Solved

Browser hijacked and possible virus

Posted on 2009-04-12
19
1,288 Views
Last Modified: 2013-12-07
Hello Experts,

Need some help here. I've tried finding and removing my infections using Spybot S & D, AdAware AE, SuperAntiSpyware and a removal tool. I thought this was Virtumonde or Vundo trojan, and both spybot and SuperAntiSpyware found variations of the vundo trojan, I can't seem to get rid of it.

Here the symptoms:

Doing a Google search in Firefox and I click on one of the results, it goes to the result page but then instantly redirects to some random ads/search page. A simple search on Google for HijackThis, and clicking on the first HijackThis result which should have gone to "http://majorgeeks.com/download3155.html", instead redirected to "http://www.findstuff.com" with a search result.

My AVG Antivirus can't update, and also crashes occasionally. Firefox crashes quite often, usually after a couple searches or when switching tabs.

The following is my HijackThis report, I hope someone here can guide me in the right direction.

Regards...
Logfile of HijackThis v1.99.1

Scan saved at 1:25:35 PM, on 4/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ps2.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q404&bd=presario&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.36.252.76:8081

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: FlashToolset - res://C:\PROGRA~1\Easeweb\FLASHT~1.0TR\Swafer.dll/300

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\WEB2~1\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Nick\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: FlashToolset - {4A067D7A-84C4-4de8-A109-2BFBA2B39F72} - C:\PROGRA~1\Easeweb\FLASHT~1.0TR\Swafer.dll (HKCU)

O9 - Extra 'Tools' menuitem: FlashToolset - {4A067D7A-84C4-4de8-A109-2BFBA2B39F72} - C:\PROGRA~1\Easeweb\FLASHT~1.0TR\Swafer.dll (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [INTERNATIONAL] International

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://webmap.em.gov.bc.ca/mapplace/mgaxctrl.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: ,

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: cbxywww - cbxywww.dll (file missing)

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe

Open in new window

0
Comment
Question by:ziffgone
  • 9
  • 5
  • 5
19 Comments
 
LVL 14

Author Comment

by:ziffgone
Comment Utility
I should also mention that sometimes, instead of crashing the browser, it instead simply gives me an error stating the internet connection could not be found and I can only get the browser to reconnect to the internet by rebooting the computer.

Regards...
0
 
LVL 15

Accepted Solution

by:
greyknight17 earned 250 total points
Comment Utility
Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O20 - Winlogon Notify: cbxywww - cbxywww.dll (file missing)

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Go to http://www.bleepingcomputer.com/combofix/how-to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
For the Firefox search hijacks it sounds very much like a Goored infection.
GooredFix should take care of it.

Please download GooredFix and save it to your Desktop.
http://www.geekstogo.com/forum/redirect.php?url=http%3A%2F%2Fjpshortstuff.247fixes.com%2FGooredFix.exe

Double-click GooredFix.exe on your Desktop to run it.
Select "2. Fix Goored" by typing 2 and pressing Enter.
Make sure all instances of Firefox are closed at this point.
Type y at the prompt and press Enter again.

A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system.

Please also allow any registry changes that may be prompted by any of your security programs.


It's also a good idea to run combofix as already suggested as there might be other virus present in the system as well.
0
 
LVL 14

Author Comment

by:ziffgone
Comment Utility
(working on MalwareBytes Anti Malware and combofix now)...

GooredLog.txt:
GooredFix v1.92 by jpshortstuff

Log created at 19:49 on 12/04/2009 running Option #2 (Nick)

Firefox version 3.0.8 (en-US)
 

=====Goored Deletions=====
 

=====Dumping Registry Values=====
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]

"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]

"Components"="C:\Program Files\Mozilla Firefox\components"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]

"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

Open in new window

0
 
LVL 14

Author Comment

by:ziffgone
Comment Utility
At this time I only get a blank page when viewing any page on bleepingcomputer.com. Is there a mirror location I can get ComboFix?
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 250 total points
Comment Utility
Try the direct .exe download.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If it doesn't run at first,  redownload it but rename before saving to your desktop.
0
 
LVL 14

Author Comment

by:ziffgone
Comment Utility
Malwarebytes Log file:


Malwarebytes' Anti-Malware 1.36

Database version: 1945

Windows 5.1.2600 Service Pack 3
 

4/12/2009 9:53:39 PM

mbam-log-2009-04-12 (21-53-39).txt
 

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 206643

Time elapsed: 1 hour(s), 36 minute(s), 48 second(s)
 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 15

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 4

Files Infected: 65
 

Memory Processes Infected:

(No malicious items detected)
 

Memory Modules Infected:

(No malicious items detected)
 

Registry Keys Infected:

HKEY_CLASSES_ROOT\sai.instantiator (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sai.instantiator.1 (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d85530e8-d39d-49d0-9f36-300d594556d2} (Trojan.Vundo) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
 

Registry Values Infected:

(No malicious items detected)
 

Registry Data Items Infected:

(No malicious items detected)
 

Folders Infected:

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
 

Files Infected:

C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Local Settings\Temp\7zS1B.tmp\AdwareAlert\SpyCleaner.dll (Rogue.SpyCleaner) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\bfgtoolbarDLL.zip (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\ErrorLog.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\thereef.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\bfgtoolbarDLL.zip (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\ErrorLog.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\thereef.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Nick\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\ENCSC-Download.com.2.5.1040.0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Open in new window

0
 
LVL 14

Author Comment

by:ziffgone
Comment Utility
I'm getting a "source file could not be read" error when trying to download ComboFix from the bleepingcomputers.com site. I'll try and find a mirror.
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
You should be able to access the below link. Try the link posted there if no links will work.
http://www.experts-exchange.com/Community_Support/Hidden/Private_Discussions/Q_24288356.html
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 15

Expert Comment

by:greyknight17
Comment Utility
You can try the following mirror links as well:

Link1
Link2

If you still run into problems getting ComboFix, try to get it from another computer instead and copy it over.
0
 
LVL 14

Author Comment

by:ziffgone
Comment Utility
Thanks guys. ComboFix log below:


ComboFix 09-04-13.09 - Nick 2009-04-12 22:28.2 - NTFSx86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1527.895 [GMT -7:00]

Running from: c:\tools-av\16987\16987.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

 * Created a new restore point

.
 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\windows\bcrmqiu.wab

c:\windows\IE4 Error Log.txt
 

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_FREEZESCREENSAVER

-------\Service_FreezeScreenSaver
 
 

(((((((((((((((((((((((((   Files Created from 2009-03-13 to 2009-04-13  )))))))))))))))))))))))))))))))

.
 

2009-04-13 05:19 . 2009-04-13 05:19	--------	d-----w	C:\Tools-AV

2009-04-13 02:47 . 2009-04-13 02:47	--------	d-----w	c:\documents and settings\Nick\Application Data\Malwarebytes

2009-04-13 02:47 . 2009-04-06 22:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys

2009-04-13 02:47 . 2009-04-06 22:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-13 02:47 . 2009-04-13 02:47	--------	d-----w	c:\program files\Malwarebytes Anti-Malware

2009-04-13 02:47 . 2009-04-13 02:47	--------	d-----w	c:\documents and settings\All Users\Application Data\Malwarebytes

2009-04-12 20:06 . 2009-04-12 20:06	51744	----a-w	c:\documents and settings\Administrator.NIH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-12 20:05 . 2009-04-12 20:05	--------	d-----w	c:\program files\Process Hacker

2009-04-12 20:05 . 2009-04-12 20:05	--------	d-----w	c:\documents and settings\Administrator.NIH\Local Settings\Application Data\Adobe

2009-04-12 15:36 . 2009-04-12 15:36	--------	d-----w	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-04-12 15:36 . 2009-04-12 15:36	--------	d-----w	c:\program files\SUPERAntiSpyware

2009-04-12 15:36 . 2009-04-12 15:36	--------	d-----w	c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com

2009-04-12 15:35 . 2009-04-12 15:35	--------	d-----w	c:\program files\Common Files\Wise Installation Wizard

2009-04-12 06:32 . 2009-03-09 19:06	15688	----a-w	c:\windows\system32\lsdelete.exe

2009-04-11 18:04 . 2009-04-11 18:04	--------	d-----w	c:\documents and settings\Administrator.NIH\Application Data\Ipswitch

2009-04-11 18:03 . 2009-04-11 18:03	--------	d-----w	c:\documents and settings\Administrator.NIH\Local Settings\Application Data\Mozilla

2009-04-11 18:03 . 2009-04-11 18:03	--------	d-----w	c:\documents and settings\Administrator.NIH\Application Data\InterVideo

2009-04-11 17:15 . 2009-04-11 17:15	--------	d-sh--w	c:\documents and settings\Administrator.NIH\IETldCache

2009-04-11 16:55 . 2009-03-09 19:06	64160	----a-w	c:\windows\system32\drivers\Lbd.sys

2009-04-11 16:52 . 2009-04-11 16:52	--------	dc-h--w	c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2009-04-04 03:06 . 2009-04-04 03:33	--------	d-----w	c:\windows\system32\Adobe

2009-04-03 22:28 . 2009-04-03 22:28	--------	d-----w	c:\program files\Microsoft Visual Studio 8

2009-04-03 22:27 . 2009-04-03 22:27	--------	d-----w	c:\program files\Microsoft.NET

2009-04-03 22:25 . 2009-04-03 22:25	--------	d-----w	c:\documents and settings\Nick\Local Settings\Application Data\Microsoft Help

2009-04-03 22:25 . 2009-04-05 14:48	--------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help

2009-04-03 22:24 . 2009-04-03 22:24	--------	d--h--r	C:\MSOCache

2009-04-03 22:23 . 2009-04-03 22:23	--------	d-----w	c:\program files\Common Files\Nikon

2009-04-03 22:21 . 2009-04-03 22:36	--------	d-----w	c:\program files\Microsoft Expression

2009-04-03 21:40 . 2009-04-04 10:09	2352	----a-w	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-04-03 21:40 . 2009-04-03 21:40	--------	d-----w	c:\program files\MSBuild

2009-04-03 21:39 . 2009-04-03 21:39	--------	d-----w	c:\windows\system32\XPSViewer

2009-04-03 21:39 . 2009-04-03 21:39	--------	d-----w	c:\program files\Reference Assemblies

2009-04-03 21:38 . 2006-06-29 20:07	14048	------w	c:\windows\system32\spmsg2.dll

2009-04-03 19:05 . 2009-04-03 19:05	--------	d-----w	c:\program files\Microsoft Silverlight

2009-04-03 18:45 . 2009-03-25 03:27	606293	----a-w	c:\windows\system32\wbocx.ocx

2009-04-03 18:45 . 2009-03-25 03:27	50688	----a-w	c:\windows\system32\wbhelp2.dll

2009-04-03 18:45 . 2009-04-03 18:45	--------	d-----w	c:\documents and settings\All Users\Application Data\Ipswitch

2009-04-03 18:45 . 2009-04-03 18:45	--------	d-----w	c:\documents and settings\Nick\Application Data\InstallShield

2009-04-03 18:32 . 2009-04-03 18:39	1276	----a-w	c:\windows\system32\WS_FTP_Install.BAK

2009-04-03 04:39 . 2009-04-03 18:21	--------	d-----w	c:\documents and settings\Nick\Application Data\BitTorrent

2009-04-03 04:39 . 2009-04-03 04:39	--------	d-----w	c:\documents and settings\Nick\Local Settings\Application Data\DNA

2009-04-03 04:39 . 2009-04-13 14:19	--------	d-----w	c:\program files\DNA

2009-04-03 04:39 . 2009-04-13 14:19	--------	d-----w	c:\documents and settings\Nick\Application Data\DNA

2009-04-03 04:39 . 2009-04-03 04:39	--------	d-----w	c:\program files\BitTorrent

2009-04-03 04:13 . 2009-04-12 21:36	--------	d-----w	c:\documents and settings\Nick\Local Settings\Application Data\True BoxShot

2009-04-03 04:13 . 2009-04-12 20:53	--------	d-----w	c:\program files\True BoxShot

2009-03-23 19:09 . 2009-04-12 01:50	--------	d--h--w	C:\$AVG8.VAULT$

2009-03-23 16:55 . 2009-03-23 16:56	--------	d-----w	c:\program files\bwin

2009-03-22 20:48 . 2009-03-22 20:48	10520	----a-w	c:\windows\system32\avgrsstx.dll

2009-03-22 20:48 . 2009-03-27 15:16	108552	----a-w	c:\windows\system32\drivers\avgtdix.sys

2009-03-22 20:48 . 2009-03-22 20:48	325640	----a-w	c:\windows\system32\drivers\avgldx86.sys

2009-03-22 20:47 . 2009-04-10 01:42	--------	d-----w	c:\windows\system32\drivers\Avg

2009-03-22 20:47 . 2009-03-22 20:47	--------	d-----w	c:\program files\AVG

2009-03-22 20:47 . 2009-03-22 20:47	--------	d-----w	c:\documents and settings\All Users\Application Data\avg8

2009-03-22 01:25 . 2009-03-22 01:25	--------	d-sh--w	c:\documents and settings\Compaq_Owner\PrivacIE

2009-03-22 01:22 . 2009-03-22 01:22	--------	d-sh--w	c:\documents and settings\Compaq_Owner\IETldCache

2009-03-21 22:44 . 2009-03-21 22:44	--------	d-sh--w	c:\documents and settings\Nick\PrivacIE

2009-03-21 22:44 . 2009-03-21 22:44	--------	d-sh--w	c:\documents and settings\Nick\IECompatCache

2009-03-21 22:12 . 2009-03-21 22:12	--------	d-sh--w	c:\documents and settings\NetworkService\IETldCache

2009-03-21 22:12 . 2009-03-21 22:12	--------	d-sh--w	c:\documents and settings\Nick\IETldCache

2009-03-21 21:55 . 2009-03-21 21:55	--------	d-----w	c:\windows\ie8updates

2009-03-21 21:52 . 2009-03-21 21:53	--------	dc-h--w	c:\windows\ie8

2009-03-21 21:49 . 2009-02-28 04:55	105984	-c----w	c:\windows\system32\dllcache\iecompat.dll

2009-03-21 20:39 . 2009-03-21 20:54	--------	d-----w	c:\documents and settings\Nick\Application Data\PE Explorer

2009-03-21 20:39 . 2009-03-21 20:39	--------	d-----w	c:\program files\PE Explorer

2009-03-20 01:31 . 2009-03-20 01:31	--------	d-----w	c:\program files\MozBackup

2009-03-20 01:05 . 2008-04-14 00:12	218624	----a-w	c:\windows\system32\uxtheme.backup

2009-03-18 18:10 . 2009-03-19 05:15	--------	d-----w	c:\program files\World of Warcraft

2009-03-18 18:08 . 2009-03-18 18:08	--------	d-----w	c:\documents and settings\All Users\Application Data\Blizzard

2009-03-18 02:58 . 2009-03-18 02:58	--------	d-----w	c:\program files\TeaTimer (Spybot - Search & Destroy)

2009-03-18 02:58 . 2009-03-18 02:58	--------	d-----w	c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2009-03-18 02:58 . 2009-03-18 02:58	--------	d-----w	c:\program files\SDHelper (Spybot - Search & Destroy)

2009-03-18 02:58 . 2009-03-18 02:58	--------	d-----w	c:\program files\File Scanner Library (Spybot - Search & Destroy)
 

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-13 14:17 . 2009-04-12 06:37	1719	----a-w	C:\aaw7boot.log

2009-04-13 05:19 . 2009-04-13 05:19	4	----a-w	C:\menu.txt

2009-04-12 20:47 . 2004-08-12 03:28	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-04-12 15:20 . 2005-05-21 01:40	51744	----a-w	c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-12 00:52 . 2008-02-22 20:02	--------	d-----w	c:\documents and settings\All Users\Application Data\SecTaskMan

2009-04-11 16:52 . 2005-09-25 01:53	--------	d-----w	c:\program files\Lavasoft

2009-04-11 14:33 . 2007-03-29 03:53	--------	d-----w	c:\program files\Spybot - Search & Destroy

2009-04-11 14:33 . 2007-03-29 03:53	--------	d-----w	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-04-10 02:08 . 2005-05-10 17:25	488	----a-w	C:\hpfr5550.xml

2009-04-04 14:15 . 2007-03-31 04:02	51744	----a-w	c:\documents and settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-03 22:41 . 2007-11-18 16:57	--------	d-----w	c:\program files\NoteTab Pro 5

2009-04-03 22:28 . 2004-08-12 03:33	--------	d-----w	c:\program files\Microsoft Works

2009-04-03 21:39 . 2008-05-24 17:08	--------	d-----w	c:\program files\SmartFTP Client

2009-03-26 15:36 . 2008-02-22 20:02	--------	d-----w	c:\program files\Security Task Manager

2009-03-23 15:58 . 2008-05-24 17:07	--------	d-----w	c:\program files\SmartFTP Client 3.0 Setup Files

2009-03-20 01:05 . 2004-08-29 18:24	218624	----a-w	c:\windows\system32\uxtheme.dll

2009-03-20 00:41 . 2008-05-03 15:45	--------	d-----w	c:\program files\Realspace3_at

2009-03-19 19:25 . 2004-08-12 11:57	--------	d-----w	c:\program files\Common Files\Symantec Shared

2009-03-19 03:48 . 2004-08-12 11:57	--------	d-----w	c:\documents and settings\All Users\Application Data\Symantec

2009-03-19 03:39 . 2005-05-10 17:06	--------	d-----w	c:\program files\Yahoo!

2009-03-19 02:42 . 2007-06-11 02:39	--------	d-----w	c:\program files\My Way Games

2009-03-19 02:38 . 2008-02-29 01:18	--------	d-----w	c:\program files\Real Link Finder

2009-03-19 02:38 . 2008-05-02 17:01	--------	d-----w	c:\program files\ProfessorFizzwizzleTrial_at

2009-03-19 02:38 . 2008-10-01 23:52	--------	d-----w	c:\program files\PokerSmoke

2009-03-19 02:37 . 2008-04-08 00:30	--------	d-----w	c:\program files\phantomlinkcloaker

2009-03-19 02:36 . 2008-05-03 03:00	--------	d-----w	c:\program files\DeerDrive_at

2009-03-19 02:35 . 2008-02-20 19:08	--------	d-----w	c:\program files\Cain

2009-03-19 02:35 . 2008-03-22 16:57	--------	d-----w	c:\program files\Autodesk

2009-03-19 02:24 . 2005-05-08 15:13	--------	d-----w	c:\program files\Common Files\Adobe

2009-03-18 22:43 . 2005-05-15 02:04	--------	d-----w	c:\program files\Common Files\Blizzard Entertainment

2009-03-18 17:21 . 2008-05-23 23:30	--------	d-----w	c:\program files\RealArcade

2009-03-18 17:20 . 2009-02-03 02:18	--------	d-----w	c:\documents and settings\All Users\Application Data\Turbine

2009-03-18 17:20 . 2005-05-21 17:35	--------	d-----w	c:\program files\Shockwave.com

2009-03-18 17:19 . 2008-05-02 20:33	--------	d-----w	c:\program files\DevastationZoneTroopers_at

2009-03-18 17:17 . 2009-01-15 15:21	--------	d-----w	c:\documents and settings\All Users\Application Data\Electronic Arts

2009-03-18 07:44 . 2009-02-08 01:19	--------	d-----w	c:\documents and settings\Compaq_Owner\Application Data\Shareaza

2009-03-08 11:34 . 2004-08-29 18:24	914944	----a-w	c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2004-08-29 18:21	43008	----a-w	c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2004-08-29 18:20	18944	----a-w	c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2004-08-29 18:24	420352	----a-w	c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2004-08-29 19:08	72704	----a-w	c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2004-08-29 18:21	71680	----a-w	c:\windows\system32\iesetup.dll

2009-03-08 11:31 . 2004-08-29 18:21	34816	----a-w	c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2004-08-29 18:22	48128	----a-w	c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2004-08-29 18:21	45568	----a-w	c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2004-08-29 18:22	156160	----a-w	c:\windows\system32\msls31.dll

2009-02-09 11:13 . 2004-08-29 18:24	1846784	----a-w	c:\windows\system32\win32k.sys

2008-12-22 21:07 . 2008-12-22 21:07	319	-c-ha-w	c:\documents and settings\Nick\hpothb07.dat

2008-03-14 19:37 . 2008-03-14 19:37	0	-c--a-w	c:\program files\temp01

2007-08-28 18:08 . 2007-10-27 18:08	32	-c--a-r	c:\documents and settings\All Users\hash.dat

2007-06-22 03:58 . 2005-05-08 18:46	127	----a-w	c:\documents and settings\Nick\Local Settings\Application Data\fusioncache.dat

2005-10-25 21:32 . 2005-10-25 21:32	774144	-c--a-w	c:\program files\RngInterstitial.dll

2004-08-12 03:54 . 2007-09-05 16:58	128	-c--a-w	c:\documents and settings\Administrator.NIH\Local Settings\Application Data\fusioncache.dat

2004-08-12 03:54 . 2005-12-11 02:09	128	-c--a-w	c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat

2004-08-12 03:54 . 2005-05-08 14:46	128	-c--a-w	c:\documents and settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat

.
 

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-02 321344]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-11 180269]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-22 1932568]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)

"NoSimpleStartMenu"= 0 (0x0)
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoRecentDocsNetHood"= 0 (0x0)
 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-22 13:48 10520 c:\windows\system32\avgrsstx.dll
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"
 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk

backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=c:\windows\pss\ymetray.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

--a--c--- 2004-08-20 15:51 118784 c:\windows\system32\hkcmd.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

--a--c--- 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

--a--c--- 2004-08-20 15:55 155648 c:\windows\system32\igfxtray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

-----c--- 2007-07-11 11:01 393216 c:\progra~1\TELUSE~1\SMARTB~1\MotiveSB.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-13 17:12 1695232 c:\program files\Messenger\msmsgs.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2004-10-29 15:50 4620288 c:\windows\system32\nvcpl.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a--c--- 2004-10-29 15:50 86016 c:\windows\system32\nvmctray.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2004-08-11 19:34 32881 c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a--c--- 2005-05-10 12:50 100056 c:\progra~1\SYMNET~1\SNDMon.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TELUS_eCare_Lite_McciTrayApp]

--a--c--- 2007-01-24 14:55 1007720 c:\program files\TELUS_eCare_Lite\eCareTrayApp.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2004-08-11 20:23 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

--a------ 2005-03-04 12:01 88209 c:\windows\AGRSMMSG.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

--a------ 2004-07-06 01:05 2550272 c:\windows\ALCWZRD.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

--a------ 2004-09-07 13:47 57344 c:\windows\ALCXMNTR.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2004-10-29 15:50 921600 c:\windows\system32\nwiz.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

"c:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Defender\\MSASCui.exe"=

"c:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
 

R3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]

R3 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\Smith Micro\StuffIt11\ArcNameService.exe [2007-10-08 157000]

R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-22 908056]

R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-22 298264]

R4 LiveTurbineMessageService;Turbine Message Service - Live; [x]

R4 LiveTurbineNetworkService;Turbine Network Service - Live; [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-22 325640]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-27 108552]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
 
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder
 

2009-04-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:06]
 

2008-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
 

2008-09-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
 

2005-08-26 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1115579937.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]
 

2009-04-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
 

2008-09-09 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]

.

- - - - ORPHANS REMOVED - - - -
 

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe

MSConfigStartUp-BO1HelperStartUp - c:\progra~1\BUTTER~1\BO1HEL~1.EXE

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

MSConfigStartUp-trioService - c:\progra~1\Freeze.com\Halloween\\trioService.exe

MSConfigStartUp-VTTimer - VTTimer.exe
 
 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ca.yahoo.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mDefault_Page_URL = hxxp://ca.yahoo.com

mStart Page = hxxp://ca.yahoo.com

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q404&bd=presario&pf=desktop

uInternet Settings,ProxyOverride = 127.0.0.1;<local>

uInternet Settings,ProxyServer = 69.36.252.76:8081

IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\[u]0[/u]2.05.0001.1119\en-us\msntb.dll/search.htm

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Nick\Start Menu\Programs\IMVU\Run IMVU.lnk

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab

FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\ipfc88d9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - about:neterror?e=query&u=

FF - component: c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\ipfc88d9.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll

FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");

.
 

**************************************************************************
 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-13 07:20

Windows 5.1.2600 Service Pack 3 NTFS
 

scanning hidden processes ...  
 

scanning hidden autostart entries ... 
 

scanning hidden files ...  
 

scan completed successfully

hidden files: 0
 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------
 

[HKEY_USERS\S-1-5-21-2740385269-3582360190-2949210702-1010\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)
 

[HKEY_USERS\S-1-5-21-2740385269-3582360190-2949210702-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D85530E8-D39D-49D0-9F36-300D594556D2}\iexplore]

@DACL=(02 0000)

"Type"=dword:00000003

"Flags"=dword:00000004

"Count"=dword:00000175

"Time"=hex:d8,07,02,00,04,00,1c,00,0e,00,03,00,2c,00,af,02

"Blocked"=dword:0000014e
 

[HKEY_USERS\S-1-5-21-2740385269-3582360190-2949210702-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2B18761-A2FB-43F3-A4DE-E112872A42F6}\iexplore]

@DACL=(02 0000)

"Type"=dword:00000003

"Flags"=dword:00000000

"Count"=dword:00000001

"Time"=hex:d8,07,02,00,03,00,14,00,11,00,29,00,0d,00,ee,02
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]

@DACL=(02 0000)

@="c:\\WINDOWS\\SYSTEM32\\RAZADUPE.DLL"

"ThreadingModel"="Both"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2B18761-A2FB-43F3-A4DE-E112872A42F6}\InprocServer32]

@DACL=(02 0000)

@="c:\\WINDOWS\\system32\\mljgh.dll"

"ThreadingModel"="Both"

.

--------------------- DLLs Loaded Under Running Processes ---------------------
 

- - - - - - - > 'winlogon.exe'(860)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
 

- - - - - - - > 'explorer.exe'(2140)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\corel\Graphics8\programs\CMFFld80.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\locator.exe

c:\windows\system32\PAStiSvc.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-04-13  7:26 - machine was rebooted

ComboFix-quarantined-files.txt  2009-04-13 14:26

ComboFix2.txt  2008-02-29 16:36
 

Pre-Run: 8,166,928,384 bytes free

Post-Run: 8,678,756,352 bytes free
 

478	--- E O F ---	2009-04-11 22:17

Open in new window

0
 
LVL 15

Expert Comment

by:greyknight17
Comment Utility
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the bold text below into Notepad:

File::c:\\WINDOWS\\system32\\mljgh.dllc:\\WINDOWS\\SYSTEM32\\RAZADUPE.DLLReglock::[HKEY_USERS\S-1-5-21-2740385269-3582360190-2949210702-1010\Software\Microsoft\SystemCertificates\AddressBook*][HKEY_USERS\S-1-5-21-2740385269-3582360190-2949210702-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D85530E8-D39D-49D0-9F36-300D594556D2}\iexplore][HKEY_USERS\S-1-5-21-2740385269-3582360190-2949210702-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2B18761-A2FB-43F3-A4DE-E112872A42F6}\iexplore] Regnull::[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}][HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2B18761-A2FB-43F3-A4DE-E112872A42F6}]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is it running so far?
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
greyknight17,
Please don't be offended... but I'm just wondering if you did that script in a hurry.
Correct me if I'm wrong;
The key below is a null-embedded key so if we have to take action on that key we should use the RegNull directive not RegLock.

>>>"RegLock::
[HKEY_USERS\S-1-5-21-2740385269-3582360190-2949210702-1010\Software\Microsoft\SystemCertificates\AddressBook*] "<<<



Below are not null-embedded keys so we should use RegLockDel directive(or alternatively we can use RegLock:: and Registry::)

>>>Regnull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2B18761-A2FB-43F3-A4DE-E112872A42F6}]<<<



Will combofix take action if the files have doubleslashes?
>>>File::
c:\\WINDOWS\\system32\\mljgh.dll
c:\\WINDOWS\\SYSTEM32\\RAZADUPE.DLL<<<


0
 
LVL 14

Author Comment

by:ziffgone
Comment Utility
greyknight and rpggamergirl,

I'll be away from that computer for a few days now, so I won't be able to run this CFScript.txt example 'till then. What we've done already has made a huge improvement on performance, both in the browser and my ability to update AVG etc. (which was also blocked).

Thanks for your help guys. I'll finish it up when I get back to the problem computer.

Regards...
0
 
LVL 15

Expert Comment

by:greyknight17
Comment Utility
rpggamergirl, I'm not offended at all. Thanks for catching that. Stupid me...must have been doing something else while typing up the reply. I was actually staring at those double slashes as well and thought I proofread the entire fix before posting.

ziffgone, please ignore my last reply and do the following instead:

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::c:\WINDOWS\system32\mljgh.dllc:\WINDOWS\SYSTEM32\RAZADUPE.DLLRegnull::[HKEY_USERS\S-1-5-21-2740385269-3582360190-2949210702-1010\Software\Microsoft\SystemCertificates\AddressBook*]RegLockDel::[HKEY_USERS\S-1-5-21-2740385269-3582360190-2949210702-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D85530E8-D39D-49D0-9F36-300D594556D2}][HKEY_USERS\S-1-5-21-2740385269-3582360190-2949210702-1010\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2B18761-A2FB-43F3-A4DE-E112872A42F6}][HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}][HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2B18761-A2FB-43F3-A4DE-E112872A42F6}]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
0
 
LVL 14

Author Comment

by:ziffgone
Comment Utility
Ok, sorry this has taken so long.

Attached is the new "ComboFix.txt" log file after dropping the "CFScript.txt" file, (outlined above), into the ComboFix.exe software.


ComboFix.txt
0
 
LVL 15

Expert Comment

by:greyknight17
Comment Utility
You may delete this file:

c:\program files\temp01

Good job. Your log is clean.

Go to Start->Run, copy/paste in combofix /u and hit OK to remove it.

You may read the below links on how to prevent future infections:

1. TonyKlein's article "So how did I get infected in the first place?"
http://www.spywareinfoforum.com/index.php?showtopic=60955

2. "Simple and easy ways to keep your computer safe and secure on the Internet"
http://www.bleepingcomputer.com/tutorials/tutorial82.html

3. "miekiemoes' "How to prevent Malware"
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
0
 
LVL 14

Author Closing Comment

by:ziffgone
Comment Utility
Thank you guys, you were both a tremendous help. :)
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
ziffgone,
Glad to know it's now resolved.
Thanks!
 
greyknight17,
No worries... typos/error we've all done it, :)
 
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I had to do a bit of research to find the answer to this question so I thought I'd share my results.  Due to our outdated mainframe systems, we need to downgrade IE9 to IE8 in order to stay compatible.  We also needed to downgrade Java.  In order to…
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now