kapre2000

Hello, So every time i open internet explorer, 2 iexplore.exe show up in task manager. Also, only certain websites work when i try to go to them. No pattern as to what websites work and which ones dont. I have done plenty of virus & malware scans, and dont ever seem to find anything. I have included the logs from the "First Steps". please let me know what else i can do
Thanx in advance.


DDS (Ver_09-10-13.01) - NTFSx86
Run by HP_Owner at 1:46:41.81 on Sun 10/25/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.203 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Documents and Settings\HP_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJxdm128WLUS&ptb=QCNlFvFC7SMItTeWM5VxPQ
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoWinKeys = 01000000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
DPF: Microsoft XML Parser for Java
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Burger%20Rush/Images/stg_drm.ocx
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5CF36EBD-BE14-0DF8-1595-79B46A0903A2} - hxxp://85.255.113.214/1/gdnUS2338.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {61C381EF-A9E5-783C-7BE8-460C758B5B49} - hxxp://85.255.113.214/1/gdnUS2338.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Coffee%20Rush/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by13fd.bay13.hotmail.msn.com/activex/HMAtchmt.ocx
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-9-6 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-6 27632]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\Aspi32.sys [2006-5-1 16512]
S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10920.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10920.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2008-9-19 29184]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-8-8 23096]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-9-6 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-9-6 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-9-6 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-9-6 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-9-6 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-9-6 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-9-6 115752]
S4 tgsrvc_chatsupport.palm.com;SupportSoft Repair Service (chatsupport.palm.com);c:\program files\chatsupport.palm.com\bin\tgsrvc.exe [2008-5-21 148768]

=============== Created Last 30 ================

2009-10-24 11:59 <DIR> --d----- c:\program files\Encore
2009-10-24 11:44 <DIR> --d----- c:\windows\BBSTORE
2009-10-16 19:58 49,352 a---h--- c:\windows\system32\mlfcache.dat
2009-10-14 19:44 <DIR> --d----- c:\program files\Nick Arcade
2009-09-29 11:58 <DIR> --d----- c:\docume~1\hp_owner\applic~1\DiskAid
2009-09-28 19:27 <DIR> --d----- c:\program files\Uniblue
2009-09-26 21:33 <DIR> --d----- c:\program files\iPod
2009-09-26 21:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-09-16 10:22 214,664 a------- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 10:22 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 10:22 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 10:22 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 10:22 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-06 00:15 148,736 a------- c:\docume~1\alluse~1\applic~1\hpe12D.dll
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-30 14:47 64,760 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-29 04:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-16 03:23 64,760 a------- c:\docume~1\hp_owner\applic~1\GDIPFONTCACHEV1.DAT
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 10:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-23 14:22 18,547 a------- c:\docume~1\hp_owner\applic~1\ekim.dll
2009-07-23 14:22 16,057 a------- c:\program files\common files\saqa.pif
2009-07-23 14:22 10,425 a------- c:\program files\common files\awula.exe
2009-07-23 14:16 18,496 a------- c:\program files\common files\zoxibez.ban
2009-07-23 14:16 15,863 a------- c:\program files\common files\akejel.lib
2009-07-23 14:16 10,632 a------- c:\docume~1\hp_owner\applic~1\lucaqubyz.bat
2005-09-03 18:30 336,896 a------- c:\documents and settings\hp_owner\remote.exe
2005-02-23 20:11 0 a------- c:\docume~1\hp_owner\applic~1\wklnhst.dat
2004-07-04 11:01 774,144 a------- c:\program files\RngInterstitial.dll
2009-02-17 15:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021720090218\index.dat

============= FINISH: 1:47:43.92 ===============

Attached Files

Attach.zip (4.4 KB, 6 views)

Carolyn

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. The logs that you will be posting can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.



Please download Malwarebytes' Anti-Malware and save it to a convenient location.

1. Double click on mbam-setup.exe to install it.
2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
   • Update Malwarebytes' Anti-Malware
     Launch Malwarebytes' Anti-Malware
3. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
4. Select the Scanner tab. Click on Perform full scan, then click on Scan.
5. Leave the default options as it is and click on Start Scan.
6. When done, you will be prompted. Click OK, then click on Show Results.
7. Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
8. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Next,
Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

Please post the following:

• The Malwarebytes' log
• The OTL.txt logfile
• The Extra.txt logfile

kapre2000

hello Carolyn,
so I did the malwarebytes and included the log. However, when i try to download "OTL" it tries to download a Trojan, and Mcafee blocks it. and it doesnt allow me to download it. Should it download a trojan? Or did you mean to download OTM by old timer. Let me know what you would like me to do.

Thank you again for your reply.

Malwarebytes' Anti-Malware 1.41
Database version: 3061
Windows 5.1.2600 Service Pack 3

10/30/2009 4:14:46 PM
mbam-log-2009-10-30 (16-14-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 260060
Time elapsed: 1 hour(s), 29 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PrivacyCenter (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP1158\A1729431.DLL (Adware.MyWebSearch) -> Not selected for removal.
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP1158\A1729433.DLL (Adware.MyWebSearch) -> Not selected for removal.
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP1158\A1729437.DLL (Adware.MyWebSearch) -> Not selected for removal.
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP1158\A1729442.DLL (Adware.MyWebSearch) -> Not selected for removal.
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP1158\A1729443.EXE (Adware.MyWebSearch) -> Not selected for removal.
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP1158\A1729445.DLL (Adware.MyWebSearch) -> Not selected for removal.
C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP1158\A1729468.DLL (Adware.MyWebSearch) -> Not selected for removal.

Carolyn

Hi,

You mentioned that you have two iexplore.exe processes in task manager. That is actually normal for Internet Explorer 8.

Regarding OTL being blocked, that was a false positive from McAfee. Many of our tools will be flagged as malware when scanned by antivirus programs because of the way the tools work. I assure you that anything I ask you to download is perfectly safe.

Let's do something else.

I will need you to disable McAfee before you run ComboFix.

How to disable McAfee:

• Please open McAfee Security Centre
• Under Common Tasks click on Home
• Click Computer Files
• Click Configure
• Make sure the following are disabled by ticking the "Off" button.

  Virus protection
  Spyware protection
  System Guards Protection
  Script Scanning Protection (you may have to scroll down to see it)

• Next, select never for "When to re-enable real time scanning"
• and click OK.

Further info on disabling and re-enabling McAfee: http://help.aol.com/help/microsites/...ernalID=222820

====================

Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

kapre2000

Ok, combofix was completed & the log is included. let me know what else you may need me to do
Thanks again

ComboFix 09-10-28.08 - HP_Owner 10/30/2009 17:20.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.233 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\yquxuni.reg
c:\documents and settings\HP_Owner\Application Data\bovotavi.inf
c:\documents and settings\HP_Owner\Application Data\lucaqubyz.bat
c:\documents and settings\HP_Owner\Cookies\esejej.scr
c:\documents and settings\HP_Owner\Cookies\nemil.bin
c:\documents and settings\HP_Owner\Cookies\nutita.vbs
c:\documents and settings\HP_Owner\Cookies\ugicehiqa._sy
c:\documents and settings\HP_Owner\Cookies\uquwaxeril.pif
c:\documents and settings\HP_Owner\Cookies\ytala.bat
c:\windows\egibugupy.vbs
c:\windows\ijomewul.inf
c:\windows\system32\heqylyni.reg
c:\windows\system32\ps2.bat

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-30 21:28 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-30 21:28 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-30 17:20 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 17:20 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 17:20 . 2009-10-30 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 15:59 . 2009-10-24 15:59 -------- d-----w- c:\program files\Encore
2009-10-24 15:44 . 2009-10-24 15:44 -------- d-----w- c:\windows\BBSTORE
2009-10-19 23:05 . 2009-10-19 23:05 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\InstallShield
2009-10-16 23:58 . 2009-10-16 23:58 49352 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-14 23:44 . 2009-10-17 17:41 -------- d-----w- c:\program files\Nick Arcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 16:57 . 2009-08-08 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SeekService
2009-10-30 16:57 . 2009-08-08 21:23 -------- d-----w- c:\program files\SeekService
2009-10-26 19:40 . 2007-04-14 03:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-24 15:44 . 2009-08-06 21:42 -------- d-----w- c:\program files\The Learning Company
2009-10-22 03:18 . 2009-02-06 19:27 -------- d-----w- c:\program files\McAfee
2009-10-21 23:20 . 2004-10-22 21:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-19 23:43 . 2006-07-14 03:32 -------- d-----w- c:\program files\Winace
2009-10-19 23:09 . 2009-09-28 23:27 -------- d-----w- c:\program files\Uniblue
2009-10-19 23:09 . 2009-07-26 18:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2009-10-19 23:08 . 2009-07-26 18:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-19 23:06 . 2009-07-17 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-19 23:06 . 2009-04-10 06:15 -------- d-----w- c:\program files\Norton Security Scan
2009-10-19 23:05 . 2008-05-31 05:02 -------- d-----w- c:\program files\LimeWire
2009-10-18 20:32 . 2008-05-31 05:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-10-12 18:12 . 2008-07-29 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-10-12 18:11 . 2008-07-29 02:32 -------- d-----w- c:\program files\Kodak
2009-10-12 18:04 . 2009-04-07 16:49 -------- d-----w- c:\program files\FinePixViewer
2009-10-12 18:03 . 2004-10-22 01:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 18:03 . 2009-04-07 16:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\FUJIFILM
2009-10-12 18:02 . 2009-09-06 03:00 -------- d-----w- c:\program files\Sony
2009-10-12 17:58 . 2009-09-29 15:58 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\DiskAid
2009-09-28 23:28 . 2007-02-03 01:30 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Uniblue
2009-09-27 01:43 . 2005-02-17 19:00 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-09-27 01:36 . 2009-09-27 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-27 01:36 . 2008-12-14 21:34 -------- d-----w- c:\program files\iTunes
2009-09-27 01:33 . 2009-09-27 01:33 -------- d-----w- c:\program files\iPod
2009-09-27 01:33 . 2008-12-12 08:10 -------- d-----w- c:\program files\Common Files\Apple
2009-09-27 01:30 . 2008-12-14 21:32 -------- d-----w- c:\program files\QuickTime
2009-09-27 00:42 . 2007-12-18 23:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SpinTop
2009-09-20 16:15 . 2009-02-06 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-16 14:22 . 2009-02-06 19:29 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2009-02-06 19:29 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2009-02-06 19:29 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2009-02-06 19:29 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2009-02-06 19:29 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2004-11-03 18:50 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 01:19 . 2005-04-01 01:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-06 04:18 . 2009-09-06 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-09-06 04:15 . 2009-09-06 04:15 148736 ----a-w- c:\documents and settings\All Users\Application Data\hpe12D.dll
2009-09-06 04:14 . 2009-09-06 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-09-06 04:14 . 2009-09-06 03:00 -------- d-----w- c:\program files\Sony Ericsson
2009-09-06 03:31 . 2009-09-06 02:52 -------- d-----w- c:\program files\Sony Setup
2009-09-06 03:04 . 2009-09-06 03:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Sony
2009-09-06 03:04 . 2009-09-06 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-09-06 03:01 . 2009-09-06 03:01 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-09-04 21:03 . 2004-11-03 18:50 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 18:47 . 2005-03-13 00:45 64760 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-29 08:08 . 2004-11-03 18:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 23:42 . 2009-06-28 19:17 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2008-12-14 21:31 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:00 . 2004-11-03 18:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2004-11-03 18:52 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-11-03 18:52 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-03-10 12:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-11-03 18:52 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-11-03 19:19 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-11-03 18:52 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-11-03 18:52 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-11-03 18:50 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-11-03 18:50 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 05:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-23 18:22 . 2009-07-23 18:22 16057 ----a-w- c:\program files\Common Files\saqa.pif
2009-07-23 18:22 . 2009-07-23 18:22 10425 ----a-w- c:\program files\Common Files\awula.exe
2009-07-23 18:16 . 2009-07-23 18:16 18496 ----a-w- c:\program files\Common Files\zoxibez.ban
2009-07-23 18:16 . 2009-07-23 18:16 15863 ----a-w- c:\program files\Common Files\akejel.lib
2004-07-04 15:01 . 2004-07-04 15:01 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-07-14 03:54 . 2006-07-14 03:28 7369 --sha-w- c:\windows\system32\prutv.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-06-23 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 01000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=c:\windows\pss\palmOne Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSync
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"MyWebSearchService"=2 (0x2)
"tgsrvc_chatsupport.palm.com"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"SupportSoft RemoteAssist"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24218:TCP"= 24218:TCP:BitComet 24218 TCP
"24218:UDP"= 24218:UDP:BitComet 24218 UDP
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [9/6/2009 12:16 AM 27632]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [9/6/2009 12:14 AM 90112]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\Aspi32.sys [5/1/2006 12:58 AM 16512]
S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [9/19/2008 9:19 PM 29184]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [8/8/2009 5:17 PM 23096]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [9/6/2009 12:15 AM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [9/6/2009 12:15 AM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [9/6/2009 12:15 AM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [9/6/2009 12:15 AM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [9/6/2009 12:15 AM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [9/6/2009 12:15 AM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [9/6/2009 12:15 AM 115752]
S4 tgsrvc_chatsupport.palm.com;SupportSoft Repair Service (chatsupport.palm.com);c:\program files\chatsupport.palm.com\bin\tgsrvc.exe [5/21/2008 5:24 AM 148768]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-06 16:22]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-06 16:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJxdm128WLUS&ptb=QCNlFvFC7SMItTeWM5VxPQ
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
DPF: Microsoft XML Parser for Java
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {5CF36EBD-BE14-0DF8-1595-79B46A0903A2} - hxxp://85.255.113.214/1/gdnUS2338.exe
DPF: {61C381EF-A9E5-783C-7BE8-460C758B5B49} - hxxp://85.255.113.214/1/gdnUS2338.exe
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Flatland Rover - c:\windows\unvise32.exe
AddRemove-SeekService - c:\program files\SeekService\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 17:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2512980764-1007700398-1834500804-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-10-30 17:33
ComboFix-quarantined-files.txt 2009-10-30 21:32
ComboFix2.txt 2009-07-26 20:49

Pre-Run: 99,471,384,576 bytes free
Post-Run: 99,535,040,512 bytes free

- - End Of File - - 730E11BB02D924CB9A7624925E301FC8

Carolyn

Hello again,

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Kazaa

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/...D-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.

I would recommend that you uninstall Kazaa, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Note:
If you have malware cleaned from your system by one of our Hjt Team/Malware Hunters and then later return with more infections....and these P2P programs are still installed, you maybe refused help.

================

Upload file for scanning
I'd like you to check a file for malware.

• Go to VirusTotal or Jotti's

• Copy/Paste the first file on the list into the white Upload a file box.
• Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
• After a while, a window will open, with details of what the scans found.
• Save the complete results in a Notepad/Word document on your desktop.

================

Run a custom CFScript

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

================

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

================

Please post the following in your next reply:

• The VirusTotal results
• The ComboFix log
• The Kaspersky log
• A description of how your computer is behaving

Carolyn

It has been a couple of days, are you still in need of assistance?

Carolyn

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help