Friends laptop is generally slow, and when surfing will get redirected to weird sites... also ive noticed when trying to update Trend Micro, it will not allow it to connect... nor will it allow it to connect to any site that could be helpful. Any help with this infested machine is greatly appreciated!
Also, running rootrepeal resulted in the program giving an error, i will post the error if desired.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 13:47:26.76 on Sat 01/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.893.110 [GMT -5:00]
AV: Trend Micro AntiVirus - Virus Protection *On-access scanning enabled* (Outdated) {9596F8E6-38C3-4C51-80B9-8C94D2E25B07}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Trend Micro AntiVirus - Spyware Protection *enabled* (Outdated) {7241C815-3D0F-4059-9AF4-BF225B1D78B9}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\sYSteM32\SvchOst.eXE -k fioo32
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PremierOpinion\pmservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\webserver\webserver.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\PremierOpinion\pmropn.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
E:\kris\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://home.ez-tracks.com/?fromOMB=1
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MRI_DISABLED - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\TOSCDSPD.exe"
uRun: [1145860967] "c:\program files\toshiba" registration\registration.exe /r "c:\program files\toshiba registration\Registration.rpd"
uRun: [95641731] "c:\program files\toshiba" registration\bootinfo.exe /r "c:\program files\toshiba registration\BootInfo.rpd"
uRun: [Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [StartCCC] "c:\program files\ati" technologies\ati.ace\core-static\CLIStart.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SVPWUTIL] "c:\program files\toshiba\utilities\SVPWUTIL.exe" SVPwUTIL
mRun: [TPwrMain] "c:\program files\toshiba\power saver\TPwrMain.EXE"
mRun: [HSON] "c:\program files\toshiba\tbs\HSON.exe"
mRun: [SmoothView] "c:\program files\toshiba\smoothview\SmoothView.exe"
mRun: [00TCrdMain] "c:\program files\toshiba\flashcards\TCrdMain.exe"
mRun: [KeNotify] "c:\program files\toshiba\utilities\KeNotify.exe"
mRun: [Trend Micro AntiVirus 2007] "c:\program files\trend micro\antivirus 2007\tavui.exe" -1 --delay 200
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Blubster] c:\program files\blubster\Blubster.exe SILENT
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sysldtray] c:\windows\ld16.exe
mRun: [Captcha7] rundll "c:\program files\captcha.dll",captcha
mRun: [sysfbtray] c:\windows\freddy82.exe
mRun: [pp] c:\windows\pp14.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\tmlsp.dll
Trusted Zone: reapplications.com
Trusted Zone: reapplications.com\MNKN
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {220D02A2-6F7F-4B02-B37C-0F9F61AFED33} - hxxp://mnkn.reapplications.com/ClientApps/iePrintTools.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {48F660FA-8B27-4815-947E-D6CD8C5BEC17} - hxxp://mnkn.reapplications.com/ClientApps/REAppsClientAuth.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
================= FIREFOX ===================
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\2crfj8pf.default\
FF - component: c:\program files\premieropinion\components\pmxg.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\PremierOpinion
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 fio32;fio32;c:\windows\system32\drivers\fio32.sys [2010-1-24 59264]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2006-9-27 36368]
=============== Created Last 30 ================
2010-01-30 17:18:28 44032 ---h--w- c:\windows\pp14.exe
2010-01-30 17:18:28 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2010-01-30 17:18:25 75264 ----a-w- c:\windows\rdr_1264871902.exe
2010-01-30 17:18:22 18432 --sh--r- c:\program files\captcha.dll
2010-01-30 17:18:20 61952 ----a-w- c:\windows\freddy82.exe
2010-01-30 16:31:29 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-30 14:52:03 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-30 14:51:07 0 d-----w- c:\programdata\Lavasoft
2010-01-30 14:51:07 0 d-----w- c:\program files\Lavasoft
2010-01-28 19:51:00 0 d-----w- c:\users\owner\appdata\roaming\AVG8
2010-01-25 05:29:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-25 05:14:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-25 05:14:04 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-25 05:14:04 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-25 04:53:45 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-01-25 04:53:44 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-01-25 04:53:42 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-01-25 04:53:42 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-01-25 04:53:42 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-01-25 04:53:42 11264 ----a-w- c:\windows\system32\icardres.dll
2010-01-25 04:53:38 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-01-25 04:53:23 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-01-25 02:47:41 59264 ----a-w- c:\windows\system32\drivers\fio32.sys
2010-01-25 02:47:41 50688 ----a-w- c:\windows\system32\fio32.dll
2010-01-25 02:47:38 0 d-----w- c:\program files\webserver
2010-01-25 02:47:27 1 ---h--w- c:\windows\bk23567.dat
2010-01-25 02:47:23 2 ----a-w- c:\windows\010112010146114101.xxe
2010-01-25 02:47:15 2 ----a-w- c:\windows\01011201014650115.xxe
2010-01-25 02:46:58 57344 ----a-w- c:\windows\ld16.exe
2010-01-19 07:28:09 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-18 05:05:00 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-18 05:05:00 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-18 05:02:50 0 d-----w- c:\program files\iPod
2010-01-18 05:02:29 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-18 05:02:28 0 d-----w- c:\program files\iTunes
2010-01-18 04:57:55 0 d-----w- c:\program files\Bonjour
2010-01-18 04:55:27 0 d-----w- c:\programdata\Apple Computer
2010-01-18 04:48:56 0 d-----w- c:\programdata\Apple
==================== Find3M ====================
2010-01-25 08:29:14 174 --sha-w- c:\program files\desktop.ini
2010-01-18 04:53:13 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-01-18 04:53:13 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-18 04:53:13 51200 ----a-w- c:\windows\inf\infpub.dat
2008-06-12 14:27:39 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 13:54:41.96 ===============
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6000
Internet Explorer 8.0.6001.18702
1/30/2010 3:59:01 PM
mbam-log-2010-01-30 (15-58-33).txt
Scan type: Full Scan (C:\|)
Objects scanned: 301255
Time elapsed: 1 hour(s), 41 minute(s), 26 second(s)
Memory Processes Infected: 3
Memory Modules Infected: 6
Registry Keys Infected: 15
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 27
Memory Processes Infected:
C:\Program Files\PremierOpinion\pmropn.exe (Trojan.Agent) -> No action taken.
C:\Program Files\PremierOpinion\pmservice.exe (Trojan.Agent) -> No action taken.
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> No action taken.
Memory Modules Infected:
C:\Program Files\PremierOpinion\msvcp71.dll (Trojan.Agent) -> No action taken.
C:\Program Files\PremierOpinion\msvcr71.dll (Trojan.Agent) -> No action taken.
C:\Program Files\PremierOpinion\pmls.dll (Trojan.Agent) -> No action taken.
C:\Program Files\PremierOpinion\components\pmxg.dll (Trojan.Agent) -> No action taken.
c:\Windows\System32\fio32.dll (Worm.KoobFace) -> No action taken.
C:\Program Files\captcha.dll (Spyware.OnlineGames) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286} (Adware.PremierOpinion) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fioo32 (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fio32 (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FIO32 (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webserver (Worm.KoobFace) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SfX (Rootkit.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Trojan.Buzus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\fioo32 (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\captcha7 (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> No action taken.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
Folders Infected:
C:\Program Files\premieropinion (Trojan.Agent) -> No action taken.
C:\Program Files\premieropinion\components (Trojan.Agent) -> No action taken.
Files Infected:
C:\Windows\ld16.exe (Trojan.Buzus) -> No action taken.
C:\Users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OUDVBZVP\setup[1].exe (Trojan.Buzus) -> No action taken.
C:\Windows\System32\drivers\fio32.sys (Worm.Koobface) -> No action taken.
C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-2338054880-2711504773-926285554-1000\$R5JZHGU.exe (Trojan.Buzus) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-2338054880-2711504773-926285554-1000\$RCU481S.exe (Trojan.Buzus) -> No action taken.
C:\Program Files\premieropinion\install.rdf (Trojan.Agent) -> No action taken.
C:\Program Files\premieropinion\msvcp71.dll (Trojan.Agent) -> No action taken.
C:\Program Files\premieropinion\msvcr71.dll (Trojan.Agent) -> No action taken.
C:\Program Files\premieropinion\pmls.dll (Trojan.Agent) -> No action taken.
C:\Program Files\premieropinion\pmls64.dll (Trojan.Agent) -> No action taken.
C:\Program Files\premieropinion\pmoci.bin (Trojan.Agent) -> No action taken.
C:\Program Files\premieropinion\pmph.dll (Trojan.Agent) -> No action taken.
C:\Program Files\premieropinion\pmropn.exe (Trojan.Agent) -> No action taken.
C:\Program Files\premieropinion\pmropn64.exe (Trojan.Agent) -> No action taken.
C:\Program Files\premieropinion\pmservice.exe (Trojan.Agent) -> No action taken.
C:\Program Files\premieropinion\pmxf.dll (Trojan.Agent) -> No action taken.
C:\Program Files\premieropinion\components\pmxg.dll (Trojan.Agent) -> No action taken.
C:\Windows\010112010146114101.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\01011201014650115.xxe (KoobFace.Trace) -> No action taken.
C:\Windows\bk23567.dat (KoobFace.Trace) -> No action taken.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken.
C:\Windows\System32\fio32.dll (Worm.KoobFace) -> No action taken.
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> No action taken.
C:\Program Files\captcha.dll (Spyware.OnlineGames) -> No action taken.
C:\Windows\freddy82.exe (Worm.KoobFace) -> No action taken.
C:\Windows\pp14.exe (Worm.KoobFace) -> No action taken.