windows\system32\WS2Fix.exe
2009-01-10 16:38 <DIR> --d----- C:\SmitfraudFix
2009-01-10 16:31 1,660,821 a------- C:\SmitfraudFix.exe
2009-01-10 16:03 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-10 15:58 <DIR> --d----- c:\program files\Trend Micro
2009-01-06 09:37 111,616 a------- c:\windows\system32\ntdll64.exe
2009-01-06 09:13 1,347 a------- c:\windows\system32\ahtn.htm
2009-01-06 09:13 4,785 a------- c:\windows\system32\warning.gif
2009-01-06 09:13 491 a------- c:\windows\system32\win32hlp.cnf
2009-01-06 09:12 111,616 a------- c:\windows\system32\dllcache\userinit.exe
2009-01-06 09:12 1 a------- c:\windows\system32\uniq.tll
2009-01-06 09:12 1 a------- c:\windows\system32\test.ttt
2009-01-06 09:12 24,576 a------- c:\windows\system32\frmwrk32.exe
2009-01-06 09:12 24,576 a------- c:\windows\system32\pcload.exe
2009-01-06 08:58 1,265,232 ---sh--- c:\windows\system32\utotohud.ini
2009-01-05 10:29 0 a------- c:\windows\system32\ekazonud.tmp
2009-01-04 13:11 1,266,237 ---sh--- c:\windows\system32\ekazonud.ini
2009-01-03 11:09 1,266,209 ---sh--- c:\windows\system32\izawuwey.ini
2009-01-02 23:09 1,266,209 ---sh--- c:\windows\system32\esolufiy.ini
2009-01-02 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\eGames
2009-01-02 17:39 <DIR> --d----- c:\docume~1\jay\applic~1\eGames
2009-01-02 17:39 <DIR> --dsh--- c:\docume~1\jay\applic~1\.#
2009-01-02 09:45 1,266,227 ---sh--- c:\windows\system32\ifisikat.ini
2009-01-01 21:44 1,266,209 ---sh--- c:\windows\system32\anevomus.ini
2009-01-01 21:30 <DIR> --d----- c:\docume~1\jay\applic~1\Spintop Ashtons Family Resort
2009-01-01 21:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spintop Ashtons Family Resort
2009-01-01 19:55 2,744 a------- c:\docume~1\jay\applic~1\mindhabits.dat
2009-01-01 09:44 1,266,227 ---sh--- c:\windows\system32\etekayun.ini
2008-12-31 21:44 1,266,209 ---sh--- c:\windows\system32\oyevewuy.ini
2008-12-31 13:18 <DIR> --d----- c:\program files\VirusRemover2008
2008-12-31 11:54 <DIR> --d----- c:\program files\Video Strip Poker Supreme
2008-12-31 09:43 1,267,034 ---sh--- c:\windows\system32\igenubaj.ini
2008-12-30 21:44 1,267,034 ---sh--- c:\windows\system32\uvipisek.ini
2008-12-29 17:26 133,632 a------- c:\windows\amaqazef.dll
2008-12-29 17:23 1 a------- c:\windows\system32\rc.dat
2008-12-29 17:23 1 a------- c:\windows\system32\ps1.dat
2008-12-29 17:23 1 a------- c:\windows\system32\bb1.dat
2008-12-29 13:34 39,424 a------- c:\windows\Upimapakukakadi.dll
2008-12-29 13:34 39,424 a------- c:\windows\hel.exe
2008-12-29 13:34 60,416 a------- c:\windows\inform.dat
2008-12-29 09:41 1,267,027 ---sh--- c:\windows\system32\uderoyah.ini
2008-12-28 15:20 1,265,838 ---sh--- c:\windows\system32\omelibez.ini
2008-12-27 11:52 1,664,208 ---sh--- c:\windows\system32\itevasem.ini
2008-12-26 02:30 1,664,199 ---sh--- c:\windows\system32\ewitajat.ini
2008-12-25 10:43 1,582,219 ---sh--- c:\windows\system32\epusobej.ini
2008-12-24 17:11 1,582,201 ---sh--- c:\windows\system32\ifobubuz.ini
2008-12-23 13:39 1,582,201 ---sh--- c:\windows\system32\urururir.ini
2008-12-22 12:21 1,582,201 ---sh--- c:\windows\system32\udasusoy.ini
2008-12-21 17:48 <DIR> --d----- c:\docume~1\jay\applic~1\McAfee
2008-12-21 16:13 30,295 a------- c:\windows\system32\Config.MPF
2008-12-21 16:12 <DIR> --d----- c:\program files\SiteAdvisor
2008-12-21 16:07 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2008-12-21 16:07 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2008-12-21 16:07 79,240 a------- c:\windows\system32\drivers\mfeavfk.sys
2008-12-21 16:06 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2008-12-21 16:06 <DIR> --d----- c:\program files\common files\McAfee
2008-12-21 16:06 <DIR> --d----- c:\program files\McAfee.com
2008-12-21 16:05 <DIR> --d----- c:\program files\McAfee
2008-12-21 16:05 34,152 a------- c:\windows\system32\drivers\mferkdk.sys
2008-12-21 11:34 1,582,201 ---sh--- c:\windows\system32\uvozelom.ini
2008-12-20 23:34 1,582,201 ---sh--- c:\windows\system32\ewurasap.ini
2008-12-20 11:35 1,582,219 ---sh--- c:\windows\system32\eyazofiv.ini
2008-12-19 13:55 1,582,201 ---sh--- c:\windows\system32\afarojev.ini
2008-12-18 21:18 1,582,201 ---sh--- c:\windows\system32\eniveser.ini
2008-12-13 16:19 <DIR> --d----- c:\program files\bfgclient
2008-12-13 16:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2008-12-13 16:08 <DIR> --d----- c:\program files\Conduit
2008-12-13 16:08 <DIR> --d----- c:\program files\iWin Games

==================== Find3M ====================

2009-01-11 14:29 68,435 a--sh--- c:\windows\system32\tugokubu.dll
2009-01-11 14:29 101,973 a--sh--- c:\windows\system32\madipoha.dll
2009-01-11 14:29 91,353 a--sh--- c:\windows\system32\gibijayu.dll
2009-01-06 09:12 111,616 a------- c:\windows\system32\userinit.exe
2009-01-06 08:58 102,063 a--sh--- c:\windows\system32\lulekosa.dll
2009-01-06 08:58 92,400 a--sh--- c:\windows\system32\duhototu.dll
2009-01-05 10:30 89,277 a--sh--- c:\windows\system32\beyugazo.dll
2009-01-05 10:30 102,102 a--sh--- c:\windows\system32\tedolopi.dll
2009-01-05 10:29 101,482 a--sh--- c:\windows\system32\jilakije.dll
2009-01-05 10:29 92,284 a--sh--- c:\windows\system32\jizusubi.dll
2009-01-04 13:11 92,445 a--sh--- c:\windows\system32\dunozake.dll
2009-01-04 13:11 102,678 a--sh--- c:\windows\system32\biwivago.dll
2009-01-03 11:09 92,370 -------- c:\windows\system32\yewuwazi.dll
2009-01-03 11:09 103,101 a--sh--- c:\windows\system32\vuvubuyo.dll
2009-01-02 23:09 102,681 a--sh--- c:\windows\system32\namuweta.dll
2009-01-02 23:09 89,380 -------- c:\windows\system32\yifulose.dll
2009-01-02 21:45 101,663 a--sh--- c:\windows\system32\liguzeju.dll
2009-01-02 21:45 66,240 a--sh--- c:\windows\system32\nikezeva.dll
2009-01-02 09:45 97,471 a--sh--- c:\windows\system32\tilosupi.dll
2009-01-02 09:45 86,152 -------- c:\windows\system32\takisifi.dll
2009-01-01 21:44 96,421 a--sh--- c:\windows\system32\jefotumo.dll
2009-01-01 21:44 84,578 -------- c:\windows\system32\sumovena.dll
2009-01-01 09:44 95,963 a--sh--- c:\windows\system32\joredoma.dll
2009-01-01 09:44 84,609 -------- c:\windows\system32\nuyakete.dll
2008-12-31 21:44 96,865 a--sh--- c:\windows\system32\zabinose.dll
2008-12-31 21:44 84,806 -------- c:\windows\system32\yuweveyo.dll
2008-12-31 09:43 96,936 a--sh--- c:\windows\system32\vunozusu.dll
2008-12-31 09:43 84,687 a--sh--- c:\windows\system32\jabunegi.dll
2008-12-30 21:43 96,906 a--sh--- c:\windows\system32\toduyije.dll
2008-12-30 21:43 84,589 -------- c:\windows\system32\kesipivu.dll
2008-12-30 21:43 62,534 a--sh--- c:\windows\system32\nakuviza.dll
2008-12-29 09:40 98,987 a--sh--- c:\windows\system32\girazozi.dll
2008-12-29 09:40 87,159 -------- c:\windows\system32\hayoredu.dll
2008-12-28 15:20 87,204 -------- c:\windows\system32\zebilemo.dll
2008-12-28 15:20 95,820 a--sh--- c:\windows\system32\jawabile.dll
2008-12-28 14:21 61,641 a--sh--- c:\windows\system32\dokeyeke.dll
2008-12-27 11:52 87,177 a--sh--- c:\windows\system32\mesaveti.dll
2008-12-27 11:52 99,410 a--sh--- c:\windows\system32\jeyitizo.dll
2008-12-26 02:30 98,945 a--sh--- c:\windows\system32\sawetuna.dll
2008-12-26 02:30 87,309 -------- c:\windows\system32\tajatiwe.dll
2008-12-26 01:31 59,984 a--sh--- c:\windows\system32\gifetewu.dll
2008-12-25 10:43 84,604 -------- c:\windows\system32\jebosupe.dll
2008-12-25 10:43 96,423 a--sh--- c:\windows\system32\wasakale.dll
2008-12-24 17:11 99,011 a--sh--- c:\windows\system32\kigukaru.dll
2008-12-24 17:11 84,109 -------- c:\windows\system32\zububofi.dll
2008-12-23 13:39 99,078 a--sh--- c:\windows\system32\noyajego.dll
2008-12-23 13:39 65,151 a--sh--- c:\windows\system32\zagomeri.dll
2008-12-23 13:39 84,781 -------- c:\windows\system32\rirururu.dll
2008-12-22 12:21 98,023 a--sh--- c:\windows\system32\tumuwaku.dll
2008-12-21 11:34 95,913 a--sh--- c:\windows\system32\nupuzidu.dll
2008-12-21 11:34 85,147 -------- c:\windows\system32\molezovu.dll
2008-12-20 23:34 95,888 a--sh--- c:\windows\system32\lokowere.dll
2008-12-20 23:34 83,121 -------- c:\windows\system32\pasaruwe.dll
2008-12-20 11:35 97,852 a--sh--- c:\windows\system32\loboseta.dll
2008-12-20 11:35 85,105 -------- c:\windows\system32\vifozaye.dll
2008-12-19 13:55 87,331 -------- c:\windows\system32\vejorafa.dll
2008-12-19 13:55 94,912 a--sh--- c:\windows\system32\gatupono.dll
2008-12-18 21:18 95,972 a--sh--- c:\windows\system32\kivizazu.dll
2008-12-18 21:18 83,204 -------- c:\windows\system32\resevine.dll
2008-12-13 23:30 6,580 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-12 17:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 11:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 01:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-16 01:00 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2008-10-16 01:00 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2008-10-16 01:00 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-05-29 21:00 0 ac------ c:\program files\temp01
2006-08-26 17:38 774,144 ac------ c:\program files\RngInterstitial.dll
2006-08-18 10:58 278,528 ac------ c:\program files\common files\FDEUnInstaller.exe
2007-01-08 16:56 88 ---shr-- c:\windows\system32\5F9C749BC2.sys
2008-09-28 14:21 16,384 ac-sh--- c:\windows\system32\dawenegi.dll
2008-09-28 14:21 79,872 ac-sh--- c:\windows\system32\jisagoyi.dll
2008-09-26 01:31 12,288 ac-sh--- c:\windows\system32\livopafa.dll
1601-01-01 00:12 68,435 a--sh--- c:\windows\system32\loyejosu.dll
1601-01-01 00:12 19,456 a--sh--- c:\windows\system32\niwezufa.dll
1601-01-01 00:12 68,435 a--sh--- c:\windows\system32\sojerire.dll
1601-01-01 00:12 68,435 a--sh--- c:\windows\system32\weziroze.dll

============= FINISH: 18:01:05.23 ===============



Thanks for your help

from Sye

Attached Files



BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:39 AM

Posted 11 January 2009 - 03:58 PM

Hi, and Welcome to BleepingComputer :thumbsup:

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through the instructions before starting to follow them to amek sure you understand everything you have to do.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Please download GooredFix and save it to your Desktop. Double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.


Download ComboFix by sUBs from here or here

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

**Save it to your desktop**

We need to disable one or more of your security programs so that they do not interfere with ComboFix.

Disable McAfee Anti-Virus
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • Right-click it -> chose "Exit."
  • A popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Notes:
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
  • ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 syekidorp

syekidorp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 11 January 2009 - 04:49 PM

Hi jpshortstuff, thanks for your prompt reply.

re you instruction: "Disable McAfee Anti-Virus" "Right-click it -> chose "Exit.""

the exit option does not appear in the context menu but I have opened the security center and turned off anti-virus, script scanning and firewall. Will this be OK?

#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:39 AM

Posted 11 January 2009 - 05:01 PM

That sounds fine to me :)

You're good to go with the rest of the instructions :thumbsup:
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 syekidorp

syekidorp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 11 January 2009 - 06:09 PM

Ok I ran GooredFix and here is the log:

GooredFix v1.8 by jpshortstuff
Log created at 22:22 on 11/01/2009 running Option #2 (jay)
Firefox version 2.0.0.18 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{FF59048A-F599-4783-B750-4CBE8057D52A}"="C:\Documents and Settings\jay\Local Settings\Application Data\{FF59048A-F599-4783-B750-4CBE8057D52A}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\jay\Local Settings\Application Data\{FF59048A-F599-4783-B750-4CBE8057D52A}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.18\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.18\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{98e34367-8df7-42b4-837b-20b892ff0847}"="C:\Program Files\iWin Games\firefox\"

I also ran ComboFix which first produced the message:

ComboFix has detected rootkit activity and needs to reboot the
machine. Kindly note down on paper, the name of each file. We may
need it later.

C:\WINDOWS\system32\drivers\senekaymklftkb.sys
C:\WINDOWS\system32\senekakglnvoxo.dll
C:\WINDOWS\system32\senekayqoownod.dll
C:\WINDOWS\system32\senekaoymxfqgk.dll

After two reeboots it produced the log:

ComboFix 09-01-10.03 - jay 2009-01-11 22:40:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.652 [GMT 0:00]
Running from: c:\documents and settings\jay\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jay\Application Data\.#
c:\documents and settings\jay\Application Data\.#\MBX@D70@BA4160.###
c:\documents and settings\jay\Application Data\.#\MBX@D70@BA4190.###
c:\documents and settings\jay\Application Data\.#\MBX@D70@BA41C0.###
c:\documents and settings\jay\Favorites\Online Security Test.url
c:\program files\VirusRemover2008
c:\windows\IE4 Error Log.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\afarojev.ini
c:\windows\system32\ahtn.htm
c:\windows\system32\alog.txt
c:\windows\system32\anevomus.ini
c:\windows\system32\bb1.dat
c:\windows\system32\beyugazo.dll
c:\windows\system32\biwivago.dll
c:\windows\system32\cmds.txt
c:\windows\system32\dl.txt
c:\windows\system32\dokeyeke.dll
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaymklftkb.sys
c:\windows\system32\duhototu.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\dunozake.dll
c:\windows\system32\ekazonud.ini
c:\windows\system32\eniveser.ini
c:\windows\system32\epusobej.ini
c:\windows\system32\esolufiy.ini
c:\windows\system32\etekayun.ini
c:\windows\system32\ewitajat.ini
c:\windows\system32\ewurasap.ini
c:\windows\system32\eyazofiv.ini
c:\windows\system32\frmwrk32.exe
c:\windows\system32\gatupono.dll
c:\windows\system32\gibijayu.dll
c:\windows\system32\gifetewu.dll
c:\windows\system32\girazozi.dll
c:\windows\system32\hayoredu.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\ifisikat.ini
c:\windows\system32\ifobubuz.ini
c:\windows\system32\igenubaj.ini
c:\windows\system32\itevasem.ini
c:\windows\system32\izawuwey.ini
c:\windows\system32\jabunegi.dll
c:\windows\system32\jawabile.dll
c:\windows\system32\jebosupe.dll
c:\windows\system32\jefotumo.dll
c:\windows\system32\jeyitizo.dll
c:\windows\system32\jilakije.dll
c:\windows\system32\jizusubi.dll
c:\windows\system32\joredoma.dll
c:\windows\system32\kesipivu.dll
c:\windows\system32\kigukaru.dll
c:\windows\system32\kivizazu.dll
c:\windows\system32\liguzeju.dll
c:\windows\system32\loboseta.dll
c:\windows\system32\lokowere.dll
c:\windows\system32\loyejosu.dll
c:\windows\system32\lulekosa.dll
c:\windows\system32\madipoha.dll
c:\windows\system32\mesaveti.dll
c:\windows\system32\mfcans32.DLL
c:\windows\system32\mfcuia32.dll
c:\windows\system32\molezovu.dll
c:\windows\system32\nakuviza.dll
c:\windows\system32\namuweta.dll
c:\windows\system32\nikezeva.dll
c:\windows\system32\noyajego.dll
c:\windows\system32\ntdll64.exe
c:\windows\system32\nupuzidu.dll
c:\windows\system32\nuyakete.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\omelibez.ini
c:\windows\system32\oyevewuy.ini
c:\windows\system32\pasaruwe.dll
c:\windows\system32\Process.exe
c:\windows\system32\ps1.dat
c:\windows\system32\rc.dat
c:\windows\system32\resevine.dll
c:\windows\system32\rirururu.dll
c:\windows\system32\sawetuna.dll
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekakglnvoxo.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekaoymxfqgk.dll
c:\windows\system32\senekayqoownod.dll
c:\windows\system32\sojerire.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sumovena.dll
c:\windows\system32\superiorads-uninst.exe
c:\windows\system32\tajatiwe.dll
c:\windows\system32\takisifi.dll
c:\windows\system32\tedolopi.dll
c:\windows\system32\test.ttt
c:\windows\system32\tilosupi.dll
c:\windows\system32\tmp.reg
c:\windows\system32\toduyije.dll
c:\windows\system32\tugokubu.dll
c:\windows\system32\tumuwaku.dll
c:\windows\system32\udasusoy.ini
c:\windows\system32\uderoyah.ini
c:\windows\system32\uniq.tll
c:\windows\system32\urururir.ini
c:\windows\system32\utotohud.ini
c:\windows\system32\uvipisek.ini
c:\windows\system32\uvozelom.ini
c:\windows\system32\uyajibig.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vejorafa.dll
c:\windows\system32\vifozaye.dll
c:\windows\system32\vunozusu.dll
c:\windows\system32\vuvubuyo.dll
c:\windows\system32\warning.gif
c:\windows\system32\wasakale.dll
c:\windows\system32\weziroze.dll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\WS2Fix.exe
c:\windows\system32\yewuwazi.dll
c:\windows\system32\yifulose.dll
c:\windows\system32\yuweveyo.dll
c:\windows\system32\zabinose.dll
c:\windows\system32\zagomeri.dll
c:\windows\system32\zebilemo.dll
c:\windows\system32\zububofi.dll
c:\windows\winhelp.ini

----- BITS: Possible infected sites -----

hxxp://77.74.48.101
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA
-------\Legacy_IWINGAMESINSTALLER
-------\Legacy_PACKET
-------\Service_iWinGamesInstaller
-------\Service_Packet


((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-10 16:38 . 2009-01-10 16:51 <DIR> d-------- C:\SmitfraudFix
2009-01-10 16:38 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-10 16:31 . 2009-01-10 16:28 1,660,821 --a------ C:\SmitfraudFix.exe
2009-01-10 16:03 . 2009-01-10 16:03 73,216 --a------ c:\windows\system32\ffkuz.dll
2009-01-10 15:58 . 2009-01-10 15:58 <DIR> d-------- c:\program files\Trend Micro
2009-01-06 09:12 . 2009-01-06 09:12 24,576 --a------ c:\windows\system32\pcload.exe
2009-01-05 10:29 . 2009-01-05 10:29 0 --a------ c:\windows\system32\ekazonud.tmp
2009-01-04 13:25 . 2009-01-04 13:25 <DIR> d-------- c:\program files\QuickTime
2009-01-04 13:14 . 2009-01-04 13:14 <DIR> d-------- c:\program files\Safari
2009-01-02 17:39 . 2009-01-02 17:39 <DIR> d-------- c:\documents and settings\jay\Application Data\eGames
2009-01-02 17:39 . 2009-01-02 17:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\eGames
2009-01-01 21:30 . 2009-01-02 17:06 <DIR> d-------- c:\documents and settings\jay\Application Data\Spintop Ashtons Family Resort
2009-01-01 21:30 . 2009-01-01 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spintop Ashtons Family Resort
2009-01-01 19:55 . 2009-01-01 20:12 2,744 --a------ c:\documents and settings\jay\Application Data\mindhabits.dat
2008-12-31 13:51 . 2008-12-31 13:51 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzMzk1MTJ8_
2008-12-31 13:51 . 2008-12-31 13:55 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus
2008-12-31 11:54 . 2008-12-31 12:35 <DIR> d-------- c:\program files\Video Strip Poker Supreme
2008-12-29 17:26 . 2008-12-29 17:27 133,632 --a------ c:\windows\amaqazef.dll
2008-12-29 13:34 . 2008-12-29 13:34 60,416 --a------ c:\windows\inform.dat
2008-12-29 13:34 . 2008-12-29 13:34 39,424 --a------ c:\windows\Upimapakukakadi.dll
2008-12-29 13:34 . 2008-12-29 13:34 39,424 --a------ c:\windows\hel.exe
2008-12-25 15:38 . 2008-12-25 15:38 <DIR> d---s---- c:\documents and settings\sarah\UserData
2008-12-21 17:48 . 2008-12-21 17:48 <DIR> d-------- c:\documents and settings\jay\Application Data\McAfee
2008-12-21 16:13 . 2009-01-11 22:46 30,295 --a------ c:\windows\system32\Config.MPF
2008-12-21 16:12 . 2008-12-21 16:12 <DIR> d-------- c:\program files\SiteAdvisor
2008-12-21 16:07 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-12-21 16:07 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-12-21 16:07 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-12-21 16:06 . 2008-12-21 16:06 <DIR> d-------- c:\program files\McAfee.com
2008-12-21 16:06 . 2008-12-21 16:07 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-21 16:06 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-12-21 16:05 . 2009-01-08 10:54 <DIR> d-------- c:\program files\McAfee
2008-12-21 16:05 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-12-13 16:19 . 2008-12-13 16:19 <DIR> d-------- c:\program files\bfgclient
2008-12-13 16:18 . 2008-12-13 16:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-12-13 16:08 . 2008-12-13 16:08 <DIR> d-------- c:\program files\iWin Games
2008-12-13 16:08 . 2008-12-13 16:08 <DIR> d-------- c:\program files\Conduit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 22:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-01-10 15:50 --------- d-----w c:\documents and settings\jay\Application Data\WholeSecurity
2009-01-08 11:00 --------- d-----w c:\program files\RealArcade
2009-01-06 10:56 --------- d-----w c:\program files\LimeWire
2009-01-06 10:56 --------- d-----w c:\documents and settings\jay\Application Data\LimeWire
2009-01-06 10:55 --------- d-----w c:\program files\Incomplete
2009-01-02 18:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-01 19:54 --------- d-----w c:\program files\iWin.com
2008-12-29 20:35 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-29 11:47 --------- d-----w c:\documents and settings\sarah\Application Data\WholeSecurity
2008-12-22 16:02 --------- d-----w c:\program files\Corel
2008-12-22 15:57 --------- d-----w c:\program files\Yahoo!
2008-12-21 17:49 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-13 16:08 --------- d-----w c:\program files\iWin
2008-11-30 14:09 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-30 13:52 --------- d-----w c:\documents and settings\LocalService\Application Data\Yahoo!
2008-11-21 18:08 --------- d-----w c:\documents and settings\NetworkService\Application Data\SACore
2008-11-21 17:42 --------- d-----w c:\program files\DivX
2008-11-20 21:10 --------- d-----w c:\program files\Valusoft
2008-11-20 21:07 --------- d-----w c:\program files\Shockwave.com
2008-11-20 21:04 --------- d-----w c:\program files\Cinema Tycoon Gold
2008-11-18 19:05 --------- d-----w c:\program files\Common Files\SWF Studio
2008-11-17 18:37 --------- d-----w c:\documents and settings\jay\Application Data\FirstColony
2008-11-15 21:38 --------- d-----w c:\program files\Telltale Games
2008-11-14 18:23 --------- d-----w c:\documents and settings\jay\Application Data\GameHouse
2008-11-14 16:49 --------- d-----w c:\documents and settings\jay\Application Data\MysteryStudio
2008-11-12 22:33 --------- d-----w c:\documents and settings\jay\Application Data\Gamelab
2008-05-29 21:00 0 -c--a-w c:\program files\temp01
2006-08-26 17:38 774,144 -c--a-w c:\program files\RngInterstitial.dll
2006-08-18 10:58 278,528 -c--a-w c:\program files\Common Files\FDEUnInstaller.exe
2008-12-19 15:58 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 15:58 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 15:58 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 15:58 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 15:58 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-01-08 16:56 88 --sh--r c:\windows\system32\5F9C749BC2.sys
2008-09-28 14:21 16,384 -csha-w c:\windows\system32\dawenegi.dll
2008-09-28 14:21 79,872 -csha-w c:\windows\system32\jisagoyi.dll
2008-09-26 01:31 12,288 -csha-w c:\windows\system32\livopafa.dll
1601-01-01 00:12 19,456 --sha-w c:\windows\system32\niwezufa.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
2008-09-09 16:35 78848 --a------ c:\progra~1\IWINGA~1\IWINGA~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]
2008-08-20 23:03 1780248 --a------ c:\program files\iWin\tbiWin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-12 169984]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-12-24 188416]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= c:\windows\system32\i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm
"vidc.i263"= c:\windows\system32\i263_32.drv
"msacm.imc"= c:\windows\system32\imc32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\weziroze.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\jay\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\jay\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bvogugavopiwamik]
--a------ 2008-12-29 17:27 133632 c:\windows\amaqazef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 00:05 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 19:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
--a------ 2008-08-08 11:02 652528 c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-12-13 15:41 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-12-13 15:45 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-13 15:44 98304 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-05-01 09:28 602182 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-05-01 09:28 667718 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-07-11 16:48 641208 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 01:24 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-04 18:12 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 10:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Thefuxekuv]
--a------ 2008-12-29 13:34 39424 c:\windows\Upimapakukakadi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 09:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 15:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Dell\\QuickSet\\quickset.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"44073:TCP"= 44073:TCP:limewire

R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-01-12 13696]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-21 206096]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-01-12 13568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6825FAC3-D7D2-4045-97A2-87DF42CB6728}]
rundll32 vgf32.dll,InitO
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-12-21 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{63845B64-69B6-4b9a-9461-C59B2AFDC0A9} - vgf32.dll
BHO-{e9264dc3-27c2-48c2-987a-51f3799421bc} - c:\windows\system32\sojerire.dll
WebBrowser-{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
HKU-Default-Run-msiexec.exe - msiconf.exe
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\madipoha.dll
MSConfigStartUp-789ad4a4 - c:\windows\system32\gibijayu.dll
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-CPM7ba9e738 - c:\windows\system32\lulekosa.dll
MSConfigStartUp-duwupirita - c:\windows\system32\loyejosu.dll
MSConfigStartUp-Framework Windows - frmwrk32.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\TEMP\ntdll64.dll
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com

c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.2\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.3\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.4\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.5\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file://c:\program files\Ashton's Family Resort\Images\stg_drm.ocx

O16 -: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab
c:\windows\Downloaded Program Files\2020Player.inf

c:\windows\Downloaded Program Files\SearchEngineQuery.dll - O16 -: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400}
hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf

c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file://c:\program files\Jojo's Fashion Show\Images\armhelper.ocx
FF - ProfilePath - c:\documents and settings\jay\Application Data\Mozilla\Firefox\Profiles\bpj4s8m3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 22:48:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\windows\system32\dllhost.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-01-11 22:55:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-11 22:55:34

Pre-Run: 36,948,647,936 bytes free
Post-Run: 37,009,637,376 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

478 --- E O F --- 2008-12-21 22:37:52

Then I ran DDS again, here is the log and i have attached the other part:


DDS (Ver_09-01-07.01) - NTFSx86
Run by jay at 22:59:07.50 on 11/01/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.611 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\jay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\progra~1\iwinga~1\IWINGA~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Send To &Bluetooth - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\temp\ntdll64.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\weziroze.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jay\applic~1\mozilla\firefox\profiles\bpj4s8m3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-21 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-21 35240]
R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-1-12 13696]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-21 206096]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-21 358736]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-21 144704]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-1-12 13568]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-21 34152]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-21 40488]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-21 605512]

=============== Created Last 30 ================

2009-01-11 22:28 <DIR> a-dshr-- C:\cmdcons
2009-01-11 22:26 161,792 a------- c:\windows\SWREG.exe
2009-01-11 22:26 98,816 a------- c:\windows\sed.exe
2009-01-11 16:09 <DIR> --d----- c:\windows\pss
2009-01-10 16:38 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-10 16:38 <DIR> --d----- C:\SmitfraudFix
2009-01-10 16:31 1,660,821 a------- C:\SmitfraudFix.exe
2009-01-10 16:03 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-10 15:58 <DIR> --d----- c:\program files\Trend Micro
2009-01-06 09:12 24,576 a------- c:\windows\system32\pcload.exe
2009-01-05 10:29 0 a------- c:\windows\system32\ekazonud.tmp
2009-01-02 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\eGames
2009-01-02 17:39 <DIR> --d----- c:\docume~1\jay\applic~1\eGames
2009-01-01 21:30 <DIR> --d----- c:\docume~1\jay\applic~1\Spintop Ashtons Family Resort
2009-01-01 21:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spintop Ashtons Family Resort
2009-01-01 19:55 2,744 a------- c:\docume~1\jay\applic~1\mindhabits.dat
2008-12-31 11:54 <DIR> --d----- c:\program files\Video Strip Poker Supreme
2008-12-29 17:26 133,632 a------- c:\windows\amaqazef.dll
2008-12-29 13:34 39,424 a------- c:\windows\Upimapakukakadi.dll
2008-12-29 13:34 39,424 a------- c:\windows\hel.exe
2008-12-29 13:34 60,416 a------- c:\windows\inform.dat
2008-12-21 17:48 <DIR> --d----- c:\docume~1\jay\applic~1\McAfee
2008-12-21 16:13 30,295 a------- c:\windows\system32\Config.MPF
2008-12-21 16:12 <DIR> --d----- c:\program files\SiteAdvisor
2008-12-21 16:07 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2008-12-21 16:07 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2008-12-21 16:07 79,240 a------- c:\windows\system32\drivers\mfeavfk.sys
2008-12-21 16:06 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2008-12-21 16:06 <DIR> --d----- c:\program files\common files\McAfee
2008-12-21 16:06 <DIR> --d----- c:\program files\McAfee.com
2008-12-21 16:05 <DIR> --d----- c:\program files\McAfee
2008-12-21 16:05 34,152 a------- c:\windows\system32\drivers\mferkdk.sys
2008-12-13 16:19 <DIR> --d----- c:\program files\bfgclient
2008-12-13 16:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2008-12-13 16:08 <DIR> --d----- c:\program files\Conduit
2008-12-13 16:08 <DIR> --d----- c:\program files\iWin Games

==================== Find3M ====================

2008-12-13 23:30 6,580 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-12 17:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 11:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 01:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-16 01:00 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2008-10-16 01:00 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2008-10-16 01:00 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-05-29 21:00 0 ac------ c:\program files\temp01
2006-08-26 17:38 774,144 ac------ c:\program files\RngInterstitial.dll
2006-08-18 10:58 278,528 ac------ c:\program files\common files\FDEUnInstaller.exe
2007-01-08 16:56 88 ---shr-- c:\windows\system32\5F9C749BC2.sys
2008-09-28 14:21 16,384 ac-sh--- c:\windows\system32\dawenegi.dll
2008-09-28 14:21 79,872 ac-sh--- c:\windows\system32\jisagoyi.dll
2008-09-26 01:31 12,288 ac-sh--- c:\windows\system32\livopafa.dll
1601-01-01 00:12 19,456 a--sh--- c:\windows\system32\niwezufa.dll

============= FINISH: 22:59:37.42 ===============

Thanks for your continued help jpshortstuff

Sye

Attached Files



#6 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:39 AM

Posted 11 January 2009 - 06:35 PM

Hi :thumbsup:

LimeWire
You have LimeWire, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File::
c:\windows\system32\ffkuz.dll
c:\windows\system32\ekazonud.tmp
c:\windows\system32\pcload.exe
c:\windows\amaqazef.dll
c:\windows\inform.dat
c:\windows\Upimapakukakadi.dll
c:\windows\hel.exe
c:\program files\temp01
c:\windows\system32\5F9C749BC2.sys
c:\windows\system32\dawenegi.dll
c:\windows\system32\jisagoyi.dll
c:\windows\system32\livopafa.dll
c:\windows\system32\niwezufa.dll

Folder::
c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzMzk1MTJ8_
c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus

DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670}
TB: {4E7BD74F-2B8D-469E-A1FB-F862B587B57D}
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
LSP: c:\windows\temp\ntdll64.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bvogugavopiwamik]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Thefuxekuv]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new DDS log (just the first one please (post)).
Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 11.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop.
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windowsi586.exe to install the newest version.
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Also, please give a detailed description of how your computer is running and behaving at the moment, listing any remaining problems.

Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#7 syekidorp

syekidorp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 11 January 2009 - 10:15 PM

Hi jpshortstuff

Ok I've uninstalled Limewire

Applied CFScript.txt to ComboFix and produced this log:

ComboFix 09-01-10.03 - jay 2009-01-11 23:44:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.605 [GMT 0:00]
Running from: c:\documents and settings\jay\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jay\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\program files\temp01
c:\windows\amaqazef.dll
c:\windows\hel.exe
c:\windows\inform.dat
c:\windows\system32\5F9C749BC2.sys
c:\windows\system32\dawenegi.dll
c:\windows\system32\ekazonud.tmp
c:\windows\system32\ffkuz.dll
c:\windows\system32\jisagoyi.dll
c:\windows\system32\livopafa.dll
c:\windows\system32\niwezufa.dll
c:\windows\system32\pcload.exe
c:\windows\Upimapakukakadi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp01
c:\windows\amaqazef.dll
c:\windows\hel.exe
c:\windows\inform.dat
c:\windows\system32\5F9C749BC2.sys
c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus
c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus\Rapid Antivirus.ini
c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzMzk1MTJ8_
c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzMzk1MTJ8_\spl.ini
c:\windows\system32\dawenegi.dll
c:\windows\system32\ekazonud.tmp
c:\windows\system32\ffkuz.dll
c:\windows\system32\jisagoyi.dll
c:\windows\system32\livopafa.dll
c:\windows\system32\niwezufa.dll
c:\windows\system32\pcload.exe
c:\windows\Upimapakukakadi.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-10 16:38 . 2009-01-10 16:51 <DIR> d-------- C:\SmitfraudFix
2009-01-10 16:38 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-10 16:31 . 2009-01-10 16:28 1,660,821 --a------ C:\SmitfraudFix.exe
2009-01-10 15:58 . 2009-01-10 15:58 <DIR> d-------- c:\program files\Trend Micro
2009-01-04 13:25 . 2009-01-04 13:25 <DIR> d-------- c:\program files\QuickTime
2009-01-04 13:14 . 2009-01-04 13:14 <DIR> d-------- c:\program files\Safari
2009-01-02 17:39 . 2009-01-02 17:39 <DIR> d-------- c:\documents and settings\jay\Application Data\eGames
2009-01-02 17:39 . 2009-01-02 17:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\eGames
2009-01-01 21:30 . 2009-01-02 17:06 <DIR> d-------- c:\documents and settings\jay\Application Data\Spintop Ashtons Family Resort
2009-01-01 21:30 . 2009-01-01 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spintop Ashtons Family Resort
2009-01-01 19:55 . 2009-01-01 20:12 2,744 --a------ c:\documents and settings\jay\Application Data\mindhabits.dat
2008-12-31 11:54 . 2008-12-31 12:35 <DIR> d-------- c:\program files\Video Strip Poker Supreme
2008-12-25 15:38 . 2008-12-25 15:38 <DIR> d---s---- c:\documents and settings\sarah\UserData
2008-12-21 17:48 . 2008-12-21 17:48 <DIR> d-------- c:\documents and settings\jay\Application Data\McAfee
2008-12-21 16:13 . 2009-01-11 22:46 30,295 --a------ c:\windows\system32\Config.MPF
2008-12-21 16:12 . 2008-12-21 16:12 <DIR> d-------- c:\program files\SiteAdvisor
2008-12-21 16:07 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-12-21 16:07 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-12-21 16:07 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-12-21 16:06 . 2008-12-21 16:06 <DIR> d-------- c:\program files\McAfee.com
2008-12-21 16:06 . 2008-12-21 16:07 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-21 16:06 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-12-21 16:05 . 2009-01-08 10:54 <DIR> d-------- c:\program files\McAfee
2008-12-21 16:05 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-12-13 16:19 . 2008-12-13 16:19 <DIR> d-------- c:\program files\bfgclient
2008-12-13 16:18 . 2008-12-13 16:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-12-13 16:08 . 2008-12-13 16:08 <DIR> d-------- c:\program files\iWin Games
2008-12-13 16:08 . 2008-12-13 16:08 <DIR> d-------- c:\program files\Conduit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 23:42 --------- d-----w c:\program files\LimeWire
2009-01-11 22:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-01-10 15:50 --------- d-----w c:\documents and settings\jay\Application Data\WholeSecurity
2009-01-08 11:00 --------- d-----w c:\program files\RealArcade
2009-01-06 10:56 --------- d-----w c:\documents and settings\jay\Application Data\LimeWire
2009-01-06 10:55 --------- d-----w c:\program files\Incomplete
2009-01-02 18:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-01 19:54 --------- d-----w c:\program files\iWin.com
2008-12-29 20:35 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-29 11:47 --------- d-----w c:\documents and settings\sarah\Application Data\WholeSecurity
2008-12-22 16:02 --------- d-----w c:\program files\Corel
2008-12-22 15:57 --------- d-----w c:\program files\Yahoo!
2008-12-21 17:49 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-13 23:30 6,580 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-13 16:08 --------- d-----w c:\program files\iWin
2008-12-12 17:01 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-11-30 14:09 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-30 13:52 --------- d-----w c:\documents and settings\LocalService\Application Data\Yahoo!
2008-11-21 18:08 --------- d-----w c:\documents and settings\NetworkService\Application Data\SACore
2008-11-21 17:42 --------- d-----w c:\program files\DivX
2008-11-20 21:10 --------- d-----w c:\program files\Valusoft
2008-11-20 21:07 --------- d-----w c:\program files\Shockwave.com
2008-11-20 21:04 --------- d-----w c:\program files\Cinema Tycoon Gold
2008-11-18 19:05 --------- d-----w c:\program files\Common Files\SWF Studio
2008-11-17 18:37 --------- d-----w c:\documents and settings\jay\Application Data\FirstColony
2008-11-15 21:38 --------- d-----w c:\program files\Telltale Games
2008-11-14 18:23 --------- d-----w c:\documents and settings\jay\Application Data\GameHouse
2008-11-14 16:49 --------- d-----w c:\documents and settings\jay\Application Data\MysteryStudio
2008-11-12 22:33 --------- d-----w c:\documents and settings\jay\Application Data\Gamelab
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-16 01:00 666,112 ------w c:\windows\system32\dllcache\wininet.dll
2008-10-16 01:00 619,520 ------w c:\windows\system32\dllcache\urlmon.dll
2008-10-16 01:00 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll
2006-08-26 17:38 774,144 -c--a-w c:\program files\RngInterstitial.dll
2006-08-18 10:58 278,528 -c--a-w c:\program files\Common Files\FDEUnInstaller.exe
2008-12-19 15:58 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 15:58 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 15:58 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 15:58 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 15:58 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]
2008-08-20 23:03 1780248 --a------ c:\program files\iWin\tbiWin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-12 169984]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-12-24 188416]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= c:\windows\system32\i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm
"vidc.i263"= c:\windows\system32\i263_32.drv
"msacm.imc"= c:\windows\system32\imc32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\documents and settings\jay\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\jay\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 00:05 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 19:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
--a------ 2008-08-08 11:02 652528 c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-12-13 15:41 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-12-13 15:45 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-13 15:44 98304 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-05-01 09:28 602182 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-05-01 09:28 667718 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-07-11 16:48 641208 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 01:24 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-04 18:12 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 10:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 09:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 15:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Dell\\QuickSet\\quickset.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"44073:TCP"= 44073:TCP:limewire

R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-01-12 13696]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-21 206096]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-01-12 13568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6825FAC3-D7D2-4045-97A2-87DF42CB6728}]
rundll32 vgf32.dll,InitO
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-12-21 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com

c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.2\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.3\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.4\stg_drm.ocx
c:\windows\Downloaded Program Files\CONFLICT.5\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file://c:\program files\Ashton's Family Resort\Images\stg_drm.ocx

O16 -: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab
c:\windows\Downloaded Program Files\2020Player.inf

c:\windows\Downloaded Program Files\SearchEngineQuery.dll - O16 -: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400}
hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf

c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file://c:\program files\Jojo's Fashion Show\Images\armhelper.ocx
FF - ProfilePath - c:\documents and settings\jay\Application Data\Mozilla\Firefox\Profiles\bpj4s8m3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 23:47:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-11 23:50:31
ComboFix-quarantined-files.txt 2009-01-11 23:50:27
ComboFix2.txt 2009-01-11 22:55:41

Pre-Run: 37,008,257,024 bytes free
Post-Run: 36,987,047,936 bytes free

329 --- E O F --- 2008-12-21 22:37:52

The new DDS script looks like this:


DDS (Ver_09-01-07.01) - NTFSx86
Run by jay at 23:58:41.51 on 11/01/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.602 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\jay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Send To &Bluetooth - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jay\applic~1\mozilla\firefox\profiles\bpj4s8m3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-21 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-21 35240]
R4 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-1-12 13696]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-21 206096]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-21 358736]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-21 144704]
R4 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-1-12 13568]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-21 34152]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-21 40488]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-21 605512]

=============== Created Last 30 ================

2009-01-11 22:28 <DIR> a-dshr-- C:\cmdcons
2009-01-11 22:26 161,792 a------- c:\windows\SWREG.exe
2009-01-11 22:26 98,816 a------- c:\windows\sed.exe
2009-01-11 16:09 <DIR> --d----- c:\windows\pss
2009-01-10 16:38 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-10 16:38 <DIR> --d----- C:\SmitfraudFix
2009-01-10 16:31 1,660,821 a------- C:\SmitfraudFix.exe
2009-01-10 15:58 <DIR> --d----- c:\program files\Trend Micro
2009-01-02 17:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\eGames
2009-01-02 17:39 <DIR> --d----- c:\docume~1\jay\applic~1\eGames
2009-01-01 21:30 <DIR> --d----- c:\docume~1\jay\applic~1\Spintop Ashtons Family Resort
2009-01-01 21:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spintop Ashtons Family Resort
2009-01-01 19:55 2,744 a------- c:\docume~1\jay\applic~1\mindhabits.dat
2008-12-31 11:54 <DIR> --d----- c:\program files\Video Strip Poker Supreme
2008-12-21 17:48 <DIR> --d----- c:\docume~1\jay\applic~1\McAfee
2008-12-21 16:13 30,295 a------- c:\windows\system32\Config.MPF
2008-12-21 16:12 <DIR> --d----- c:\program files\SiteAdvisor
2008-12-21 16:07 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2008-12-21 16:07 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2008-12-21 16:07 79,240 a------- c:\windows\system32\drivers\mfeavfk.sys
2008-12-21 16:06 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2008-12-21 16:06 <DIR> --d----- c:\program files\common files\McAfee
2008-12-21 16:06 <DIR> --d----- c:\program files\McAfee.com
2008-12-21 16:05 <DIR> --d----- c:\program files\McAfee
2008-12-21 16:05 34,152 a------- c:\windows\system32\drivers\mferkdk.sys
2008-12-13 16:19 <DIR> --d----- c:\program files\bfgclient
2008-12-13 16:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2008-12-13 16:08 <DIR> --d----- c:\program files\Conduit
2008-12-13 16:08 <DIR> --d----- c:\program files\iWin Games

==================== Find3M ====================

2008-12-13 23:30 6,580 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-12 17:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 11:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 01:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-16 01:00 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2008-10-16 01:00 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2008-10-16 01:00 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2006-08-26 17:38 774,144 ac------ c:\program files\RngInterstitial.dll
2006-08-18 10:58 278,528 ac------ c:\program files\common files\FDEUnInstaller.exe

============= FINISH: 23:59:10.12 ===============


Installed the new Java runtime and ran Kaspersky. The Kaspersky scan log is below:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, January 12, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 11, 2009 23:55:27
Records in database: 1604898
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 115832
Threat name: 17
Infected objects: 28
Suspicious objects: 0
Duration of the scan: 02:28:36


File name / Threat name / Threats count
C:\Program Files\iWin Games\iWinGamesHookIE.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g 1
C:\Program Files\iWin.com\Fashion Star\GLWorker.exe Infected: Trojan-Spy.Win32.SCKeyLog.fk 1
C:\Program Files\Orange\OBar\orange3setup.exe Infected: not-a-virus:AdWare.Win32.BHO.ahy 1
C:\Program Files\Orange\setup\Orange_icons.EXE Infected: not-a-virus:AdWare.Win32.BHO.ahy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\beyugazo.dll.vir Infected: Trojan.Win32.Monder.aidi 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\duhototu.dll.vir Infected: Trojan.Win32.Monder.aidz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dunozake.dll.vir Infected: Trojan.Win32.Monder.aidz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ffkuz.dll.vir Infected: Trojan-Downloader.Win32.Murlo.vn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\frmwrk32.exe.vir Infected: Trojan-Downloader.Win32.Murlo.vn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jebosupe.dll.vir Infected: Trojan.Win32.Monder.alks 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jeyitizo.dll.vir Infected: Trojan.Win32.Monder.afwb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jilakije.dll.vir Infected: Trojan.Win32.Agent.bdez 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jizusubi.dll.vir Infected: Trojan.Win32.Monder.aidz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\joredoma.dll.vir Infected: Trojan-Spy.Win32.Agent.hgr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kigukaru.dll.vir Infected: Trojan.Win32.Monder.afvy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\liguzeju.dll.vir Infected: Trojan.Win32.Agent.bdez 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\molezovu.dll.vir Infected: Trojan.Win32.Monder.ajhs 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ntdll64.exe.vir Infected: Trojan.Win32.Agent.bfsd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pcload.exe.vir Infected: Trojan-Downloader.Win32.Murlo.vn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rirururu.dll.vir Infected: Trojan.Win32.Monder.alks 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekakglnvoxo.dll.vir Infected: Trojan.Win32.Small.brl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekayqoownod.dll.vir Infected: Trojan.Win32.Agent.aykk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\takisifi.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir Infected: Trojan.Win32.Agent.bfsd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vejorafa.dll.vir Infected: Backdoor.Win32.Agent.aalh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vifozaye.dll.vir Infected: Trojan.Win32.Monder.ajhs 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yewuwazi.dll.vir Infected: Trojan.Win32.Monder.aidz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yifulose.dll.vir Infected: Trojan.Win32.Monder.aidi 1

The selected area was scanned.


The browser seems to be working normally now but looks like I'm still infected.

#8 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:39 AM

Posted 12 January 2009 - 04:35 AM

Hi :thumbsup:

C:\Program Files\Orange\OBar\orange3setup.exe
C:\Program Files\Orange\setup\Orange_icons.EXE


If you do not recognize these, or do not use the Orange Toolbar, then I would go ahead and delete this folder:
C:\Program Files\Orange << FOLDER

iWin games is often found to bundled with Adware in some way. ComboFix already removed some iWin related components due to their adware properties. If you don't need iWin, or no longer want it in this light, then go ahead and uninstall it via Add/Remove Programs:
iWin Games (remove only)
iWin Toolbar


The rest of the stuff Kaspersky found was in Quarantined files that ComboFix has got as backups. They will be removed when we clean up.

Any other problems with the computer?

Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#9 syekidorp

syekidorp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 12 January 2009 - 05:58 AM

Hi again

As far as I can tell, things are back to normal.

Thankyou

How do I complete the cleanup?

#10 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:39 AM

Posted 12 January 2009 - 06:04 AM

Hi syekidorp

Log looks good :thumbsup:


Click Start >> Run, and then type ComboFix /u and hit enter.
You can now delete any other tools I had you download and use, unless you wish to keep them.


Make sure all McAfee components are re-enabled.


Now that your system appears to be clean, theres just a few steps I'd like you to take to prevent any future infections.
  • Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.

  • Use Mozilla Firefox or Opera as your internet browser.
    These are more secure than Internet Explorer and can be downloaded for free from here:
    Download Mozilla FireFox
    Download Opera
    Alternatively, update Internet Explorer to Version 7.

  • Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.

  • Some more programs that it would be useful to have [OPTIONAL but RECOMMENDED]:

    Download Spybot Search and Destroy 1.5 from here
    Check for Updates/ Immunize and run a Full System Scan on a regular basis.

    SpywareBlaster is another real-time scanner that prevents most spyware from even being installed.
    Freely available: Download SpywareBlaster

    Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.
Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place

Glad we could be of assistance.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Stay Clean!

jpshortstuff
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#11 syekidorp

syekidorp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 12 January 2009 - 06:23 AM

Hi jpshortstuff

I have followed your recommendations in the previous post and everything seems fine now, so the matter is resolved.

Thankyou very much for your time and effort. You did a great job.

Thanks again.

Sye

#12 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:39 AM

Posted 12 January 2009 - 06:41 AM

Hi Sye, glad I could help :thumbsup:

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users