Malware removal

DOCDAIZY · 06-24-2009, 11:32 PM

I have been told that I have a localhost 7171 that may be on my PC. I have been trying to access my itunes for the past week and all of a sudden I can no longer connect. Any advise or help is greatly appreciated

DDS (Ver_09-05-14.01) - NTFSx86
Run by HP_Administrator at 22:09:24.45 on Wed 06/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.110 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\DISC\DISCover.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
svchost.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MioNet\MioNetManager.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Flock\flock\flock.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm082MEUS&fl=0&ptb=zAzr3Y9P6UrPAr6YsXRXlA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = hxxp://www.yahoo.com
uDefault_Page_URL = hxxp://www.yahoo.com
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: My &Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "c:\documents and settings\hp_administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPwuSchd2.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\antivirus\pccguide.exe"
mRun: [PCClient.exe] "c:\program files\trend micro\antivirus\PCClient.exe"
mRun: [TM Outbreak Agent] "c:\program files\trend micro\antivirus\TMOAgent.exe" /run
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [YOP] "c:\progra~1\yahoo!\yop\yop.exe" /autostart
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [DISCover] "c:\program files\disc\DISCover.exe" nogui
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=0
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [2wSysTray] "c:\program files\2wire\2PortalMon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WD Drive Manager] "c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe"
mRun: [WD Anywhere Backup] "c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe" --silent
mRun: [MioNet] "c:\program files\mionet\MioNetLauncher.exe" /p
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Picasa Media Detector] "c:\program files\picasa2\PicasaMediaDetector.exe"
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2008-11-7 25824]
R2 MioNet;MioNet;c:\program files\mionet\MioNetManager.exe [2008-9-17 139264]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2004-3-5 190480]
R2 Tmntsrv;Trend NT Realtime Service;c:\program files\trend micro\antivirus\Tmntsrv.exe [2004-2-17 241737]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2004-3-5 31248]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\antivirus\tmproxy.exe [2004-2-17 204873]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2006-1-22 3376704]

=============== Created Last 30 ================

2009-06-24 17:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MemeoCommon
2009-06-24 17:38 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\MioNet
2009-06-24 17:37 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\WD
2009-06-24 17:28 2,560 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-06-24 17:28 2,432 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-24 17:27 <DIR> --d----- c:\program files\Picasa2
2009-06-24 17:18 <DIR> --d----- c:\program files\MioNet
2009-06-24 17:17 <DIR> --d----- c:\program files\common files\eSellerate
2009-06-24 17:17 <DIR> --d----- c:\program files\WD
2009-06-24 17:01 <DIR> --d----- c:\program files\Western Digital
2009-06-17 22:11 <DIR> --d----- c:\program files\iPod
2009-06-17 22:11 <DIR> --d----- c:\program files\iTunes
2009-06-11 03:13 197 a------- c:\windows\system32\MRT.INI
2009-06-10 17:42 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-06-02 08:35 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-06-02 08:35 <DIR> --d----- c:\windows\system32\sysloc
2009-06-02 08:34 1 ----h--- c:\windows\msmark2.dat
2009-06-02 08:34 2 ----h--- c:\windows\sonce122739.dat
2009-06-02 08:34 2 ----h--- c:\windows\sonce122714.dat
2009-06-02 08:34 1 ----h--- c:\windows\f23567.dat
2009-06-02 08:34 15,360 ----h--- c:\windows\ld08.exe
2009-05-28 10:25 21,504 a------- c:\windows\system32\hidserv.dll
2009-05-28 10:25 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2009-05-28 10:24 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-05-28 10:24 14,592 a------- c:\windows\system32\dllcache\kbdhid.sys
2009-05-28 10:24 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-28 10:24 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 21:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 21:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 21:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 21:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-28 21:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-28 21:56 44,544 -------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 21:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 21:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 21:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 02:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 02:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-24 22:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-24 22:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2007-10-09 09:50 144 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2008-09-27 12:34 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 22:10:02.21 ===============

CatByte · 06-25-2009, 05:57 AM

Please do the following:

Download ComboFix from one of these locations:
Link 1
Link 2
Link 3

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Double click on ComboFix.exe & follow the prompts.
Open notepad and copy/paste the text in the quotebox below into it:

Quote:

DDS::
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

Do not mouse-click Combofix's window while it is running. That may cause it to stall.

Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

DOCDAIZY · 06-25-2009, 10:29 AM

Thank you for your help!! So far so good I can get on itunes again!!! Thank you Thank you!!

ComboFix 09-06-24.05 - HP_Administrator 06/25/2009 8:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.257 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\windows\system32\sysloc
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0002553A
c:\program files\MyWebSearch\bar\Cache\00050F69.bin
c:\program files\MyWebSearch\bar\Cache\0006FF42
c:\program files\MyWebSearch\bar\Cache\00D100D2.bin
c:\program files\MyWebSearch\bar\Cache\00D18DEF.bin
c:\program files\MyWebSearch\bar\Cache\00D22A7D.bin
c:\program files\MyWebSearch\bar\Cache\00D2929D.bin
c:\program files\MyWebSearch\bar\Cache\066526A8
c:\program files\MyWebSearch\bar\Cache\0E3F8590.bin
c:\program files\MyWebSearch\bar\Cache\0E3FE2B4.bin
c:\program files\MyWebSearch\bar\Cache\0E400B89.bin
c:\program files\MyWebSearch\bar\Cache\0E402143.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\9g2234wesdf3dfgjf23
c:\windows\f23567.dat
c:\windows\kb913800.exe
c:\windows\ld08.exe
c:\windows\msmark2.dat
c:\windows\patch.exe
c:\windows\sonce122714.dat
c:\windows\sonce122739.dat
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\sysloc\sysloc.dll
D:\Autorun.inf
D:\Desktop.ini
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 00:47 . 2009-06-25 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MemeoCommon
2009-06-25 00:38 . 2009-06-25 15:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MioNet
2009-06-25 00:37 . 2009-06-25 00:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WD
2009-06-25 00:28 . 2006-10-05 02:42 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-25 00:28 . 2006-10-05 02:42 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-25 00:27 . 2009-06-25 00:27 -------- d-----w- c:\program files\Picasa2
2009-06-25 00:20 . 2009-06-25 00:20 2238 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\NewShortcut4_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\STOP_MIONET_SM_SHO_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\START_MIONET_DESKT_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\START_MIONET_SM_SH_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\ARPPRODUCTICON.exe
2009-06-25 00:19 . 2009-06-25 00:19 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\MioNet
2009-06-25 00:18 . 2009-06-25 00:42 -------- d-----w- c:\program files\MioNet
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\temp
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\Common Files\eSellerate
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\WD
2009-06-25 00:01 . 2009-06-25 00:01 -------- d-----w- c:\program files\Western Digital
2009-06-18 15:41 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\setup.exe
2009-06-18 15:41 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\install.exe
2009-06-18 15:41 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-06-18 05:11 . 2009-06-18 05:11 -------- d-----w- c:\program files\iPod
2009-06-18 05:11 . 2009-06-18 05:12 -------- d-----w- c:\program files\iTunes
2009-06-18 05:04 . 2009-06-18 05:05 -------- d-----w- c:\program files\QuickTime
2009-06-11 00:42 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-06-08 18:03 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\setup2.exe
2009-06-08 18:03 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\install2.exe
2009-06-08 18:02 . 2009-06-08 18:02 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\magicJack
2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-28 17:25 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-05-28 17:25 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-05-28 17:24 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-05-28 17:24 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-05-28 17:24 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-28 17:24 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-28 17:24 . 2009-05-28 17:24 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\tjnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 15:31 . 2005-11-11 01:02 -------- d-----w- c:\program files\Symantec
2009-06-25 00:38 . 2005-11-11 00:30 87448 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 00:24 . 2005-11-11 00:59 -------- d-----w- c:\program files\Google
2009-06-23 17:24 . 2008-04-16 16:03 -------- d-----w- c:\program files\Flock
2009-06-18 15:42 . 2009-05-18 18:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp
2009-06-18 05:11 . 2007-07-14 20:10 -------- d-----w- c:\program files\Common Files\Apple
2009-06-18 04:54 . 2007-07-14 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-05 18:42 . 2009-03-26 05:21 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-03-26 05:21 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-01 00:32 . 2007-09-21 20:58 -------- d-----w- c:\program files\Bodog Poker
2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 22:44 . 2007-07-14 20:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-04-29 17:36 . 2009-04-29 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 04:56 . 2004-08-10 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 20:26 . 2005-11-11 00:05 -------- d-----w- c:\program files\Java
2009-04-26 20:23 . 2009-04-26 20:23 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-25 04:20 . 2009-04-25 04:20 390664 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-17 12:26 . 2004-08-10 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJack.dll
2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackLoader.exe
2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\octvqe1_apiw.dll
2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjVista.dll
2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjIpSys.dll
2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\SJHandsetTigerJet.dll
2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\mjsetup.exe
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJack.dll
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.dll
2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\install.exe
2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\mjsetup.exe
2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJack.dll
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe
2009-06-25 00:25 . 2009-06-25 00:25 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04 . 2008-06-29 01:30 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-06-29 01:30 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-06-29 01:30 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-06-29 01:30 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-06-29 01:30 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 68856]
"cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"pccguide.exe"="c:\program files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 950337]
"PCClient.exe"="c:\program files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 634949]
"TM Outbreak Agent"="c:\program files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 290816]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-29 185896]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [2004-09-15 393216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856]
"MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2008-09-18 32768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-25 1838592]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-01-26 4865600]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MioNet\\MioNetManager.exe"=
"c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [11/7/2008 12:20 PM 25824]
R2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [9/17/2008 2:52 PM 139264]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [3/5/2004 12:53 PM 190480]
R2 Tmntsrv;Trend NT Realtime Service;c:\program files\Trend Micro\Antivirus\Tmntsrv.exe [2/17/2004 3:57 PM 241737]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/5/2004 12:53 PM 31248]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe [2/17/2004 3:58 PM 204873]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]

--- Other Services/Drivers In Memory ---

*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2006-03-21 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2009-06-25 c:\windows\Tasks\WebReg psc 2350 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 15:21]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
HKLM-Run-PCDrProfiler - (no file)
Notify-WgaLogon - (no file)
SafeBoot-svcWRSSSDK

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm082MEUS&fl=0&ptb=zAzr3Y9P6UrPAr6YsXRXlA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uStart Page = hxxp://www.yahoo.com
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 08:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(6840)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\ehmsas.exe
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
c:\hp\KBD\kbd.exe
c:\windows\ALCXMNTR.EXE
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2009-06-25 9:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 16:01

Pre-Run: 155,952,533,504 bytes free
Post-Run: 159,414,235,136 bytes free

370 --- E O F --- 2009-06-11 10:15

CatByte · 06-25-2009, 10:39 AM

Hi,

Please do the following:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:

DDS::
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm082MEUS&fl=0&ptb=zAzr3Y9P6UrPAr6YsXRXlA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

DOCDAIZY · 06-25-2009, 11:24 AM

I followed your directions and here is the log:

ComboFix 09-06-24.05 - HP_Administrator 06/25/2009 9:56.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.120 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript.txt
.

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 16:00 . 2009-06-25 16:00 -------- d-----w- c:\windows\system32\dllcache\cache
2009-06-25 00:47 . 2009-06-25 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MemeoCommon
2009-06-25 00:38 . 2009-06-25 15:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MioNet
2009-06-25 00:37 . 2009-06-25 00:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WD
2009-06-25 00:28 . 2006-10-05 02:42 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-25 00:28 . 2006-10-05 02:42 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-25 00:27 . 2009-06-25 00:27 -------- d-----w- c:\program files\Picasa2
2009-06-25 00:20 . 2009-06-25 00:20 2238 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\NewShortcut4_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\STOP_MIONET_SM_SHO_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\START_MIONET_DESKT_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\START_MIONET_SM_SH_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\ARPPRODUCTICON.exe
2009-06-25 00:19 . 2009-06-25 00:19 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\MioNet
2009-06-25 00:18 . 2009-06-25 16:13 -------- d-----w- c:\program files\MioNet
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\temp
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\Common Files\eSellerate
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\WD
2009-06-25 00:01 . 2009-06-25 00:01 -------- d-----w- c:\program files\Western Digital
2009-06-18 15:41 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\setup.exe
2009-06-18 15:41 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\install.exe
2009-06-18 15:41 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-06-18 05:11 . 2009-06-18 05:11 -------- d-----w- c:\program files\iPod
2009-06-18 05:11 . 2009-06-18 05:12 -------- d-----w- c:\program files\iTunes
2009-06-18 05:04 . 2009-06-18 05:05 -------- d-----w- c:\program files\QuickTime
2009-06-11 00:42 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-06-08 18:03 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\setup2.exe
2009-06-08 18:03 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\install2.exe
2009-06-08 18:02 . 2009-06-08 18:02 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\magicJack
2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-28 17:25 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-05-28 17:25 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-05-28 17:24 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-05-28 17:24 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-05-28 17:24 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-28 17:24 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-28 17:24 . 2009-05-28 17:24 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\tjnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 15:31 . 2005-11-11 01:02 -------- d-----w- c:\program files\Symantec
2009-06-25 00:38 . 2005-11-11 00:30 87448 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 00:24 . 2005-11-11 00:59 -------- d-----w- c:\program files\Google
2009-06-23 17:24 . 2008-04-16 16:03 -------- d-----w- c:\program files\Flock
2009-06-18 15:42 . 2009-05-18 18:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp
2009-06-18 05:11 . 2007-07-14 20:10 -------- d-----w- c:\program files\Common Files\Apple
2009-06-18 04:54 . 2007-07-14 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-05 18:42 . 2009-03-26 05:21 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-03-26 05:21 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-01 00:32 . 2007-09-21 20:58 -------- d-----w- c:\program files\Bodog Poker
2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 22:44 . 2007-07-14 20:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-04-29 17:36 . 2009-04-29 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 04:56 . 2004-08-10 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 20:26 . 2005-11-11 00:05 -------- d-----w- c:\program files\Java
2009-04-26 20:23 . 2009-04-26 20:23 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-25 04:20 . 2009-04-25 04:20 390664 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-17 12:26 . 2004-08-10 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJack.dll
2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackLoader.exe
2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\octvqe1_apiw.dll
2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjVista.dll
2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjIpSys.dll
2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\SJHandsetTigerJet.dll
2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\mjsetup.exe
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJack.dll
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.dll
2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\install.exe
2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\mjsetup.exe
2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJack.dll
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe
2009-06-25 00:25 . 2009-06-25 00:25 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04 . 2008-06-29 01:30 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-06-29 01:30 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-06-29 01:30 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-06-29 01:30 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-06-29 01:30 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-25_15.56.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-25 16:19 . 2009-06-25 16:19 16384 c:\windows\Temp\Perflib_Perfdata_90c.dat
+ 2009-06-25 16:00 . 2008-10-16 22:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-25 16:00 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-25 16:00 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-25 16:00 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-25 16:00 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-25 16:00 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-25 16:00 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-25 16:00 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-25 16:00 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-25 16:00 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-25 16:00 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-25 16:00 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-25 16:00 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-25 16:00 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-25 16:00 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-25 16:00 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-25 16:00 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-25 16:00 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-25 16:00 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-25 16:00 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-25 16:00 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-25 16:00 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-25 16:00 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-25 16:00 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 68856]
"cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"pccguide.exe"="c:\program files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 950337]
"PCClient.exe"="c:\program files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 634949]
"TM Outbreak Agent"="c:\program files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 290816]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-29 185896]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [2004-09-15 393216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856]
"MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2008-09-18 32768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-25 1838592]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-01-26 4865600]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MioNet\\MioNetManager.exe"=
"c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [11/7/2008 12:20 PM 25824]
R2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [9/17/2008 2:52 PM 139264]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [3/5/2004 12:53 PM 190480]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/5/2004 12:53 PM 31248]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe [2/17/2004 3:58 PM 204873]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]
S2 Tmntsrv;Trend NT Realtime Service;c:\program files\Trend Micro\Antivirus\Tmntsrv.exe [2/17/2004 3:57 PM 241737]

--- Other Services/Drivers In Memory ---

*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2006-03-21 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2009-06-25 c:\windows\Tasks\WebReg psc 2350 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 15:21]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm082MEUS&fl=0&ptb=zAzr3Y9P6UrPAr6YsXRXlA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 10:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\sqlite_voTVWtIkbdI76Cq 0 bytes
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(12908)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-25 10:12
ComboFix-quarantined-files.txt 2009-06-25 17:12
ComboFix2.txt 2009-06-25 16:02

Pre-Run: 159,142,035,456 bytes free
Post-Run: 159,098,556,416 bytes free

258 --- E O F --- 2009-06-11 10:15

CatByte · 06-25-2009, 11:54 AM

Hi,

Please do the following;

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so.

NEXT

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner:
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

You can refer to this animation by sundavis.

DOCDAIZY · 06-25-2009, 04:23 PM

Here are the two new reports. What do I do with everything that I've downloaded or saved?

Malwarebytes' Anti-Malware 1.38
Database version: 2335
Windows 5.1.2600 Service Pack 3

6/25/2009 11:19:35 AM
mbam-log-2009-06-25 (11-19-35).txt

Scan type: Quick Scan
Objects scanned: 97452
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 97
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, June 25, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, June 25, 2009 20:19:53
Records in database: 2389318
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 144010
Threat name: 16
Infected objects: 62
Suspicious objects: 0
Duration of the scan: 03:03:47

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.l 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.af 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aq 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:Monitor.Win32.Agent.c 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ba 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1
C:\Qoobox\Quarantine\C\WINDOWS\ld08.exe.vir Infected: Net-Worm.Win32.Koobface.np 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sysloc\sysloc.dll.vir Infected: Trojan.Win32.BHO.tli 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056069.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056070.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056072.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056073.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056074.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.l 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056075.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.af 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056076.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056077.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056078.SCR Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056079.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056080.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056081.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056082.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056083.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aq 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056084.DLL Infected: not-a-virus:Monitor.Win32.Agent.c 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056086.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056087.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056089.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056091.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056092.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056095.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056096.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056097.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ba 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056098.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056099.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056100.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056101.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056103.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056106.scr Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056107.dll Infected: Trojan.Win32.BHO.tli 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056111.exe Infected: Net-Worm.Win32.Koobface.np 1

The selected area was scanned.

CatByte · 06-25-2009, 04:52 PM

Hi,

Quote:

What do I do with everything that I've downloaded or saved?

Don't worry, we will clean up all the tools once the machine is completely clean.

Please do the following:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and AppletsTrace and Log Files
- Click OK on Delete Temporary Files Window
  
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

NEXT

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Post a fresh DDS log and describe how your computer is running now and any issues that may be outstanding.

thank-you

DOCDAIZY · 06-25-2009, 06:09 PM

Thanks again for all your help. Do I need to delete any old versions of Adobe too?

ComboFix 09-06-25.01 - HP_Administrator 06/25/2009 16:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.315 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 18:15 . 2009-06-25 18:15 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-06-25 18:15 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 18:15 . 2009-06-25 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 18:15 . 2009-06-25 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 18:15 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 16:00 . 2009-06-25 16:00 -------- d-----w- c:\windows\system32\dllcache\cache
2009-06-25 00:47 . 2009-06-25 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MemeoCommon
2009-06-25 00:38 . 2009-06-25 15:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MioNet
2009-06-25 00:37 . 2009-06-25 00:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WD
2009-06-25 00:28 . 2006-10-05 02:42 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-25 00:28 . 2006-10-05 02:42 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-25 00:27 . 2009-06-25 00:27 -------- d-----w- c:\program files\Picasa2
2009-06-25 00:20 . 2009-06-25 00:20 2238 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\NewShortcut4_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\STOP_MIONET_SM_SHO_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\START_MIONET_DESKT_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\START_MIONET_SM_SH_53AF3638DDB44755B3DC259981689DB7.exe
2009-06-25 00:20 . 2009-06-25 00:20 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\ARPPRODUCTICON.exe
2009-06-25 00:19 . 2009-06-25 00:19 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\MioNet
2009-06-25 00:18 . 2009-06-26 00:03 -------- d-----w- c:\program files\MioNet
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\temp
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\Common Files\eSellerate
2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\WD
2009-06-25 00:01 . 2009-06-25 00:01 -------- d-----w- c:\program files\Western Digital
2009-06-18 15:41 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\setup.exe
2009-06-18 15:41 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\install.exe
2009-06-18 15:41 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-06-18 05:11 . 2009-06-18 05:11 -------- d-----w- c:\program files\iPod
2009-06-18 05:11 . 2009-06-18 05:12 -------- d-----w- c:\program files\iTunes
2009-06-18 05:04 . 2009-06-18 05:05 -------- d-----w- c:\program files\QuickTime
2009-06-11 00:42 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-06-08 18:03 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\setup2.exe
2009-06-08 18:03 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\install2.exe
2009-06-08 18:02 . 2009-06-08 18:02 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\magicJack
2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-28 17:25 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-05-28 17:25 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2009-05-28 17:24 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-05-28 17:24 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-05-28 17:24 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-05-28 17:24 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-05-28 17:24 . 2009-05-28 17:24 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\tjnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 23:55 . 2005-11-11 00:39 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 23:46 . 2008-12-04 11:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-25 23:40 . 2005-11-11 00:05 -------- d-----w- c:\program files\Java
2009-06-25 15:31 . 2005-11-11 01:02 -------- d-----w- c:\program files\Symantec
2009-06-25 00:38 . 2005-11-11 00:30 87448 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 00:24 . 2005-11-11 00:59 -------- d-----w- c:\program files\Google
2009-06-23 17:24 . 2008-04-16 16:03 -------- d-----w- c:\program files\Flock
2009-06-18 15:42 . 2009-05-18 18:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp
2009-06-18 05:11 . 2007-07-14 20:10 -------- d-----w- c:\program files\Common Files\Apple
2009-06-18 04:54 . 2007-07-14 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-05 18:42 . 2009-03-26 05:21 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-03-26 05:21 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-01 00:32 . 2007-09-21 20:58 -------- d-----w- c:\program files\Bodog Poker
2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 22:44 . 2007-07-14 20:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-04-29 17:36 . 2009-04-29 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 04:56 . 2004-08-10 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 20:23 . 2009-04-26 20:23 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-25 04:20 . 2009-04-25 04:20 390664 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-17 12:26 . 2004-08-10 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJack.dll
2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackLoader.exe
2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\octvqe1_apiw.dll
2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjVista.dll
2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjIpSys.dll
2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\SJHandsetTigerJet.dll
2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\mjsetup.exe
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJack.dll
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.dll
2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\install.exe
2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\mjsetup.exe
2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJack.dll
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe
2009-06-25 00:25 . 2009-06-25 00:25 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04 . 2008-06-29 01:30 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-06-29 01:30 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-06-29 01:30 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-06-29 01:30 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-06-29 01:30 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-25_15.56.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-25 23:46 . 2009-06-25 23:46 16384 c:\windows\Temp\Perflib_Perfdata_f48.dat
+ 2009-06-25 16:00 . 2008-10-16 22:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-25 16:00 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-25 16:00 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-25 16:00 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-25 16:00 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-25 16:00 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-25 16:00 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-25 16:00 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-25 16:00 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-25 16:00 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-25 23:46 . 2009-06-25 23:46 148888 c:\windows\system32\javaws.exe
- 2009-04-26 20:26 . 2009-03-09 12:19 148888 c:\windows\system32\javaws.exe
- 2009-04-26 20:26 . 2009-03-09 12:19 144792 c:\windows\system32\javaw.exe
+ 2009-06-25 23:46 . 2009-06-25 23:46 144792 c:\windows\system32\javaw.exe
- 2009-04-26 20:26 . 2009-03-09 12:19 144792 c:\windows\system32\java.exe
+ 2009-06-25 23:46 . 2009-06-25 23:46 144792 c:\windows\system32\java.exe
+ 2009-06-25 16:00 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-25 16:00 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-25 16:00 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-25 16:00 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-25 16:00 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-25 16:00 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-25 16:00 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-25 16:00 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-25 16:00 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-25 16:00 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-25 16:00 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-25 16:00 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-25 16:00 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-25 16:00 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 68856]
"cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-29 185896]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [2004-09-15 393216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560]
"WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856]
"MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2008-09-18 32768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-25 1838592]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-25 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MioNet\\MioNetManager.exe"=
"c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [11/7/2008 12:20 PM 25824]
R2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [9/17/2008 2:52 PM 139264]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2006-03-21 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2009-06-25 c:\windows\Tasks\WebReg psc 2350 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 15:21]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm082MEUS&fl=0&ptb=zAzr3Y9P6UrPAr6YsXRXlA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 17:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4188)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-26 17:07
ComboFix-quarantined-files.txt 2009-06-26 00:07
ComboFix2.txt 2009-06-25 17:12
ComboFix3.txt 2009-06-25 16:02

Pre-Run: 158,660,947,968 bytes free
Post-Run: 158,711,304,192 bytes free

259 --- E O F --- 2009-06-11 10:15

CatByte · 06-25-2009, 06:39 PM

I would like to see a list of installed programs, so please do this:

Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

[b]C:\Qoobox\Add-Remove Programs.txt]/b]

A text file should open.

Post the contents of that file in your next reply.

DOCDAIZY · 06-25-2009, 06:42 PM

Here you go:

2350
2350_Help
2350Trb
2Wire Wireless Client
5 Card Slingo from HP Media Center (remove only)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Apple Mobile Device Support
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
AT&T Yahoo! Applications
ATI Control Panel
ATI Display Driver
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Bodog Poker Version 2.16.3.49
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
Catz (remove only)
Chuzzle Deluxe from HP Media Center (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Critical Update for Windows Media Player 11 (KB959772)
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
Flock 1.1
GemMaster Mystic
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Games 3.43.97
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
InterVideo WinDVD Player
iTunes
Java(TM) 6 Update 14
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Picture It! Publishing 2001
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MioNet
MobileMe Control Panel
Mozilla Firefox (2.0)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
NewCopy
NewCopy_CDA
OpenOffice.org Installer 1.0
Otto
Palm Desktop by ACCESS
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Picasa 2
PokerRoom.com (remove only)
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
ProductContext
PS2
PSPrinters08
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Safari
SBC Yahoo! DSL Home Networking Installer
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shockwave
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Super Granny from HP Media Center (remove only)
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WD Anywhere Backup
WD Drive Manager (x86)
WebFldrs XP
WebReg
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Yahoo! Search Suggest Add-on for IE7
Zuma Deluxe from HP Media Center (remove only)

CatByte · 06-25-2009, 07:01 PM

Unless I'm missing it, it doesn't appear as though you have an AntiVirus installed.

An AntiVirus is essential:

Please do the following:

Install this FREE AntiVirus program, update the virus definitions, and run a full system scan.

Avira AntiVir Personal

There is an installation guide here

When the scan is complete, click on the Report button.
A log file will open. Please post that in your next reply.

NOTE: Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

DOCDAIZY · 06-25-2009, 07:40 PM

I have McAfee I just updated it today

2350
2350_Help
2350Trb
2Wire Wireless Client
5 Card Slingo from HP Media Center (remove only)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Apple Mobile Device Support
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
AT&T Yahoo! Applications
ATI Control Panel
ATI Display Driver
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Bodog Poker Version 2.16.3.49
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
Catz (remove only)
Chuzzle Deluxe from HP Media Center (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Critical Update for Windows Media Player 11 (KB959772)
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
Flock 1.1
GemMaster Mystic
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Games 3.43.97
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
InterVideo WinDVD Player
iTunes
Java(TM) 6 Update 14
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Picture It! Publishing 2001
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MioNet
MobileMe Control Panel
Mozilla Firefox (2.0)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
NewCopy
NewCopy_CDA
OpenOffice.org Installer 1.0
Otto
Palm Desktop by ACCESS
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Picasa 2
PokerRoom.com (remove only)
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
ProductContext
PS2
PSPrinters08
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Safari
SBC Yahoo! DSL Home Networking Installer
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shockwave
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Super Granny from HP Media Center (remove only)
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WD Anywhere Backup
WD Drive Manager (x86)
WebFldrs XP
WebReg
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Yahoo! Search Suggest Add-on for IE7
Zuma Deluxe from HP Media Center (remove only)

CatByte · 06-25-2009, 07:51 PM

Quote:

I have McAfee I just updated it today

OK, that's good, it just doesn't show up as installed.

Your log is clean. Time to do some housekeeping:

Please do the following:

You can delete the DDS and GMER folders from your desktop.

NEXT

Follow these steps to uninstall Combofix

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for both Firefox and IE
For Firefox, I highly recommend this add-on to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

DOCDAIZY · 06-25-2009, 08:15 PM

Thank you so much for your time and help. I really appreciate it!! So do I want to add all of the recommendations you listed?

DOCDAIZY · 06-25-2009, 08:18 PM

McAfee and spyware are different is that correct and won't interfere with each other then?

CatByte · 06-25-2009, 09:01 PM

You are correct, the AntiVirus and AntiSpyware programs wont conflict with one another.
The programs I have recommended are just suggestions, you don't have to install them at all, but give them a try, they help protect your system and you might like them, if not - they are easily uninstalled...Good thing is - they are all free.

Stay safe

CB

DOCDAIZY · 06-25-2009, 09:58 PM

Great!! Thank you so much for helping me out!!!

06-25-2009, 10:29 AM	#3 (permalink)
DOCDAIZY Registered User Join Date: Jun 2009 Posts: 10 OS: xp	Re: Malware removal Thank you for your help!! So far so good I can get on itunes again!!! Thank you Thank you!! ComboFix 09-06-24.05 - HP_Administrator 06/25/2009 8:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.257 [GMT -7:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\FunWebProducts c:\program files\MyWebSearch c:\windows\system32\sysloc c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\MailStampBtn-new.html c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\Internet Explorer\msimg32.dll c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\0002553A c:\program files\MyWebSearch\bar\Cache\00050F69.bin c:\program files\MyWebSearch\bar\Cache\0006FF42 c:\program files\MyWebSearch\bar\Cache\00D100D2.bin c:\program files\MyWebSearch\bar\Cache\00D18DEF.bin c:\program files\MyWebSearch\bar\Cache\00D22A7D.bin c:\program files\MyWebSearch\bar\Cache\00D2929D.bin c:\program files\MyWebSearch\bar\Cache\066526A8 c:\program files\MyWebSearch\bar\Cache\0E3F8590.bin c:\program files\MyWebSearch\bar\Cache\0E3FE2B4.bin c:\program files\MyWebSearch\bar\Cache\0E400B89.bin c:\program files\MyWebSearch\bar\Cache\0E402143.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search2 c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\bar\Settings\setting2.htm c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak c:\program files\MyWebSearch\bar\Settings\settings.dat c:\program files\MyWebSearch\bar\Settings\settings.dat.bak c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL c:\windows\9g2234wesdf3dfgjf23 c:\windows\f23567.dat c:\windows\kb913800.exe c:\windows\ld08.exe c:\windows\msmark2.dat c:\windows\patch.exe c:\windows\sonce122714.dat c:\windows\sonce122739.dat c:\windows\system32\f3PSSavr.scr c:\windows\system32\sysloc\sysloc.dll D:\Autorun.inf D:\Desktop.ini K:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 ))))))))))))))))))))))))))))))) . 2009-06-25 00:47 . 2009-06-25 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MemeoCommon 2009-06-25 00:38 . 2009-06-25 15:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MioNet 2009-06-25 00:37 . 2009-06-25 00:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WD 2009-06-25 00:28 . 2006-10-05 02:42 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-06-25 00:28 . 2006-10-05 02:42 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-06-25 00:27 . 2009-06-25 00:27 -------- d-----w- c:\program files\Picasa2 2009-06-25 00:20 . 2009-06-25 00:20 2238 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\NewShortcut4_53AF3638DDB44755B3DC259981689DB7.exe 2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\STOP_MIONET_SM_SHO_53AF3638DDB44755B3DC259981689DB7.exe 2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\START_MIONET_DESKT_53AF3638DDB44755B3DC259981689DB7.exe 2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\START_MIONET_SM_SH_53AF3638DDB44755B3DC259981689DB7.exe 2009-06-25 00:20 . 2009-06-25 00:20 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\ARPPRODUCTICON.exe 2009-06-25 00:19 . 2009-06-25 00:19 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\MioNet 2009-06-25 00:18 . 2009-06-25 00:42 -------- d-----w- c:\program files\MioNet 2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest 2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\temp 2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\Common Files\eSellerate 2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\WD 2009-06-25 00:01 . 2009-06-25 00:01 -------- d-----w- c:\program files\Western Digital 2009-06-18 15:41 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\setup.exe 2009-06-18 15:41 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\install.exe 2009-06-18 15:41 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\magicJackSplash.exe 2009-06-18 05:11 . 2009-06-18 05:11 -------- d-----w- c:\program files\iPod 2009-06-18 05:11 . 2009-06-18 05:12 -------- d-----w- c:\program files\iTunes 2009-06-18 05:04 . 2009-06-18 05:05 -------- d-----w- c:\program files\QuickTime 2009-06-11 00:42 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2009-06-08 18:03 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\setup2.exe 2009-06-08 18:03 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\install2.exe 2009-06-08 18:02 . 2009-06-08 18:02 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\magicJack 2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-05-28 17:25 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll 2009-05-28 17:25 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll 2009-05-28 17:24 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-05-28 17:24 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-05-28 17:24 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-05-28 17:24 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2009-05-28 17:24 . 2009-05-28 17:24 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\tjnet . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 15:31 . 2005-11-11 01:02 -------- d-----w- c:\program files\Symantec 2009-06-25 00:38 . 2005-11-11 00:30 87448 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-25 00:24 . 2005-11-11 00:59 -------- d-----w- c:\program files\Google 2009-06-23 17:24 . 2008-04-16 16:03 -------- d-----w- c:\program files\Flock 2009-06-18 15:42 . 2009-05-18 18:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp 2009-06-18 05:11 . 2007-07-14 20:10 -------- d-----w- c:\program files\Common Files\Apple 2009-06-18 04:54 . 2007-07-14 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-05 18:42 . 2009-03-26 05:21 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-05 18:42 . 2009-03-26 05:21 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-01 00:32 . 2007-09-21 20:58 -------- d-----w- c:\program files\Bodog Poker 2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 22:44 . 2007-07-14 20:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer 2009-04-29 17:36 . 2009-04-29 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-29 04:56 . 2004-08-10 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-26 20:26 . 2005-11-11 00:05 -------- d-----w- c:\program files\Java 2009-04-26 20:23 . 2009-04-26 20:23 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-25 04:20 . 2009-04-25 04:20 390664 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe 2009-04-17 12:26 . 2004-08-10 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-10 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJack.dll 2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\setup.exe 2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackLoader.exe 2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\octvqe1_apiw.dll 2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjVista.dll 2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjIpSys.dll 2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\SJHandsetTigerJet.dll 2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\mjsetup.exe 2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJack.dll 2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.dll 2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe 2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\install.exe 2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\mjsetup.exe 2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJack.dll 2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJackSplash.exe 2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJackSplash.exe 2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackSplash.exe 2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJackSplash.exe 2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe 2009-06-25 00:25 . 2009-06-25 00:25 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2006-10-11 08:04 . 2008-06-29 01:30 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2006-10-11 08:04 . 2008-06-29 01:30 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2006-10-11 08:05 . 2008-06-29 01:30 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2006-10-11 08:05 . 2008-06-29 01:30 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2006-10-11 08:04 . 2008-06-29 01:30 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 68856] "cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "pccguide.exe"="c:\program files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 950337] "PCClient.exe"="c:\program files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 634949] "TM Outbreak Agent"="c:\program files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 290816] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536] "YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-29 185896] "DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [2004-09-15 393216] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560] "WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856] "MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2008-09-18 32768] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-25 1838592] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400] "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-01-26 4865600] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0SsiEfr.e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\MioNet\\MioNetManager.exe"= "c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0 "1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1 "1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2 "1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3 "1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4 "1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5 "1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6 "1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7 "1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8 "1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9 "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification "1647:TCP"= 1647:TCP:MioNet Storage Device Configuration "5432:UDP"= 5432:UDP:MioNet Storage Device Discovery R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [11/7/2008 12:20 PM 25824] R2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [9/17/2008 2:52 PM 139264] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [3/5/2004 12:53 PM 190480] R2 Tmntsrv;Trend NT Realtime Service;c:\program files\Trend Micro\Antivirus\Tmntsrv.exe [2/17/2004 3:57 PM 241737] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/5/2004 12:53 PM 31248] R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe [2/17/2004 3:58 PM 204873] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400] --- Other Services/Drivers In Memory --- Deregistered* - NDISRD . Contents of the 'Scheduled Tasks' folder 2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34] 2006-03-21 c:\windows\Tasks\Easy Internet Sign-up.job - c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23] 2009-06-25 c:\windows\Tasks\WebReg psc 2350 series.job - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 15:21] . - - - - ORPHANS REMOVED - - - - HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe HKLM-Run-PCDrProfiler - (no file) Notify-WgaLogon - (no file) SafeBoot-svcWRSSSDK . ------- Supplementary Scan ------- . uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm082MEUS&fl=0&ptb=zAzr3Y9P6UrPAr6YsXRXlA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} uStart Page = hxxp://www.yahoo.com uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mDefault_Page_URL = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uInternet Settings,ProxyOverride = .local;<local> uInternet Settings,ProxyServer = http=localhost:7171 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop FF - ProfilePath - . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-25 08:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(628) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WRLogonNTF.dll - - - - - - - > 'explorer.exe'(6840) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\progra~1\Yahoo!\browser\ycommon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\arservice.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\MioNet\jvm\bin\MioNet.exe c:\program files\Webroot\Spy Sweeper\SpySweeper.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\dllhost.exe c:\windows\system32\HPZipm12.exe c:\windows\ehome\ehmsas.exe c:\program files\MioNet\jvm\bin\MioNet.exe c:\program files\Webroot\Spy Sweeper\ssu.exe c:\hp\KBD\kbd.exe c:\windows\ALCXMNTR.EXE c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe . ************************************************************************ . Completion time: 2009-06-25 9:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-25 16:01 Pre-Run: 155,952,533,504 bytes free Post-Run: 159,414,235,136 bytes free 370 --- E O F --- 2009-06-11 10:15

06-25-2009, 10:39 AM	#4 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,002 OS: XP sp3	Re: Malware removal Hi, Please do the following: Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Copy/paste the text inside the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy') Code: DDS:: uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm082MEUS&fl=0&ptb=zAzr3Y9P6UrPAr6YsXRXlA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} uInternet Settings,ProxyOverride = .local;<local> uInternet Settings,ProxyServer = http=localhost:7171 Now paste* the copied text into the open notepad - press CTRL+V (or right click and choose 'paste') Save this file to your desktop, Save this as "CFScript" Here's how to do that: 1.Click File; 2.Click Save As... Change the directory to your desktop; 3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript 5.Click Save ... Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. __________________ ASAP & UNITE Member

06-25-2009, 11:24 AM	#5 (permalink)
DOCDAIZY Registered User Join Date: Jun 2009 Posts: 10 OS: xp	Re: Malware removal I followed your directions and here is the log: ComboFix 09-06-24.05 - HP_Administrator 06/25/2009 9:56.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.120 [GMT -7:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript.txt . ((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 ))))))))))))))))))))))))))))))) . 2009-06-25 16:00 . 2009-06-25 16:00 -------- d-----w- c:\windows\system32\dllcache\cache 2009-06-25 00:47 . 2009-06-25 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MemeoCommon 2009-06-25 00:38 . 2009-06-25 15:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MioNet 2009-06-25 00:37 . 2009-06-25 00:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WD 2009-06-25 00:28 . 2006-10-05 02:42 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-06-25 00:28 . 2006-10-05 02:42 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-06-25 00:27 . 2009-06-25 00:27 -------- d-----w- c:\program files\Picasa2 2009-06-25 00:20 . 2009-06-25 00:20 2238 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\NewShortcut4_53AF3638DDB44755B3DC259981689DB7.exe 2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\STOP_MIONET_SM_SHO_53AF3638DDB44755B3DC259981689DB7.exe 2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\START_MIONET_DESKT_53AF3638DDB44755B3DC259981689DB7.exe 2009-06-25 00:20 . 2009-06-25 00:20 17542 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\START_MIONET_SM_SH_53AF3638DDB44755B3DC259981689DB7.exe 2009-06-25 00:20 . 2009-06-25 00:20 10134 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{53AF3638-DDB4-4755-B3DC-259981689DB7}\ARPPRODUCTICON.exe 2009-06-25 00:19 . 2009-06-25 00:19 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\MioNet 2009-06-25 00:18 . 2009-06-25 16:13 -------- d-----w- c:\program files\MioNet 2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest 2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\temp 2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\Common Files\eSellerate 2009-06-25 00:17 . 2009-06-25 00:17 -------- d-----w- c:\program files\WD 2009-06-25 00:01 . 2009-06-25 00:01 -------- d-----w- c:\program files\Western Digital 2009-06-18 15:41 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\setup.exe 2009-06-18 15:41 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\install.exe 2009-06-18 15:41 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ar00000\magicJackSplash.exe 2009-06-18 05:11 . 2009-06-18 05:11 -------- d-----w- c:\program files\iPod 2009-06-18 05:11 . 2009-06-18 05:12 -------- d-----w- c:\program files\iTunes 2009-06-18 05:04 . 2009-06-18 05:05 -------- d-----w- c:\program files\QuickTime 2009-06-11 00:42 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2009-06-08 18:03 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\setup2.exe 2009-06-08 18:03 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\Upgrade\install2.exe 2009-06-08 18:02 . 2009-06-08 18:02 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\magicJack 2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-05-28 17:25 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll 2009-05-28 17:25 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll 2009-05-28 17:24 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-05-28 17:24 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-05-28 17:24 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-05-28 17:24 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2009-05-28 17:24 . 2009-05-28 17:24 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\tjnet . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 15:31 . 2005-11-11 01:02 -------- d-----w- c:\program files\Symantec 2009-06-25 00:38 . 2005-11-11 00:30 87448 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-25 00:24 . 2005-11-11 00:59 -------- d-----w- c:\program files\Google 2009-06-23 17:24 . 2008-04-16 16:03 -------- d-----w- c:\program files\Flock 2009-06-18 15:42 . 2009-05-18 18:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp 2009-06-18 05:11 . 2007-07-14 20:10 -------- d-----w- c:\program files\Common Files\Apple 2009-06-18 04:54 . 2007-07-14 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-05 18:42 . 2009-03-26 05:21 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-05 18:42 . 2009-03-26 05:21 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-01 00:32 . 2007-09-21 20:58 -------- d-----w- c:\program files\Bodog Poker 2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 22:44 . 2007-07-14 20:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer 2009-04-29 17:36 . 2009-04-29 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-29 04:56 . 2004-08-10 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-26 20:26 . 2005-11-11 00:05 -------- d-----w- c:\program files\Java 2009-04-26 20:23 . 2009-04-26 20:23 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-25 04:20 . 2009-04-25 04:20 390664 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe 2009-04-17 12:26 . 2004-08-10 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-10 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJack.dll 2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\setup.exe 2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackLoader.exe 2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\octvqe1_apiw.dll 2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjVista.dll 2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\TjIpSys.dll 2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\SJHandsetTigerJet.dll 2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\mjsetup.exe 2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJack.dll 2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.dll 2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe 2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\install.exe 2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\mjsetup.exe 2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJack.dll 2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\ug00000\magicJackSplash.exe 2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\st00000\magicJackSplash.exe 2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\magicJackSplash.exe 2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\in00000\magicJackSplash.exe 2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe 2009-06-25 00:25 . 2009-06-25 00:25 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2006-10-11 08:04 . 2008-06-29 01:30 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2006-10-11 08:04 . 2008-06-29 01:30 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2006-10-11 08:05 . 2008-06-29 01:30 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2006-10-11 08:05 . 2008-06-29 01:30 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2006-10-11 08:04 . 2008-06-29 01:30 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-25_15.56.29 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-25 16:19 . 2009-06-25 16:19 16384 c:\windows\Temp\Perflib_Perfdata_90c.dat + 2009-06-25 16:00 . 2008-10-16 22:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe + 2009-06-25 16:00 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll + 2009-06-25 16:00 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe + 2009-06-25 16:00 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe + 2009-06-25 16:00 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe + 2009-06-25 16:00 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll + 2009-06-25 16:00 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe + 2009-06-25 16:00 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys + 2009-06-25 16:00 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys + 2009-06-25 16:00 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe + 2009-06-25 16:00 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe + 2009-06-25 16:00 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\cache\wininet.dll + 2009-06-25 16:00 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll + 2009-06-25 16:00 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll + 2009-06-25 16:00 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys + 2009-06-25 16:00 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe + 2009-06-25 16:00 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys + 2009-06-25 16:00 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll + 2009-06-25 16:00 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll + 2009-06-25 16:00 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll + 2009-06-25 16:00 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll + 2009-06-25 16:00 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe + 2009-06-25 16:00 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe + 2009-06-25 16:00 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 68856] "cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "pccguide.exe"="c:\program files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 950337] "PCClient.exe"="c:\program files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 634949] "TM Outbreak Agent"="c:\program files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 290816] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 129536] "YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-29 185896] "DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-31 1095256] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [2004-09-15 393216] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-07-24 450560] "WD Anywhere Backup"="c:\program files\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856] "MioNet"="c:\program files\MioNet\MioNetLauncher.exe" [2008-09-18 32768] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-25 1838592] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400] "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-01-26 4865600] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0SsiEfr.e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\MioNet\\MioNetManager.exe"= "c:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0 "1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1 "1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2 "1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3 "1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4 "1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5 "1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6 "1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7 "1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8 "1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9 "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification "1647:TCP"= 1647:TCP:MioNet Storage Device Configuration "5432:UDP"= 5432:UDP:MioNet Storage Device Discovery R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\WD\WD Anywhere Backup\MemeoBackgroundService.exe [11/7/2008 12:20 PM 25824] R2 MioNet;MioNet;c:\program files\MioNet\MioNetManager.exe [9/17/2008 2:52 PM 139264] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [3/5/2004 12:53 PM 190480] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/5/2004 12:53 PM 31248] R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Antivirus\tmproxy.exe [2/17/2004 3:58 PM 204873] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 3:22 PM 102400] S2 Tmntsrv;Trend NT Realtime Service;c:\program files\Trend Micro\Antivirus\Tmntsrv.exe [2/17/2004 3:57 PM 241737] --- Other Services/Drivers In Memory --- Deregistered* - NDISRD . Contents of the 'Scheduled Tasks' folder 2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34] 2006-03-21 c:\windows\Tasks\Easy Internet Sign-up.job - c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23] 2009-06-25 c:\windows\Tasks\WebReg psc 2350 series.job - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 15:21] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm082MEUS&fl=0&ptb=zAzr3Y9P6UrPAr6YsXRXlA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} uStart Page = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-25 10:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\HP_ADM~1\LOCALS~1\Temp\sqlite_voTVWtIkbdI76Cq 0 bytes c:\docume~1\HP_ADM~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 2 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(624) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WRLogonNTF.dll - - - - - - - > 'explorer.exe'(12908) c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-06-25 10:12 ComboFix-quarantined-files.txt 2009-06-25 17:12 ComboFix2.txt 2009-06-25 16:02 Pre-Run: 159,142,035,456 bytes free Post-Run: 159,098,556,416 bytes free 258 --- E O F --- 2009-06-11 10:15

06-25-2009, 11:54 AM	#6 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,002 OS: XP sp3	Re: Malware removal Hi, Please do the following; Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so. NEXT It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Using Internet Explorer or Firefox, visit Kaspersky Online Scanner: 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply You can refer to this animation by sundavis. __________________ ASAP & UNITE Member

06-25-2009, 04:23 PM	#7 (permalink)
DOCDAIZY Registered User Join Date: Jun 2009 Posts: 10 OS: xp	Re: Malware removal Here are the two new reports. What do I do with everything that I've downloaded or saved? Malwarebytes' Anti-Malware 1.38 Database version: 2335 Windows 5.1.2600 Service Pack 3 6/25/2009 11:19:35 AM mbam-log-2009-06-25 (11-19-35).txt Scan type: Quick Scan Objects scanned: 97452 Time elapsed: 3 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 97 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Thursday, June 25, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Thursday, June 25, 2009 20:19:53 Records in database: 2389318 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Scan statistics: Files scanned: 144010 Threat name: 16 Infected objects: 62 Suspicious objects: 0 Duration of the scan: 03:03:47 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.l 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.af 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aq 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:Monitor.Win32.Agent.c 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ba 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1 C:\Qoobox\Quarantine\C\WINDOWS\ld08.exe.vir Infected: Net-Worm.Win32.Koobface.np 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\sysloc\sysloc.dll.vir Infected: Trojan.Win32.BHO.tli 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056069.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056070.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056072.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056073.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056074.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.l 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056075.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.af 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056076.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056077.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056078.SCR Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056079.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056080.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056081.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056082.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056083.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aq 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056084.DLL Infected: not-a-virus:Monitor.Win32.Agent.c 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056086.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056087.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056089.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056091.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056092.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056095.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056096.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056097.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ba 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056098.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056099.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056100.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056101.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056103.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056106.scr Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056107.dll Infected: Trojan.Win32.BHO.tli 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP635\A0056111.exe Infected: Net-Worm.Win32.Koobface.np 1 The selected area was scanned.

06-25-2009, 06:39 PM	#10 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,002 OS: XP sp3	Re: Malware removal I would like to see a list of installed programs, so please do this: Click Start > Run then copy/paste the following single-line command into the Run box and click OK: [b]C:\Qoobox\Add-Remove Programs.txt]/b] A text file should open. Post the contents of that file in your next reply. __________________ ASAP & UNITE Member

06-25-2009, 06:42 PM	#11 (permalink)
DOCDAIZY Registered User Join Date: Jun 2009 Posts: 10 OS: xp	Re: Malware removal Here you go: 2350 2350_Help 2350Trb 2Wire Wireless Client 5 Card Slingo from HP Media Center (remove only) Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 9.1 AiO_Scan AiO_Scan_CDA AiOSoftware AiOSoftwareNPI Apple Mobile Device Support Apple Software Update AstroPop Deluxe from HP Media Center (remove only) AT&T Yahoo! Applications ATI Control Panel ATI Display Driver Barnyard Invasion from HP Media Center (remove only) Bejeweled 2 Deluxe from HP Media Center (remove only) Blackhawk Striker 2 from HP Media Center (remove only) Blasterball 2 from HP Media Center (remove only) Blasterball 2 Remix from HP Media Center (remove only) Bodog Poker Version 2.16.3.49 Boggle Supreme from HP Media Center (remove only) Bonjour Bookworm Deluxe from HP Media Center (remove only) Bounce Symphony from HP Media Center (remove only) BufferChm CameraDrivers Catz (remove only) Chuzzle Deluxe from HP Media Center (remove only) CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_LightScribePlugin CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config Critical Update for Windows Media Player 11 (KB959772) Crystal Maze from HP Media Center (remove only) CueTour Customer Experience Enhancement Data Fax SoftModem with SmartCP Destinations DeviceManagementQFolder DocProc DocumentViewer DocumentViewerQFolder Easy Internet Sign-up Family Feud FATE from HP Media Center (remove only) Fax Fax_CDA Flock 1.1 GemMaster Mystic Google Desktop Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB888111 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) HP Boot Optimizer HP Deskjet Printer Preload HP DigitalMedia Archive HP Document Viewer 5.3 HP Game Console and games HP Games 3.43.97 HP Image Zone 5.3 HP Image Zone for Media Center PC HP Imaging Device Functions 5.3 HP Multimedia Keyboard Software HP Photosmart 330,380,420,470,7800,8000,8200 Series HP Photosmart Cameras 5.0 HP PSC & OfficeJet 5.3.A HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 HPProductAssistant HpSdpAppCoreApp Insaniquarium Deluxe from HP Media Center (remove only) InstantShareDevices InterVideo WinDVD Player iTunes Java(TM) 6 Update 14 Lemonade Tycoon 2 from HP Media Center (remove only) Lexibox Deluxe from HP Media Center (remove only) LightScribe 1.4.52.1 Mah Jong Quest from HP Media Center (remove only) Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Away Mode Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2005 Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft Picture It! Publishing 2001 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works MioNet MobileMe Control Panel Mozilla Firefox (2.0) MSN MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) muvee autoProducer 4.5 muvee autoProducer unPlugged 1.2 NewCopy NewCopy_CDA OpenOffice.org Installer 1.0 Otto Palm Desktop by ACCESS PanoStandAlone PC-Doctor 5 for Windows PhotoGallery Picasa 2 PokerRoom.com (remove only) Polar Bowler from HP Media Center (remove only) Polar Golfer from HP Media Center (remove only) ProductContext PS2 PSPrinters08 PSTAPlugin Puzzle Express from HP Media Center (remove only) Python 2.2 pywin32 extensions (build 203) Python 2.2.3 Quicken 2006 QuickTime RandMap Readme RealPlayer Remove IntelliMover Demo Ricochet Lost Worlds from HP Media Center (remove only) Safari SBC Yahoo! DSL Home Networking Installer Scan ScannerCopy SCRABBLE from HP Media Center (remove only) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Shockwave Shooting Stars Pool from HP Media Center (remove only) Shrek 2 Ogre Bowler from HP Media Center (remove only) SkinsHP1 Slingo Deluxe from HP Media Center (remove only) Snowboard SuperJam from HP Media Center (remove only) SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK Status Super Granny from HP Media Center (remove only) Tradewinds from HP Media Center (remove only) TrayApp Unload Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update Rollup 2 for Windows XP Media Center Edition 2005 Updates from HP (remove only) WD Anywhere Backup WD Drive Manager (x86) WebFldrs XP WebReg Windows Genuine Advantage v1.3.0254.0 Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows XP Media Center Edition 2005 KB925766 Windows XP Service Pack 3 Yahoo! Search Suggest Add-on for IE7 Zuma Deluxe from HP Media Center (remove only)

06-25-2009, 07:01 PM	#12 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,002 OS: XP sp3	Re: Malware removal Unless I'm missing it, it doesn't appear as though you have an AntiVirus installed. An AntiVirus is essential: Please do the following: Install this FREE AntiVirus program, update the virus definitions, and run a full system scan. Avira AntiVir Personal There is an installation guide here When the scan is complete, click on the Report button. A log file will open. Please post that in your next reply. NOTE: Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. __________________ ASAP & UNITE Member

06-25-2009, 07:40 PM	#13 (permalink)
DOCDAIZY Registered User Join Date: Jun 2009 Posts: 10 OS: xp	Re: Malware removal I have McAfee I just updated it today 2350 2350_Help 2350Trb 2Wire Wireless Client 5 Card Slingo from HP Media Center (remove only) Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 9.1 AiO_Scan AiO_Scan_CDA AiOSoftware AiOSoftwareNPI Apple Mobile Device Support Apple Software Update AstroPop Deluxe from HP Media Center (remove only) AT&T Yahoo! Applications ATI Control Panel ATI Display Driver Barnyard Invasion from HP Media Center (remove only) Bejeweled 2 Deluxe from HP Media Center (remove only) Blackhawk Striker 2 from HP Media Center (remove only) Blasterball 2 from HP Media Center (remove only) Blasterball 2 Remix from HP Media Center (remove only) Bodog Poker Version 2.16.3.49 Boggle Supreme from HP Media Center (remove only) Bonjour Bookworm Deluxe from HP Media Center (remove only) Bounce Symphony from HP Media Center (remove only) BufferChm CameraDrivers Catz (remove only) Chuzzle Deluxe from HP Media Center (remove only) CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_LightScribePlugin CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config Critical Update for Windows Media Player 11 (KB959772) Crystal Maze from HP Media Center (remove only) CueTour Customer Experience Enhancement Data Fax SoftModem with SmartCP Destinations DeviceManagementQFolder DocProc DocumentViewer DocumentViewerQFolder Easy Internet Sign-up Family Feud FATE from HP Media Center (remove only) Fax Fax_CDA Flock 1.1 GemMaster Mystic Google Desktop Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB888111 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) HP Boot Optimizer HP Deskjet Printer Preload HP DigitalMedia Archive HP Document Viewer 5.3 HP Game Console and games HP Games 3.43.97 HP Image Zone 5.3 HP Image Zone for Media Center PC HP Imaging Device Functions 5.3 HP Multimedia Keyboard Software HP Photosmart 330,380,420,470,7800,8000,8200 Series HP Photosmart Cameras 5.0 HP PSC & OfficeJet 5.3.A HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 HPProductAssistant HpSdpAppCoreApp Insaniquarium Deluxe from HP Media Center (remove only) InstantShareDevices InterVideo WinDVD Player iTunes Java(TM) 6 Update 14 Lemonade Tycoon 2 from HP Media Center (remove only) Lexibox Deluxe from HP Media Center (remove only) LightScribe 1.4.52.1 Mah Jong Quest from HP Media Center (remove only) Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Away Mode Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2005 Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft Picture It! Publishing 2001 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works MioNet MobileMe Control Panel Mozilla Firefox (2.0) MSN MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) muvee autoProducer 4.5 muvee autoProducer unPlugged 1.2 NewCopy NewCopy_CDA OpenOffice.org Installer 1.0 Otto Palm Desktop by ACCESS PanoStandAlone PC-Doctor 5 for Windows PhotoGallery Picasa 2 PokerRoom.com (remove only) Polar Bowler from HP Media Center (remove only) Polar Golfer from HP Media Center (remove only) ProductContext PS2 PSPrinters08 PSTAPlugin Puzzle Express from HP Media Center (remove only) Python 2.2 pywin32 extensions (build 203) Python 2.2.3 Quicken 2006 QuickTime RandMap Readme RealPlayer Remove IntelliMover Demo Ricochet Lost Worlds from HP Media Center (remove only) Safari SBC Yahoo! DSL Home Networking Installer Scan ScannerCopy SCRABBLE from HP Media Center (remove only) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Shockwave Shooting Stars Pool from HP Media Center (remove only) Shrek 2 Ogre Bowler from HP Media Center (remove only) SkinsHP1 Slingo Deluxe from HP Media Center (remove only) Snowboard SuperJam from HP Media Center (remove only) SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK Status Super Granny from HP Media Center (remove only) Tradewinds from HP Media Center (remove only) TrayApp Unload Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update Rollup 2 for Windows XP Media Center Edition 2005 Updates from HP (remove only) WD Anywhere Backup WD Drive Manager (x86) WebFldrs XP WebReg Windows Genuine Advantage v1.3.0254.0 Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows XP Media Center Edition 2005 KB925766 Windows XP Service Pack 3 Yahoo! Search Suggest Add-on for IE7 Zuma Deluxe from HP Media Center (remove only)

06-25-2009, 08:15 PM	#15 (permalink)
DOCDAIZY Registered User Join Date: Jun 2009 Posts: 10 OS: xp	Re: Malware removal Thank you so much for your time and help. I really appreciate it!! So do I want to add all of the recommendations you listed?

06-25-2009, 08:18 PM	#16 (permalink)
DOCDAIZY Registered User Join Date: Jun 2009 Posts: 10 OS: xp	Re: Malware removal McAfee and spyware are different is that correct and won't interfere with each other then?

06-25-2009, 09:01 PM	#17 (permalink)
CatByte Analyst, Security Team Join Date: Jan 2009 Location: Canada Posts: 2,002 OS: XP sp3	Re: Malware removal You are correct, the AntiVirus and AntiSpyware programs wont conflict with one another. The programs I have recommended are just suggestions, you don't have to install them at all, but give them a try, they help protect your system and you might like them, if not - they are easily uninstalled...Good thing is - they are all free. Stay safe CB __________________ ASAP & UNITE Member

06-25-2009, 09:58 PM	#18 (permalink)
DOCDAIZY Registered User Join Date: Jun 2009 Posts: 10 OS: xp	Re: Malware removal Great!! Thank you so much for helping me out!!!