Internet Explorer opens random windows itself - adverts

[devileye_uk]

Internet Explorer (8) has started randomly popping up new windows showing adverts. I was initially using IE7, and the pop ups were only showing as new tabs, but since I downloaded IE8 they are now popping up as new windows. It does it every few minutes and it doesn't appear to be when I'm on a particular website. I've ran McAfee virus scans daily but nothing is showing up. My laptop is only a couple of months old and I have no idea what's going on and if it's something I've done? Can anyone please help? Thanks!





DDS (Ver_09-03-16.01) - NTFSx86
Run by Mell at 20:34:59.17 on 10/04/2009
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3066.1871 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIAJE.EXE
C:\Users\Mell\AppData\Local\yaymmwm.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wallpapers from MSN\Wallpaper_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mell\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.yahoo.com/?fr=fp-yie8
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://uk.yahoo.com
mDefault_Page_URL = hxxp://uk.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EPSON Stylus Photo R340 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaje.exe /fu "c:\windows\temp\E_SF9B9.tmp" /EF "HKCU"
uRun: [yaymmwm] "c:\users\mell\appdata\local\yaymmwm.exe" yaymmwm
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [OA001Cfg.exe] OA001Cfg.exe
StartupFolder: c:\users\mell\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\mell\appdata\roaming\micros~1\windows\startm~1\programs\startup\wallpa~1.lnk - c:\users\mell\appdata\roaming\microsoft\installer\{fe5116bb-e6ec-4a90-a9be-0ea9694a387c}\_9E0F0F06357E3387336FE9.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-2-28 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-2-28 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-2-28 203264]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-2-28 3663360]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
S2 0208261239390400mcinstcleanup;McAfee Application Installer Cleanup (0208261239390400);c:\windows\temp\020826~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\020826~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-3-5 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2009-04-09 20:04 <DIR> --d----- c:\program files\common files\Scanner
2009-04-09 20:04 <DIR> --d----- c:\program files\CA Yahoo! Anti-Spy
2009-04-09 19:39 <DIR> --d----- c:\programdata\Yahoo! Companion
2009-03-15 12:24 49,152 a------- c:\windows\system32\E_DCINST.DLL
2009-03-15 12:24 76,800 a------- c:\windows\system32\E_FLBAJE.DLL
2009-03-15 12:24 62,976 a------- c:\windows\system32\E_FD4BAJE.DLL
2009-03-15 12:24 <DIR> --d----- c:\program files\EPSON
2009-03-15 12:24 <DIR> --d----- c:\programdata\EPSON
2009-03-15 12:24 <DIR> --d----- c:\progra~2\EPSON
2009-03-15 12:23 <DIR> --d----- c:\programdata\LogiShrd
2009-03-15 12:22 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-15 12:22 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-15 12:22 301,656 a------- c:\windows\system32\BtCoreIf.dll
2009-03-15 12:22 170,512 a------- c:\windows\system32\kemutb.dll
2009-03-15 12:22 145,936 a------- c:\windows\system32\KemUtil.dll
2009-03-15 12:22 117,264 a------- c:\windows\system32\KemWnd.dll
2009-03-15 12:22 84,496 a------- c:\windows\system32\KemXML.dll
2009-03-15 12:21 <DIR> --d----- c:\programdata\Logitech
2009-03-14 17:43 0 a------- c:\users\mell\appdata\roaming\wklnhst.dat
2009-03-12 20:41 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-12 20:41 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-12 20:41 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-12 20:41 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-12 20:40 268,288 a------- c:\windows\system32\schannel.dll
2009-03-12 20:40 2,033,152 a------- c:\windows\system32\win32k.sys

==================== Find3M ====================

2009-04-09 19:57 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-09 19:57 51,200 a------- c:\windows\inf\infpub.dat
2009-04-09 19:57 86,016 a------- c:\windows\inf\infstor.dat
2009-03-08 17:06 280,096 a------- c:\windows\system32\drivers\OA001Vid.sys
2009-03-08 12:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 12:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 12:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 12:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 12:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 12:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 12:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 12:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 12:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 12:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 12:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 12:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 12:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 12:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 12:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 12:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 12:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 12:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 21:40 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-06 07:30 133,632 a------- c:\windows\system32\drivers\OA001Ufd.sys
2009-02-28 21:42 665,600 a------- c:\windows\inf\drvindex.dat
2009-02-28 21:42 226,304 a------- c:\windows\system32\drivers\usbport.sys
2009-02-28 21:42 195,584 a------- c:\windows\system32\drivers\usbhub.sys
2009-02-28 21:42 73,216 a------- c:\windows\system32\drivers\usbccgp.sys
2009-02-28 21:42 39,936 a------- c:\windows\system32\drivers\usbehci.sys
2009-02-28 21:42 23,552 a------- c:\windows\system32\drivers\usbuhci.sys
2009-02-28 21:42 15,872 a------- c:\windows\system32\hcrstco.dll
2009-02-28 21:42 8,704 a------- c:\windows\system32\hccoin.dll
2009-02-28 21:42 5,888 a------- c:\windows\system32\drivers\usbd.sys
2009-02-28 21:41 26,112 a------- c:\windows\system32\hidserv.dll
2009-02-28 21:41 22,016 a------- c:\windows\system32\hid.dll
2009-02-28 21:40 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-02-28 21:40 468,992 a------- c:\windows\system32\newdev.dll
2009-02-28 21:40 74,752 a------- c:\windows\system32\newdev.exe
2009-02-28 21:38 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-02-28 21:38 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-02-28 21:38 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-02-28 21:38 45,056 a------- c:\windows\system32\dataclen.dll
2009-02-28 21:38 36,864 a------- c:\windows\system32\cdd.dll
2009-02-28 21:37 1,645,568 a------- c:\windows\system32\connect.dll
2009-02-28 21:37 296,960 a------- c:\windows\system32\gdi32.dll
2009-02-28 21:37 2,927,104 a------- c:\windows\explorer.exe
2009-02-28 21:35 738,304 a------- c:\windows\system32\inetcomm.dll
2009-02-28 21:35 269,312 a------- c:\windows\system32\es.dll
2009-02-28 21:32 2,048 a------- c:\windows\system32\tzres.dll
2009-02-28 21:31 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-02-28 21:29 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-02-28 21:28 885,248 a------- c:\windows\system32\RacEngn.dll
2009-02-28 21:27 1,314,816 a------- c:\windows\system32\quartz.dll
2009-02-28 21:26 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-02-28 21:26 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-02-28 21:26 347,648 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-02-28 21:25 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-02-28 21:25 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-02-28 21:25 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-02-28 21:23 443,392 a------- c:\windows\system32\win32spl.dll
2009-02-28 21:22 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-02-28 21:22 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-02-28 21:22 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-02-28 21:22 15,360 a------- c:\windows\system32\pacerprf.dll
2009-02-28 21:21 988,216 a------- c:\windows\system32\winload.exe
2009-02-28 21:21 927,288 a------- c:\windows\system32\winresume.exe
2009-02-28 21:21 615,992 a------- c:\windows\system32\ci.dll
2009-02-28 21:21 378,368 a------- c:\windows\system32\srcore.dll
2009-02-28 21:21 318,464 a------- c:\windows\system32\rstrui.exe
2009-02-28 21:21 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-02-28 21:21 40,960 a------- c:\windows\system32\srclient.dll
2009-02-28 21:21 19,000 a------- c:\windows\system32\kd1394.dll
2009-02-28 21:21 14,848 a------- c:\windows\system32\srdelayed.exe
2009-02-28 21:21 6,656 a------- c:\windows\system32\kbd106n.dll
2009-02-28 21:20 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-02-28 21:20 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-02-28 21:20 2,868,736 a------- c:\windows\system32\mf.dll
2009-02-28 21:20 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-02-28 21:20 94,720 a------- c:\windows\system32\logagent.exe
2009-02-28 21:19 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-02-28 21:19 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-02-28 21:19 1,695,744 a------- c:\windows\system32\gameux.dll
2009-02-28 21:19 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-02-28 21:19 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-02-28 21:19 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-02-28 21:19 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-02-28 21:19 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-02-28 21:19 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-02-28 21:17 408,064 a------- c:\windows\system32\msinfo32.exe
2009-02-28 21:17 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-02-28 21:17 246,840 a------- c:\windows\system32\clfs.sys
2009-02-28 21:17 266,808 a------- c:\windows\system32\drivers\acpi.sys
2009-02-28 21:17 223,288 a------- c:\windows\system32\drivers\netio.sys
2009-02-28 21:17 28,728 a------- c:\windows\system32\drivers\msahci.sys
2009-02-28 21:17 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-02-28 21:17 320,512 a------- c:\windows\system32\imapi2.dll
2009-02-28 21:17 3,600,136 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-28 21:17 3,547,912 a------- c:\windows\system32\ntoskrnl.exe
2009-02-28 21:17 177,208 a------- c:\windows\system32\halmacpi.dll
2009-02-28 21:17:09 A------- 141,880 c:\windows\system32\halacpi.dll

============= FINISH: 20:35:26.94 ===============

[tetonbob]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[devileye_uk]

I'm sorry, I think I must be doing something wrong

The combofix window just stays blank with a blinking cursor. I have disabled McAfee as per the instructions, and closed all my windows.

Have I missed something?

[tetonbob]

Hi -

Please close the ComboFix window if it's still open, restart your machine, and try once again.

[tetonbob]

Hello -

If still no joy...please delete your existing version of ComboFix, download a fresh copy, and go through the process once again. ComboFix is frequently updated.

[devileye_uk]

Hi,

2nd time lucky, thank you. Here's the report:


ComboFix 09-04-18.05 - Mell 18/04/2009 14:46.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3066.1889 [GMT 1:00]
Running from: c:\users\Mell\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Mell\AppData\Local\yaymmwm.dat
c:\users\Mell\AppData\Local\yaymmwm.exe
c:\users\Mell\AppData\Local\yaymmwm_nav.dat
c:\users\Mell\AppData\Local\yaymmwm_navps.dat
c:\users\Mell\AppData\Roaming\.#
c:\users\Mell\AppData\Roaming\.#\MBX@10E8@692908.###
c:\users\Mell\AppData\Roaming\.#\MBX@10E8@692938.###
c:\users\Mell\AppData\Roaming\.#\MBX@10E8@692968.###

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-17 21:07 . 2009-04-17 21:07 -------- d-----w C:\ComboFix2
2009-04-10 20:54 . 2009-04-10 20:54 -------- d-----w c:\users\All Users\Creative
2009-04-10 20:54 . 2009-04-10 20:54 -------- d-----w c:\programdata\Creative
2009-04-10 20:53 . 2009-04-10 20:53 -------- d-----w c:\users\Mell\AppData\Roaming\Creative
2009-04-09 18:39 . 2009-04-09 19:08 -------- d-----w c:\users\All Users\Yahoo! Companion
2009-04-09 18:39 . 2009-04-09 19:08 -------- d-----w c:\programdata\Yahoo! Companion
2009-04-04 15:50 . 2009-04-18 13:35 89 ----a-w c:\users\Mell\AppData\Local\yaymmwm.bat
2009-03-30 18:27 . 2009-03-30 18:27 -------- d-----w c:\users\Mell\AppData\Local\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 13:41 . 2009-02-28 12:56 -------- d-----w c:\programdata\Microsoft Help
2009-04-18 13:41 . 2009-02-28 12:12 -------- d-----w c:\program files\McAfee
2009-04-09 19:07 . 2009-04-09 19:04 -------- d-----w c:\program files\CA Yahoo! Anti-Spy
2009-04-09 19:04 . 2009-04-09 19:04 -------- d-----w c:\program files\Common Files\Scanner
2009-04-09 18:57 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-09 18:57 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-09 18:57 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-09 18:39 . 2009-03-05 21:00 -------- d-----w c:\program files\Yahoo!
2009-03-25 10:06 . 2009-02-28 12:13 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 10:06 . 2009-02-28 12:13 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 10:06 . 2009-02-28 12:13 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 10:06 . 2009-02-28 12:13 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 10:05 . 2009-02-28 12:13 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-15 11:25 . 2009-03-15 11:24 -------- d-----w c:\programdata\EPSON
2009-03-15 11:24 . 2009-03-15 11:24 -------- d-----w c:\program files\EPSON
2009-03-15 11:23 . 2009-03-15 11:23 -------- d-----w c:\users\Mell\AppData\Roaming\Logitech
2009-03-15 11:23 . 2009-03-15 11:23 -------- d-----w c:\programdata\LogiShrd
2009-03-15 11:22 . 2009-03-15 11:22 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-15 11:22 . 2009-03-15 11:22 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-15 11:22 . 2009-03-15 11:21 -------- d-----w c:\program files\Common Files\Logishrd
2009-03-15 11:21 . 2009-03-15 11:21 -------- d-----w c:\programdata\Logitech
2009-03-15 11:21 . 2009-02-28 12:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-15 11:21 . 2009-03-15 11:21 -------- d-----w c:\program files\Logitech
2009-03-14 16:43 . 2009-03-14 16:43 -------- d-----w c:\users\Mell\AppData\Roaming\Template
2009-03-14 16:43 . 2009-03-14 16:43 0 ----a-w c:\users\Mell\AppData\Roaming\wklnhst.dat
2009-03-13 06:30 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-09 19:47 . 2009-02-28 12:12 -------- d-----w c:\programdata\McAfee
2009-03-08 16:06 . 2009-03-08 16:06 280096 ----a-w c:\windows\system32\drivers\OA001Vid.sys
2009-03-08 11:34 . 2009-04-09 18:46 914944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 . 2009-04-09 18:46 43008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 . 2009-04-09 18:46 18944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 . 2009-04-09 18:46 109056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 . 2009-04-09 18:46 109568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-09 18:46 132608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-09 18:46 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-09 18:46 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-09 18:46 103936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-09 18:46 420352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:32 . 2009-04-09 18:46 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 . 2009-04-09 18:46 71680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 . 2009-04-09 18:46 66560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 . 2009-04-09 18:46 169472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 . 2009-04-09 18:46 34816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:31 . 2009-04-09 18:46 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 . 2009-04-09 18:46 45568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:22 . 2009-04-09 18:46 156160 ----a-w c:\windows\System32\msls31.dll
2009-03-06 20:40 . 2009-03-06 20:40 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-06 06:30 . 2009-03-06 06:30 133632 ----a-w c:\windows\system32\drivers\OA001Ufd.sys
2009-03-05 22:49 . 2009-03-05 22:49 -------- d-----w c:\program files\Common Files\SWF Studio
2009-03-05 22:49 . 2009-03-05 22:49 -------- d-----w c:\program files\Wallpapers from MSN
2009-03-05 22:49 . 2009-03-05 22:49 -------- d-----w c:\users\Mell\AppData\Roaming\Wallpapers from MSN
2009-03-05 21:34 . 2009-02-28 12:42 -------- d-----w c:\program files\Microsoft
2009-03-05 21:34 . 2009-02-28 12:41 -------- d-----w c:\program files\Windows Live
2009-03-05 21:05 . 2009-03-05 21:00 -------- d-----w c:\programdata\Yahoo!
2009-03-05 21:01 . 2009-03-05 21:01 -------- d-----w c:\users\Mell\AppData\Roaming\Yahoo!
2009-03-05 18:57 . 2009-02-28 12:48 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-05 14:11 . 2009-02-28 12:29 -------- d-----w c:\programdata\Dell
2009-03-05 14:05 . 2009-03-05 14:05 -------- d-----w c:\users\Mell\AppData\Roaming\ATI
2009-03-05 14:02 . 2009-03-05 14:02 -------- d-----w c:\users\Mell\AppData\Roaming\Dell
2009-03-05 14:02 . 2009-03-05 14:02 72528 ----a-w c:\users\Mell\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-05 13:58 . 2009-03-05 13:58 -------- d-sh--w c:\programdata\Templates
2009-03-05 13:58 . 2009-03-05 13:58 -------- d-sh--w c:\programdata\Start Menu
2009-03-05 13:58 . 2009-03-05 13:58 -------- d-sh--w c:\programdata\Favorites
2009-03-05 13:58 . 2009-03-05 13:58 -------- d-sh--w c:\programdata\Documents
2009-03-05 13:58 . 2009-03-05 13:58 -------- d-sh--w c:\programdata\Desktop
2009-03-05 13:58 . 2009-03-05 13:58 -------- d-sh--w c:\programdata\Application Data
2009-02-28 20:43 . 2009-02-28 20:43 4646 ---ha-r C:\dell.sdr
2009-02-28 20:43 . 2009-02-28 20:43 -------- d-----w c:\program files\DellTPad
2009-02-28 20:42 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-02-28 20:42 . 2009-02-28 20:42 8704 ----a-w c:\windows\System32\hccoin.dll
2009-02-28 20:42 . 2009-02-28 20:42 5888 ----a-w c:\windows\system32\drivers\usbd.sys
2009-02-28 20:42 . 2009-02-28 20:42 39936 ----a-w c:\windows\system32\drivers\usbehci.sys
2009-02-28 20:42 . 2009-02-28 20:42 23552 ----a-w c:\windows\system32\drivers\usbuhci.sys
2009-02-28 20:42 . 2009-02-28 20:42 226304 ----a-w c:\windows\system32\drivers\usbport.sys
2009-02-28 20:42 . 2009-02-28 20:42 195584 ----a-w c:\windows\system32\drivers\usbhub.sys
2009-02-28 20:42 . 2009-02-28 20:42 15872 ----a-w c:\windows\System32\hcrstco.dll
2009-02-28 20:42 . 2009-02-28 20:42 73216 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-02-28 20:41 . 2009-02-28 20:41 26112 ----a-w c:\windows\System32\hidserv.dll
2009-02-28 20:41 . 2009-02-28 20:41 22016 ----a-w c:\windows\System32\hid.dll
2009-02-28 20:40 . 2009-02-28 20:40 1191936 ----a-w c:\windows\System32\msxml3.dll
2009-02-28 20:40 . 2009-02-28 20:40 74752 ----a-w c:\windows\System32\newdev.exe
2009-02-28 20:40 . 2009-02-28 20:40 468992 ----a-w c:\windows\System32\newdev.dll
2009-02-28 20:38 . 2009-02-28 20:38 625152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
2009-02-28 20:38 . 2009-02-28 20:38 565248 ----a-w c:\windows\System32\emdmgmt.dll
2009-02-28 20:38 . 2009-02-28 20:38 45056 ----a-w c:\windows\System32\dataclen.dll
2009-02-28 20:38 . 2009-02-28 20:38 36864 ----a-w c:\windows\System32\cdd.dll
2009-02-28 20:38 . 2009-02-28 20:38 148480 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-02-28 20:37 . 2009-02-28 20:37 1645568 ----a-w c:\windows\System32\connect.dll
2009-02-28 20:37 . 2009-02-28 20:37 296960 ----a-w c:\windows\System32\gdi32.dll
2009-02-28 20:37 . 2009-02-28 20:37 2927104 ----a-w c:\windows\explorer.exe
2009-02-28 20:35 . 2009-02-28 20:35 738304 ----a-w c:\windows\System32\inetcomm.dll
2009-02-28 20:35 . 2009-02-28 20:35 269312 ----a-w c:\windows\System32\es.dll
2009-02-28 20:32 . 2009-02-28 20:32 2048 ----a-w c:\windows\System32\tzres.dll
2009-02-28 20:31 . 2009-02-28 20:31 361984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-02-28 20:29 . 2009-02-28 20:29 303616 ----a-w c:\windows\System32\wmpeffects.dll
2009-02-28 20:28 . 2009-02-28 20:28 885248 ----a-w c:\windows\System32\RacEngn.dll
2009-02-28 20:27 . 2009-02-28 20:27 1314816 ----a-w c:\windows\System32\quartz.dll
2009-02-28 20:26 . 2009-02-28 20:26 712704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-02-28 20:26 . 2009-02-28 20:26 425472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-02-28 20:26 . 2009-02-28 20:26 347648 ----a-w c:\windows\System32\WindowsCodecsExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"EPSON Stylus Photo R340 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE" [2006-12-26 177664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-22 483420]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

c:\users\Mell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Wallpapers from MSN.lnk - c:\users\Mell\AppData\Roaming\Microsoft\Installer\{FE5116BB-E6EC-4A90-A9BE-0EA9694A387C}\_9E0F0F06357E3387336FE9.exe [2009-3-5 134278]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-15 809488]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-28 12:25 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F3318006-31F5-4BB0-9D0B-D50BED6CF065}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{2294E76C-B22B-44D7-B94F-0A17CFC337FE}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{DC410FAE-A742-4EEC-83F8-BD389422EFD3}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{B71DF7ED-0C17-4836-8AE6-7F55DB39C99B}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{B6819D12-B5C6-4F1E-B3EF-83D8954A1CE7}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{BC50E5F6-4B17-423C-A9D7-EBCAA7F56F99}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{CEECA253-0431-4E21-9DA7-12FF74A42A4B}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{DB8988CC-B87F-4DFD-ABC4-A57FBF099C38}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31414FB7-8382-4E9E-99E7-80E81ACD8F88}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3A938AE-1733-41F1-8DC0-A645A37C8B01}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{4E120009-FE33-4D1F-8533-73279E8C3932}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{E04382B9-ADEC-484D-80EE-646C01A92E75}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6456D8D2-19B5-416E-B55B-E6D88E9CCBD4}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{324E2640-DC28-43A0-A56F-3A4CCAE3B4EC}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 0187681240062072mcinstcleanup;McAfee Application Installer Cleanup (0187681240062072); [x]
R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-22 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-02-28 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-09 10:53]

2009-02-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-09 10:53]

2009-04-17 c:\windows\Tasks\User_Feed_Synchronization-{6787326F-6DD9-4346-9163-C2D2510A7B8C}.job
- c:\windows\system32\msfeedssync.exe [2009-04-09 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-yaymmwm - c:\users\mell\appdata\local\yaymmwm.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://uk.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 14:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-18 14:51
ComboFix-quarantined-files.txt 2009-04-18 13:51

Pre-Run: 195,941,228,544 bytes free
Post-Run: 196,073,013,248 bytes free

233 --- E O F --- 2009-04-18 13:43

[tetonbob]

Hi, glad to hear it. I should think the random IE opening has ended now.


Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
2. Open notepad and copy/paste the text in the quotebox below into it:
   
   
   Code:

   http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/365382-internet-explorer-opens-random-windows-itself-adverts-post2088006.html#post2088006
   
   Collect::[28]
   c:\users\Mell\AppData\Local\yaymmwm.bat

   Save this as CFScript.txt
   
   
   
   
   Referring to the picture above, drag CFScript.txt into ComboFix.exe
   
   
   
3. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
4. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed.. With the above script, ComboFix will capture a file to submit for analysis.
   
   Ensure you are connected to the internet (this may take a minute or so, please wait) and only then click OK. Follow the prompts.
   
5. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------
   
   Your Java is out of date.
   
   Java(TM) 6 Update 11can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.
   
   
   ---------------------------------------------------------------------------------------------
   
   
   
6. Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner
   
   Vista users right click on the Internet Explorer shortcut, and choose Run As Administrator.
   
   **Note**
   
   To optimize scanning time and produce a more sensible report for review:
   • Close any open programs
   • Turn off the real time scanner of any existing antivirus program while performing the online scan.
   
   Click Accept, when prompted to download and install the program files and database of malware definitions.
   • Click Run at the Security prompt.
   • The program will then begin downloading and installing and will also update the database.
   • Please be patient as this can take several minutes.
   • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
   • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
   • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
   • Click View scan report at the bottom.
   • Click the Save Report As... button.
   • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
   
   ---------------------------------------------------------------------------------------------
   
   
   How is the machine behaving now, please?
   
   
   

[devileye_uk]

Thank you very much. It seems to have solved the problem. I've not had any windows popping up as yet.

Below are the log and report. Is there any I can do to ensure this doesn't happen again?

Thank you again!

ComboFix 09-04-18.05 - Mell 18/04/2009 15:52.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3066.1866 [GMT 1:00]
Running from: c:\users\Mell\Desktop\ComboFix.exe
Command switches used :: c:\users\Mell\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Mell\AppData\Local\yaymmwm.bat

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-17 21:07 . 2009-04-17 21:07 -------- d-----w C:\ComboFix2
2009-04-10 20:54 . 2009-04-10 20:54 -------- d-----w c:\users\All Users\Creative
2009-04-10 20:54 . 2009-04-10 20:54 -------- d-----w c:\programdata\Creative
2009-04-10 20:53 . 2009-04-10 20:53 -------- d-----w c:\users\Mell\AppData\Roaming\Creative
2009-04-09 18:39 . 2009-04-09 19:08 -------- d-----w c:\users\All Users\Yahoo! Companion
2009-04-09 18:39 . 2009-04-09 19:08 -------- d-----w c:\programdata\Yahoo! Companion
2009-03-30 18:27 . 2009-03-30 18:27 -------- d-----w c:\users\Mell\AppData\Local\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 13:41 . 2009-02-28 12:56 -------- d-----w c:\programdata\Microsoft Help
2009-04-18 13:41 . 2009-02-28 12:12 -------- d-----w c:\program files\McAfee
2009-04-09 19:07 . 2009-04-09 19:04 -------- d-----w c:\program files\CA Yahoo! Anti-Spy
2009-04-09 19:04 . 2009-04-09 19:04 -------- d-----w c:\program files\Common Files\Scanner
2009-04-09 18:57 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-09 18:57 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-09 18:57 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-09 18:39 . 2009-03-05 21:00 -------- d-----w c:\program files\Yahoo!
2009-03-25 10:06 . 2009-02-28 12:13 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 10:06 . 2009-02-28 12:13 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 10:06 . 2009-02-28 12:13 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 10:06 . 2009-02-28 12:13 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 10:05 . 2009-02-28 12:13 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-15 11:25 . 2009-03-15 11:24 -------- d-----w c:\programdata\EPSON
2009-03-15 11:24 . 2009-03-15 11:24 -------- d-----w c:\program files\EPSON
2009-03-15 11:23 . 2009-03-15 11:23 -------- d-----w c:\users\Mell\AppData\Roaming\Logitech
2009-03-15 11:23 . 2009-03-15 11:23 -------- d-----w c:\programdata\LogiShrd
2009-03-15 11:22 . 2009-03-15 11:22 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-03-15 11:22 . 2009-03-15 11:22 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-15 11:22 . 2009-03-15 11:21 -------- d-----w c:\program files\Common Files\Logishrd
2009-03-15 11:21 . 2009-03-15 11:21 -------- d-----w c:\programdata\Logitech
2009-03-15 11:21 . 2009-02-28 12:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-15 11:21 . 2009-03-15 11:21 -------- d-----w c:\program files\Logitech
2009-03-14 16:43 . 2009-03-14 16:43 -------- d-----w c:\users\Mell\AppData\Roaming\Template
2009-03-14 16:43 . 2009-03-14 16:43 0 ----a-w c:\users\Mell\AppData\Roaming\wklnhst.dat
2009-03-13 06:30 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-09 19:47 . 2009-02-28 12:12 -------- d-----w c:\programdata\McAfee
2009-03-08 16:06 . 2009-03-08 16:06 280096 ----a-w c:\windows\system32\drivers\OA001Vid.sys
2009-03-08 11:34 . 2009-04-09 18:46 914944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 . 2009-04-09 18:46 43008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 . 2009-04-09 18:46 18944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 . 2009-04-09 18:46 109056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 . 2009-04-09 18:46 109568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-09 18:46 132608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-09 18:46 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-09 18:46 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-09 18:46 103936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-09 18:46 420352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:32 . 2009-04-09 18:46 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 . 2009-04-09 18:46 71680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 . 2009-04-09 18:46 66560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 . 2009-04-09 18:46 169472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 . 2009-04-09 18:46 34816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:31 . 2009-04-09 18:46 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 . 2009-04-09 18:46 45568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:22 . 2009-04-09 18:46 156160 ----a-w c:\windows\System32\msls31.dll
2009-03-06 20:40 . 2009-03-06 20:40 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-06 06:30 . 2009-03-06 06:30 133632 ----a-w c:\windows\system32\drivers\OA001Ufd.sys
2009-03-05 22:49 . 2009-03-05 22:49 -------- d-----w c:\program files\Common Files\SWF Studio
2009-03-05 22:49 . 2009-03-05 22:49 -------- d-----w c:\program files\Wallpapers from MSN
2009-03-05 22:49 . 2009-03-05 22:49 -------- d-----w c:\users\Mell\AppData\Roaming\Wallpapers from MSN
2009-03-05 21:34 . 2009-02-28 12:42 -------- d-----w c:\program files\Microsoft
2009-03-05 21:34 . 2009-02-28 12:41 -------- d-----w c:\program files\Windows Live
2009-03-05 21:05 . 2009-03-05 21:00 -------- d-----w c:\programdata\Yahoo!
2009-03-05 21:01 . 2009-03-05 21:01 -------- d-----w c:\users\Mell\AppData\Roaming\Yahoo!
2009-03-05 18:57 . 2009-02-28 12:48 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-05 14:11 . 2009-02-28 12:29 -------- d-----w c:\programdata\Dell
2009-03-05 14:05 . 2009-03-05 14:05 -------- d-----w c:\users\Mell\AppData\Roaming\ATI
2009-03-05 14:02 . 2009-03-05 14:02 -------- d-----w c:\users\Mell\AppData\Roaming\Dell
2009-03-05 14:02 . 2009-03-05 14:02 72528 ----a-w c:\users\Mell\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-05 13:58 . 2009-03-05 13:58 -------- d-sh--w c:\programdata\Templates
2009-03-05 13:58 . 2009-03-05 13:58 -------- d-sh--w c:\programdata\Start Menu
2009-03-05 13:58 . 2009-03-05 13:58 -------- d-sh--w c:\programdata\Favorites
2009-03-05 13:58 . 2009-03-05 13:58 -------- d-sh--w c:\programdata\Documents
2009-03-05 13:58 . 2009-03-05 13:58 -------- d-sh--w c:\programdata\Desktop
2009-03-05 13:58 . 2009-03-05 13:58 -------- d-sh--w c:\programdata\Application Data
2009-02-28 20:43 . 2009-02-28 20:43 4646 ---ha-r C:\dell.sdr
2009-02-28 20:43 . 2009-02-28 20:43 -------- d-----w c:\program files\DellTPad
2009-02-28 20:42 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-02-28 20:42 . 2009-02-28 20:42 8704 ----a-w c:\windows\System32\hccoin.dll
2009-02-28 20:42 . 2009-02-28 20:42 5888 ----a-w c:\windows\system32\drivers\usbd.sys
2009-02-28 20:42 . 2009-02-28 20:42 39936 ----a-w c:\windows\system32\drivers\usbehci.sys
2009-02-28 20:42 . 2009-02-28 20:42 23552 ----a-w c:\windows\system32\drivers\usbuhci.sys
2009-02-28 20:42 . 2009-02-28 20:42 226304 ----a-w c:\windows\system32\drivers\usbport.sys
2009-02-28 20:42 . 2009-02-28 20:42 195584 ----a-w c:\windows\system32\drivers\usbhub.sys
2009-02-28 20:42 . 2009-02-28 20:42 15872 ----a-w c:\windows\System32\hcrstco.dll
2009-02-28 20:42 . 2009-02-28 20:42 73216 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-02-28 20:41 . 2009-02-28 20:41 26112 ----a-w c:\windows\System32\hidserv.dll
2009-02-28 20:41 . 2009-02-28 20:41 22016 ----a-w c:\windows\System32\hid.dll
2009-02-28 20:40 . 2009-02-28 20:40 1191936 ----a-w c:\windows\System32\msxml3.dll
2009-02-28 20:40 . 2009-02-28 20:40 74752 ----a-w c:\windows\System32\newdev.exe
2009-02-28 20:40 . 2009-02-28 20:40 468992 ----a-w c:\windows\System32\newdev.dll
2009-02-28 20:38 . 2009-02-28 20:38 625152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
2009-02-28 20:38 . 2009-02-28 20:38 565248 ----a-w c:\windows\System32\emdmgmt.dll
2009-02-28 20:38 . 2009-02-28 20:38 45056 ----a-w c:\windows\System32\dataclen.dll
2009-02-28 20:38 . 2009-02-28 20:38 36864 ----a-w c:\windows\System32\cdd.dll
2009-02-28 20:38 . 2009-02-28 20:38 148480 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-02-28 20:37 . 2009-02-28 20:37 1645568 ----a-w c:\windows\System32\connect.dll
2009-02-28 20:37 . 2009-02-28 20:37 296960 ----a-w c:\windows\System32\gdi32.dll
2009-02-28 20:37 . 2009-02-28 20:37 2927104 ----a-w c:\windows\explorer.exe
2009-02-28 20:35 . 2009-02-28 20:35 738304 ----a-w c:\windows\System32\inetcomm.dll
2009-02-28 20:35 . 2009-02-28 20:35 269312 ----a-w c:\windows\System32\es.dll
2009-02-28 20:32 . 2009-02-28 20:32 2048 ----a-w c:\windows\System32\tzres.dll
2009-02-28 20:31 . 2009-02-28 20:31 361984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-02-28 20:29 . 2009-02-28 20:29 303616 ----a-w c:\windows\System32\wmpeffects.dll
2009-02-28 20:28 . 2009-02-28 20:28 885248 ----a-w c:\windows\System32\RacEngn.dll
2009-02-28 20:27 . 2009-02-28 20:27 1314816 ----a-w c:\windows\System32\quartz.dll
2009-02-28 20:26 . 2009-02-28 20:26 712704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-02-28 20:26 . 2009-02-28 20:26 425472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-02-28 20:26 . 2009-02-28 20:26 347648 ----a-w c:\windows\System32\WindowsCodecsExt.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-18_13.50.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-03 15:16 . 2009-04-18 13:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-03 15:16 . 2009-04-18 13:50 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-03 15:16 . 2009-04-18 13:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-03 15:16 . 2009-04-18 13:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-02-03 15:16 . 2009-04-18 13:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-02-03 15:16 . 2009-04-18 13:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 12:47 . 2009-04-18 13:50 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-18 13:35 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-18 13:35 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-18 13:50 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-18 13:45 . 2009-04-18 14:52 6258688 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-04-18 13:45 . 2009-04-18 13:45 6258688 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"EPSON Stylus Photo R340 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE" [2006-12-26 177664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-22 483420]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

c:\users\Mell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
Wallpapers from MSN.lnk - c:\users\Mell\AppData\Roaming\Microsoft\Installer\{FE5116BB-E6EC-4A90-A9BE-0EA9694A387C}\_9E0F0F06357E3387336FE9.exe [2009-3-5 134278]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-15 809488]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-28 12:25 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F3318006-31F5-4BB0-9D0B-D50BED6CF065}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{2294E76C-B22B-44D7-B94F-0A17CFC337FE}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{DC410FAE-A742-4EEC-83F8-BD389422EFD3}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{B71DF7ED-0C17-4836-8AE6-7F55DB39C99B}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{B6819D12-B5C6-4F1E-B3EF-83D8954A1CE7}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{BC50E5F6-4B17-423C-A9D7-EBCAA7F56F99}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{CEECA253-0431-4E21-9DA7-12FF74A42A4B}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{DB8988CC-B87F-4DFD-ABC4-A57FBF099C38}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31414FB7-8382-4E9E-99E7-80E81ACD8F88}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3A938AE-1733-41F1-8DC0-A645A37C8B01}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{4E120009-FE33-4D1F-8533-73279E8C3932}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{E04382B9-ADEC-484D-80EE-646C01A92E75}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6456D8D2-19B5-416E-B55B-E6D88E9CCBD4}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{324E2640-DC28-43A0-A56F-3A4CCAE3B4EC}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 0187681240062072mcinstcleanup;McAfee Application Installer Cleanup (0187681240062072); [x]
R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-22 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-02-28 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-09 10:53]

2009-02-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-09 10:53]

2009-04-17 c:\windows\Tasks\User_Feed_Synchronization-{6787326F-6DD9-4346-9163-C2D2510A7B8C}.job
- c:\windows\system32\msfeedssync.exe [2009-04-09 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://uk.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 15:55
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Mell\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2009-04-18 15:57
ComboFix-quarantined-files.txt 2009-04-18 14:57
ComboFix2.txt 2009-04-18 13:51

Pre-Run: 195,457,556,480 bytes free
Post-Run: 195,428,143,104 bytes free

240 --- E O F --- 2009-04-18 13:43





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, April 18, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, April 18, 2009 19:03:47
Records in database: 2058857
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 121918
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:03:04

No malware has been detected. The scan area is clean.

The selected area was scanned.

[tetonbob]

The infection you had is known as NaviPromo rootkit. It's typically installed as part of these applications, and from the sites associated with them

GoRecord
Go-Astro
HotTVPlayer
Instant Access
InternetGameBox
Live-Player
MailSkinner
MessengerSkinner
SudoPlanet
WebMediaPlayer
FunkyEmoticons
Games-Attack
Original-Solitaire

Kaspersky log is clean, which means we're done here. Just some housekeeping...

The other items Kaspersky found are in ComboFix quarantine, and will be addressed by uninstalling ComboFix as instructed below

Other than that....

Your logs appear clean.You should be good to go. We still have a few items to address.

Press the Windows Key + R -> in the Run box -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
  
• McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.
  
• Winpatrol
  
  Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
  
  You can get a free copy of Winpatrol or use the Plus version for more features.
  
  You can read Winpatrol's FAQ if you run into problems.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    
  • Once updated you should see another prompt that the task was completed.
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
• Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
  
  
• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• How did I get infected in the first place?
• PC Safety and Security--What Do I Need?

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[devileye_uk]

Thank you very very much for all your help. I've done everything you've suggested. After years of being careful I thought I had it nailed, but clearly not as this one slipped through the net. I'll definitely read the suggested articles.

Thanks again!! Very much appreciated.

[tetonbob]

You're quite welcome, I'm glad to have helped.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.