Google Searches Redirecting

January 5, 2010 at 06:17:08
Specs: Windows XP
Hi all,

My internet search results - google, yahoo, etc. are all being redirected to other sites (porn and others). By browsing the forums it seems this is quite a common problem so I have tried to take steps to combat it.
I have run Malwarebytes Anti Malware and the scan does not bring up any results.

I have also run a full McAfee scan that also reveals nothing.

I have run Hijack this and I will post the antimalware log below. I can also post the hijackthis log as well if anyone thinks they can help me with it. Any help would be really, really gratefully appreciated!!


Malwarebytes log:
Malwarebytes' Anti-Malware 1.43
Database version: 3495
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

05/01/2010 14:02:06
mbam-log-2010-01-05 (14-02-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 145546
Time elapsed: 16 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


See More: Google Searches Redirecting

Report •

#1
January 5, 2010 at 16:02:21
Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

#2
January 6, 2010 at 03:29:29
info.txt logfile of random's system information tool 1.06 2010-01-06 11:17:26

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Alice Greenfingers-->"C:\Program Files\Samsung Casual Games\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Alice Greenfingers\install.log"
AnyPC Client-->C:\Program Files\InstallShield Installation Information\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}\setup.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros WLAN Client-->"C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe" -runfromtemp -l0x0009 -removeonly
BatteryLifeExtender-->MsiExec.exe /I{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Cake Mania-->"C:\Program Files\Samsung Casual Games\Cake Mania\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Cake Mania\install.log"
Chicken Invaders 3-->"C:\Program Files\Samsung Casual Games\Chicken Invaders 3\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Chicken Invaders 3\install.log"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cooking Dash-->"C:\Program Files\Samsung Casual Games\Cooking Dash\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Cooking Dash\install.log"
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Diner Dash 2-->"C:\Program Files\Samsung Casual Games\Diner Dash 2\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Diner Dash 2\install.log"
Dream Chronicles-->"C:\Program Files\Samsung Casual Games\Dream Chronicles\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Dream Chronicles\install.log"
Dream Day First Home-->"C:\Program Files\Samsung Casual Games\Dream Day First Home\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Dream Day First Home\install.log"
Easy Display Manager-->"C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Easy Network Manager-->MsiExec.exe /I{A7581D39-EA20-4883-A480-80C21047052B}
Easy Resolution Manager-->MsiExec.exe /I{9CAC71E9-D196-472E-845C-5462356B2AE1}
Galapago-->"C:\Program Files\Samsung Casual Games\Galapago\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Galapago\install.log"
Game Pack-->"C:\Program Files\Samsung Casual Games\GameConsole\unins000.exe"
Go Go Gourmet Chef of the Year-->"C:\Program Files\Samsung Casual Games\Go Go Gourmet Chef of the Year\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Go Go Gourmet Chef of the Year\install.log"
HijackThis 2.0.2-->"C:\Documents and Settings\Angela\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952117-v2)-->"C:\WINDOWS\$NtUninstallKB952117-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
imagine digital freedom - Samsung-->MsiExec.exe /X{8E106A57-A17E-431D-B48F-175E42EB9F74}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LoudMo Contextual Ad Assistant-->C:\WINDOWS\system32\---BUaZIWHf.exe
Magic Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\Setup.exe" -l0x9 Remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Activation Assistant for Netbooks-->MsiExec.exe /X{0DCF2BB4-A124-4596-89F7-5670294E091B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
REALTEK Wireless LAN Software-->C:\Program Files\InstallShield Installation Information\{6A1F72DD-2465-43A2-A137-8A849399B7A8}\Install.exe -uninst -l0x9
Samsung Battery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\Setup.exe" -l0x9 Remove
Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x9 Remove
Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung Update Plus-->"C:\Program Files\InstallShield Installation Information\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SoulSeek 157 NS 13e-->"C:\Program Files\SoulseekNS\uninstall.exe"
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WebCam SCB-0340N-->C:\Program Files\InstallShield Installation Information\{71A51BED-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows System Scanner-->C:\WINDOWS\system32\javaws.exe -uninstall "http://www.computing.net/systemscan/launch.jnlp"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zuma Deluxe-->"C:\Program Files\Samsung Casual Games\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Samsung Casual Games\Zuma Deluxe\install.log"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: A
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 68
Source Name: W32Time
Time Written: 20091225162957.000000+000
Event Type: error
User:

Computer Name: A
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 67
Source Name: W32Time
Time Written: 20091225162957.000000+000
Event Type: error
User:

Computer Name: A
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 57
Source Name: W32Time
Time Written: 20091225162942.000000+000
Event Type: error
User:

Computer Name: A
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 56
Source Name: W32Time
Time Written: 20091225162942.000000+000
Event Type: error
User:

Computer Name: A
Event Code: 10010
Message: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

Record Number: 17
Source Name: DCOM
Time Written: 20091225225728.000000+000
Event Type: error
User: A\Angela

=====Application event log=====

Computer Name: A
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 17
Source Name: crypt32
Time Written: 20091225225551.000000+000
Event Type: error
User:

Computer Name: A
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


Record Number: 16
Source Name: crypt32
Time Written: 20091225225550.000000+000
Event Type: error
User:

Computer Name: A
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 15
Source Name: crypt32
Time Written: 20091225225550.000000+000
Event Type: error
User:

Computer Name: A
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 14
Source Name: crypt32
Time Written: 20091225225550.000000+000
Event Type: error
User:

Computer Name: A
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


Record Number: 13
Source Name: crypt32
Time Written: 20091225225550.000000+000
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip

-----------------EOF-----------------


Report •

#3
January 6, 2010 at 03:30:00
Logfile of random's system information tool 1.06 (written by random/random)
Run by Angela at 2010-01-06 11:16:49
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 103 GB (90%) free of 115 GB
Total RAM: 1014 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:20, on 06/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\samsung\SAB60E~1\SUPNOT~1.EXE
C:\Documents and Settings\Angela\My Documents\Downloads\RSIT.exe
C:\Documents and Settings\Angela\Desktop\Angela.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BatteryLifeExtender] C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe /2
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

--
End of file - 8914 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-10-02 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-11-04 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2009-07-30 36972]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-02-18 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-02-18 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-02-18 137752]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-28 1044480]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"DMHotKey"=C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [2006-12-27 466944]
"BatteryManager"=C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [2009-06-02 3153408]
"MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2006-05-15 151552]
"SUPBackground"=C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2009-05-21 298664]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BatteryLifeExtender"=C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-03-13 550912]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-07 3885408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-12-16 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\kbdsock.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-01-06 11:16:49 ----D---- C:\rsit
2010-01-05 10:42:49 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-04 17:23:41 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-04 17:23:24 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-04 17:23:24 ----D---- C:\Documents and Settings\Angela\Application Data\SUPERAntiSpyware.com
2010-01-04 17:22:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-04 17:11:37 ----D---- C:\fixwareout
2010-01-04 13:51:31 ----D---- C:\Program Files\MSSOAP
2010-01-04 13:50:56 ----A---- C:\WINDOWS\WRSetup.dll
2010-01-04 13:50:55 ----D---- C:\Program Files\Webroot
2010-01-04 13:50:55 ----D---- C:\Documents and Settings\Angela\Application Data\Webroot
2010-01-04 13:50:55 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2010-01-03 16:21:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-03 16:21:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-03 15:07:49 ----D---- C:\Documents and Settings\Angela\Application Data\Mozilla
2010-01-03 13:58:42 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-01-02 16:19:25 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-01 22:56:17 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek
2010-01-01 22:55:04 ----D---- C:\Program Files\SoulseekNS
2010-01-01 22:14:21 ----D---- C:\Documents and Settings\Angela\Application Data\Malwarebytes
2010-01-01 22:14:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-01 22:14:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-01 22:04:43 ----A---- C:\WINDOWS\system32\---BUaZIWHf.exe
2010-01-01 22:02:07 ----SHD---- C:\Documents and Settings\Angela\Application Data\SystemProc
2010-01-01 21:51:05 ----D---- C:\WINDOWS\Sun
2010-01-01 21:51:05 ----D---- C:\Documents and Settings\Angela\Application Data\Sun
2010-01-01 20:19:05 ----D---- C:\Documents and Settings\Angela\Application Data\WinRAR
2010-01-01 20:18:31 ----D---- C:\Program Files\WinRAR
2009-12-29 15:16:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-29 15:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-29 15:15:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-28 20:39:56 ----D---- C:\Documents and Settings\Angela\Application Data\Apple Computer
2009-12-28 20:39:43 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-12-28 20:37:57 ----D---- C:\Program Files\iPod
2009-12-28 20:37:53 ----D---- C:\Program Files\iTunes
2009-12-28 20:37:53 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-28 20:37:27 ----D---- C:\Program Files\Bonjour
2009-12-28 20:35:37 ----D---- C:\Program Files\QuickTime
2009-12-28 20:35:35 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-12-28 20:35:10 ----D---- C:\Program Files\Apple Software Update
2009-12-28 20:34:57 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-12-28 20:32:55 ----D---- C:\Program Files\Common Files\Apple
2009-12-28 20:32:55 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-12-27 20:25:08 ----D---- C:\Program Files\Mozilla Firefox
2009-12-27 20:20:53 ----D---- C:\b771da6f9f682f7998729ab9c6b25a47
2009-12-27 20:20:35 ----D---- C:\WINDOWS\SxsCaPendDel
2009-12-25 23:04:30 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-12-25 22:34:40 ----D---- C:\Program Files\CyberLink
2009-12-25 22:34:22 ----AD---- C:\Documents and Settings\All Users\Application Data\Temp
2009-12-25 22:32:43 ----N---- C:\WINDOWS\system32\Angela_KBD.ini
2009-12-25 22:32:18 ----ASH---- C:\Documents and Settings\Angela\Application Data\desktop.ini
2009-12-25 22:32:17 ----D---- C:\Documents and Settings\Angela\Application Data\Google
2009-12-25 22:32:17 ----D---- C:\Documents and Settings\Angela\Application Data\Adobe
2009-12-25 22:32:16 ----SD---- C:\Documents and Settings\Angela\Application Data\Microsoft
2009-12-25 22:32:16 ----D---- C:\Documents and Settings\Angela\Application Data\InstallShield
2009-12-25 22:32:16 ----D---- C:\Documents and Settings\Angela\Application Data\Identities
2009-12-25 22:22:37 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-12-25 19:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-25 19:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-25 19:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-25 19:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-25 19:35:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-25 19:34:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-25 19:34:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-25 19:34:35 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-25 19:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-25 19:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-25 19:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-25 19:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-25 19:33:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-12-25 19:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-25 19:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-25 19:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-25 19:33:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-25 19:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-25 19:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-25 19:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-25 19:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-25 19:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-25 19:31:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-25 19:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-25 19:31:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-25 19:31:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-25 19:31:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-25 19:30:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-25 19:30:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-25 19:30:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-25 19:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-25 19:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-25 19:30:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-25 19:30:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-25 19:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-25 19:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-25 19:29:26 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-25 19:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-12-25 19:25:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-25 19:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-25 19:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-25 19:25:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-25 19:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-25 19:24:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-25 19:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-25 19:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-25 19:24:37 ----D---- C:\WINDOWS\ie8updates
2009-12-25 19:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-25 19:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-25 19:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-25 19:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-25 19:22:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-25 19:22:42 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-25 19:16:38 ----D---- C:\Documents and Settings\Angela\Application Data\PlayFirst
2009-12-25 19:16:38 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-12-25 19:15:43 ----D---- C:\Program Files\Common Files\SWF Studio
2009-12-25 19:15:42 ----SHD---- C:\Documents and Settings\Angela\Application Data\.#
2009-12-25 19:08:34 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-12-25 18:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-25 17:10:03 ----D---- C:\WINDOWS\system32\PreInstall
2009-12-25 17:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-12-25 17:03:57 ----D---- C:\Documents and Settings\Angela\Application Data\Macromedia

======List of files/folders modified in the last 1 months======

2010-01-06 11:16:51 ----D---- C:\WINDOWS\Temp
2010-01-06 11:16:43 ----D---- C:\WINDOWS\Prefetch
2010-01-06 11:08:53 ----D---- C:\WINDOWS
2010-01-05 21:42:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-05 18:47:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-05 18:46:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-05 17:12:07 ----D---- C:\WINDOWS\system32\drivers
2010-01-05 15:53:33 ----D---- C:\WINDOWS\system32
2010-01-04 17:23:36 ----SHD---- C:\WINDOWS\Installer
2010-01-04 17:23:24 ----RD---- C:\Program Files
2010-01-04 17:22:58 ----D---- C:\Program Files\Common Files
2010-01-04 13:51:14 ----HD---- C:\WINDOWS\inf
2010-01-03 17:32:17 ----SHD---- C:\System Volume Information
2010-01-03 17:32:17 ----D---- C:\WINDOWS\system32\Restore
2010-01-03 16:24:53 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-03 16:11:30 ----SD---- C:\WINDOWS\Tasks
2010-01-03 13:58:36 ----D---- C:\WINDOWS\WinSxS
2010-01-02 16:19:27 ----D---- C:\WINDOWS\Debug
2010-01-02 08:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952117-v2$
2010-01-01 20:08:37 ----D---- C:\Program Files\McAfee
2009-12-29 17:10:45 ----RSD---- C:\WINDOWS\assembly
2009-12-29 17:09:36 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-29 15:21:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-29 15:16:38 ----A---- C:\WINDOWS\imsins.BAK
2009-12-29 15:16:35 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-28 20:40:13 ----SHD---- C:\RECYCLER
2009-12-28 20:37:16 ----D---- C:\Program Files\Internet Explorer
2009-12-28 17:42:33 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-27 20:28:09 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-12-27 20:22:29 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-27 20:22:20 ----D---- C:\WINDOWS\system32\en-US
2009-12-27 20:22:07 ----RSD---- C:\WINDOWS\Fonts
2009-12-26 06:53:56 ----D---- C:\Documents and Settings\All Users\Application Data\WinClon
2009-12-25 23:04:42 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-25 23:04:38 ----D---- C:\WINDOWS\Help
2009-12-25 22:40:00 ----D---- C:\WINDOWS\security
2009-12-25 22:37:06 ----AD---- C:\WINDOWS\MSETUP
2009-12-25 22:32:33 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-25 22:32:15 ----D---- C:\Documents and Settings
2009-12-25 22:32:01 ----A---- C:\WINDOWS\setuplog.txt
2009-12-25 22:31:54 ----D---- C:\WINDOWS\system32\config
2009-12-25 22:31:51 ----RASH---- C:\boot.ini
2009-12-25 22:31:28 ----D---- C:\WINDOWS\Registration
2009-12-25 22:25:37 ----D---- C:\WINDOWS\repair
2009-12-25 22:10:48 ----D---- C:\WINDOWS\system32\wbem
2009-12-25 22:10:47 ----D---- C:\WINDOWS\AppPatch
2009-12-25 19:35:14 ----D---- C:\Program Files\Messenger
2009-12-25 19:29:55 ----D---- C:\Program Files\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-11-04 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-07 55152]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-05-23 5082624]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-11-04 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-11-04 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-04 40552]
R3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver; C:\WINDOWS\system32\DRIVERS\rtl819xp.sys [2009-05-08 517504]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-07-28 143360]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-28 224736]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VMC33F;Vimicro Camera Service VMC33F; C:\WINDOWS\System32\Drivers\VMC33F.sys [2009-07-01 237952]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-11-04 34248]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-10-29 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-04 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-10-02 26640]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-06 4048240]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-04 606736]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-07 533360]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-10-28 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Report •

Related Solutions

#4
January 6, 2010 at 03:46:40
Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 17 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

Download TDSSKiller to your Desktop from the following link.

TDSSKiller


1. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. It will extract to an unzipped folder, drag TDSSKiller.exe out of that folder onto the desktop.
2. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


3. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
4. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Remember..your McAfee antivirus, Spybot's TeaTimer, SpySweeper, and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#5
January 6, 2010 at 06:18:00
The TDSSKiller.txt file did not get saved for some reason - I can't seem to find it.
Here is the combofix log:

ComboFix 10-01-04.01 - Angela 06/01/2010 14:03:04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.603 [GMT 0:00]
Running from: c:\documents and settings\Angela\My Documents\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Angela\Application Data\.#
c:\documents and settings\Angela\Application Data\SystemProc
c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\recycler\S-1-5-21-3767802525-3887994354-1924451833-1003
c:\recycler\S-1-5-21-861567501-1563985344-1644491937-1003
C:\s
c:\windows\EventSystem.log
c:\windows\msetup
c:\windows\msetup\MSetup.exe
c:\windows\system32\drivers\cmmicff.sys

c:\windows\system32\Drivers\atapi.tsk . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_cmmicff
-------\Service_cmmicff


((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))
.

2010-01-06 13:16 . 2010-01-06 13:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 11:16 . 2010-01-06 11:17 -------- d-----w- C:\rsit
2010-01-05 15:53 . 2010-01-05 15:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-05 15:53 . 2010-01-05 15:53 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-04 17:23 . 2010-01-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-04 17:23 . 2010-01-06 13:10 -------- d-----w- c:\documents and settings\Angela\Application Data\SUPERAntiSpyware.com
2010-01-04 17:23 . 2010-01-06 13:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-04 17:11 . 2010-01-05 18:19 -------- d-----w- C:\fixwareout
2010-01-04 13:51 . 2010-01-04 13:51 -------- d-----w- c:\program files\MSSOAP
2010-01-04 13:50 . 2009-11-06 15:19 1563008 ----a-w- c:\windows\WRSetup.dll
2010-01-04 13:50 . 2010-01-04 13:50 -------- d-----w- c:\program files\Webroot
2010-01-04 13:50 . 2010-01-04 13:50 -------- d-----w- c:\documents and settings\Angela\Application Data\Webroot
2010-01-04 13:50 . 2010-01-04 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-01-04 13:50 . 2010-01-04 16:42 164 ----a-w- c:\windows\install.dat
2010-01-03 16:21 . 2010-01-06 13:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-03 16:21 . 2010-01-06 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-03 13:58 . 2010-01-03 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-01 22:56 . 2010-01-01 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-01-01 22:55 . 2010-01-01 22:55 -------- d-----w- c:\program files\SoulseekNS
2010-01-01 22:14 . 2010-01-01 22:14 -------- d-----w- c:\documents and settings\Angela\Application Data\Malwarebytes
2010-01-01 22:14 . 2009-12-30 14:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 22:14 . 2010-01-01 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-01 22:14 . 2009-12-30 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 22:14 . 2010-01-01 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 22:04 . 2010-01-01 22:04 118256 ----a-w- c:\windows\system32\---BUaZIWHf.exe
2010-01-01 22:02 . 2010-01-01 22:44 -------- d-sh--w- c:\documents and settings\Angela\.COMMgr
2010-01-01 21:51 . 2010-01-01 21:51 -------- d-----w- c:\windows\Sun
2009-12-28 20:39 . 2009-12-28 20:41 -------- d-----w- c:\documents and settings\Angela\Application Data\Apple Computer
2009-12-28 20:39 . 2009-05-18 14:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-28 20:39 . 2008-04-17 13:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-28 20:37 . 2009-12-28 20:37 -------- d-----w- c:\program files\iPod
2009-12-28 20:37 . 2009-12-28 20:39 -------- d-----w- c:\program files\iTunes
2009-12-28 20:37 . 2009-12-28 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-28 20:37 . 2009-12-28 20:37 -------- d-----w- c:\program files\Bonjour
2009-12-28 20:35 . 2009-12-28 20:37 -------- d-----w- c:\program files\QuickTime
2009-12-28 20:35 . 2009-12-28 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-28 20:35 . 2009-12-28 20:35 -------- d-----w- c:\documents and settings\Angela\Local Settings\Application Data\Apple
2009-12-28 20:35 . 2009-12-28 20:35 -------- d-----w- c:\program files\Apple Software Update
2009-12-28 20:34 . 2009-08-28 19:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-12-28 20:34 . 2009-08-28 19:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-28 20:32 . 2009-12-28 20:37 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 20:32 . 2009-12-28 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-28 20:31 . 2009-12-31 20:17 -------- d-----w- c:\documents and settings\Angela\Local Settings\Application Data\Apple Computer
2009-12-27 20:25 . 2009-12-27 20:25 0 ----a-w- c:\windows\nsreg.dat
2009-12-27 20:25 . 2009-12-27 20:25 -------- d-----w- c:\documents and settings\Angela\Local Settings\Application Data\Mozilla
2009-12-27 20:20 . 2009-12-27 20:21 -------- d-----w- C:\b771da6f9f682f7998729ab9c6b25a47
2009-12-27 20:20 . 2009-12-28 17:39 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-26 16:47 . 2010-01-06 14:13 -------- d-----w- c:\documents and settings\Angela\Tracing
2009-12-25 23:02 . 2009-12-25 23:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-25 22:56 . 2009-12-25 22:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-25 22:34 . 2009-12-25 22:35 -------- d-----w- c:\program files\CyberLink
2009-12-25 22:34 . 2009-12-25 22:34 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-12-25 22:34 . 2009-12-25 19:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2009-12-25 22:31 . 2010-01-05 20:20 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-12-25 22:31 . 2009-08-06 14:04 27488 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 22:31 . 2009-07-30 23:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-12-25 22:31 . 2009-07-30 23:56 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-12-25 22:31 . 2009-07-30 22:42 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft Help
2009-12-25 22:31 . 2009-07-30 22:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield
2009-12-25 22:31 . 2009-07-30 22:33 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
2009-12-25 22:31 . 2009-07-30 23:57 -------- d-sh--w- c:\documents and settings\Default User\PrivacIE
2009-12-25 22:31 . 2009-07-30 23:49 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-25 22:22 . 2009-12-25 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-12-25 19:24 . 2009-12-25 19:24 -------- d-----w- c:\windows\ie8updates
2009-12-25 19:16 . 2009-12-25 19:16 -------- d-----w- c:\documents and settings\Angela\Application Data\PlayFirst
2009-12-25 19:16 . 2009-12-25 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-12-25 19:15 . 2009-12-25 19:15 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-12-25 19:14 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-25 19:14 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-25 19:12 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-25 19:12 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-25 19:12 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-25 19:12 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-25 19:12 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-25 19:12 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-25 19:11 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-25 19:09 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-25 19:09 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-25 19:09 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-25 19:08 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 14:00 . 2008-04-14 00:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-06 13:26 . 2010-01-06 13:26 96512 ------w- c:\windows\system32\drivers\atapi.tsk
2010-01-06 13:16 . 2009-07-30 22:33 -------- d-----w- c:\program files\Java
2010-01-03 14:09 . 2009-07-30 22:29 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-01 20:08 . 2009-07-30 22:52 -------- d-----w- c:\program files\McAfee
2009-12-28 17:40 . 2009-12-25 22:32 27488 ----a-w- c:\documents and settings\Angela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-27 20:28 . 2009-07-30 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-26 06:53 . 2009-07-30 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\WinClon
2009-12-25 22:32 . 2009-12-25 22:32 0 ----a-w- c:\windows\system32\drivers\144D_SAMSUNG_N_N130_01CM.mrk
2009-11-12 17:07 . 2009-11-12 17:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-06 12:00 . 2009-11-06 12:00 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 12:00 . 2009-11-06 12:00 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 12:00 . 2009-11-06 12:00 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-04 16:54 . 2009-07-30 23:01 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 16:54 . 2009-07-30 23:01 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 16:54 . 2009-07-30 23:01 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-04 16:54 . 2009-07-30 23:01 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-04 16:53 . 2009-07-30 23:01 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-29 07:45 . 2009-07-30 21:55 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2009-07-30 21:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2009-07-30 21:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 00:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2009-07-30 21:55 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2009-07-30 21:55 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2009-07-30 21:55 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BatteryLifeExtender"="c:\program files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe" [2009-03-13 550912]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-18 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2009-06-02 3153408]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"SUPBackground"="c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe" [2009-05-21 298664]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [06/11/2009 12:00 29808]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [30/07/2009 22:34 4300]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [30/07/2009 23:37 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [30/07/2009 23:10 93320]
R3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [30/07/2009 22:37 517504]
R3 VMC33F;Vimicro Camera Service VMC33F;c:\windows\system32\drivers\VMC33F.sys [30/07/2009 22:37 237952]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30/07/2009 22:35 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [07/02/2009 01:08 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-07-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-30 12:22]

2009-07-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-30 12:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Angela\Application Data\Mozilla\Firefox\Profiles\8pjirk6a.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{8c5b4fae-528a-3d82-41d4-b2c359e8c4ec}\components\O_dtH-92.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 14:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\Drivers\atapi.tsk"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(940)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\windows\system32\igfxext.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-06 14:17:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-06 14:17

Pre-Run: 107,636,121,600 bytes free
Post-Run: 107,628,978,176 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 94C6403082309F9E082AC5AFD78D524F


Report •

#6
January 6, 2010 at 19:27:19
Please go to Virus Total and upload the following file for analysis:

c:\windows\system32\---BUaZIWHf.exe

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file". Should it say the file has already been analyzed click the reanalyze button for a double check

Post the results in your reply.

Need the TDSSKiller.txt file. Navigate to C:\TDSSKiller.txt and see if you see it there.

TDSSKill request a reboot...if so did you reboot the computer?


Report •

#7
January 7, 2010 at 02:15:04
I definitely can't find the TDSSKiller.txt file. Should I go back and run that stage again, and see if it creates it this time?
Pretty sure that it did request a reboot and I carried it out.

Here's the log from virustotal:

Antivirus Version Last Update Result
a-squared 4.5.0.48 2010.01.07 -
AhnLab-V3 5.0.0.2 2010.01.07 -
AntiVir 7.9.1.122 2009.12.31 -
Antiy-AVL 2.0.3.7 2010.01.06 -
Authentium 5.2.0.5 2010.01.07 -
Avast 4.8.1351.0 2010.01.06 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.07 -
CAT-QuickHeal 10.00 2010.01.07 -
ClamAV 0.94.1 2010.01.07 -
Comodo 3490 2010.01.06 -
DrWeb 5.0.1.12222 2010.01.07 -
eSafe 7.0.17.0 2010.01.06 -
eTrust-Vet 35.2.7221 2010.01.07 -
F-Prot 4.5.1.85 2010.01.06 -
F-Secure 9.0.15370.0 2010.01.07 -
Fortinet 4.0.14.0 2010.01.07 -
GData 19 2010.01.07 -
Ikarus T3.1.1.79.0 2010.01.07 -
Jiangmin 13.0.900 2010.01.07 -
K7AntiVirus 7.10.940 2010.01.06 -
Kaspersky 7.0.0.125 2010.01.07 -
McAfee 5853 2010.01.06 -
McAfee+Artemis 5853 2010.01.06 -
McAfee-GW-Edition 6.8.5 2010.01.07 -
Microsoft 1.5302 2010.01.07 -
NOD32 4749 2010.01.06 -
Norman 6.04.03 2010.01.06 -
nProtect 2009.1.8.0 2010.01.07 -
Panda 10.0.2.2 2010.01.06 -
PCTools 7.0.3.5 2010.01.07 -
Prevx 3.0 2010.01.07 High Risk Cloaked Malware
Rising 22.29.03.04 2010.01.07 -
Sophos 4.49.0 2010.01.07 -
Sunbelt 3.2.1858.2 2010.01.07 -
Symantec 20091.2.0.41 2010.01.07 -
TheHacker 6.5.0.3.138 2010.01.07 -
TrendMicro 9.120.0.1004 2010.01.07 -
VBA32 3.12.12.1 2010.01.06 -
ViRobot 2010.1.7.2126 2010.01.07 -
VirusBuster 5.0.21.0 2010.01.06 -
Additional information
File size: 118256 bytes
MD5...: 509fd9d3e6b08762782b9d3a5e55197f
SHA1..: 02ea38d4b444e162cc45bc6449a1eb89591623a7
SHA256: 19e8918b9d609dc42e829f4d38271602de6145f64d33e2d0de89c631fe3d378c
ssdeep: 3072:vQIURTXJ2ceAMP/SZCNCz77q1/amx4Dkcbyw:vsYmMP/SZPupaK4Dkgb
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x323c
timedatestamp.....: 0x4a2ae2a2 (Sat Jun 06 21:41:54 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5a5a 0x5c00 6.42 0bc2ffd32265a08d72b795b18265828d
.rdata 0x7000 0x1190 0x1200 5.18 f179218a059068529bdb4637ef5fa28e
.data 0x9000 0x1af98 0x400 4.71 975304d6dd6c4a4f076b15511e2bbbc0
.ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2f000 0x48d0 0x4a00 5.87 4cc3f89c214e350e27ed0f562ca7c749

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )
RDS...: NSRL Reference Data Set
-
packers (F-Prot): NSIS
http://info.prevx.com/aboutprogramtext.asp?PX5=946B7326F072257BCD2201D33F4F7B008DCD3D0D
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)


Report •

#8
January 7, 2010 at 14:37:46
If you are not being redirected you do not need to continue but let me know as there is some clean up that needs to be do. If you are still being redirected then continue

Run TDSSKikker again and see if you get a log, reboot if requested.

Do you know what this file is?

c:\windows\system32\---BUaZIWHf.exe ( it looks like you renamed Malwarebytes to this name)

If not delete it with the combofix script below and follow the same suggestions by disabling your McAfee antivirus, Spybot's TeaTimer, SpySweeper, and Ad-Aware then restart them before you get online.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\system32\---BUaZIWHf.exe

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.


Report •

#9
January 10, 2010 at 04:31:46
Hi again. It seems to be mostly cured, in that I am now no longer having every google search re-directed. However some sites are still cutting through to adverts after they have loaded (even this one!). I ran TDSSKiller again, restarted, and this time it created a log. Here it is:

12:26:28:890 2488 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
12:26:28:890 2488 ================================================================================
12:26:28:890 2488 SystemInfo:

12:26:28:890 2488 OS Version: 5.1.2600 ServicePack: 3.0
12:26:28:890 2488 Product type: Workstation
12:26:28:906 2488 ComputerName: A
12:26:28:906 2488 UserName: Angela
12:26:28:906 2488 Windows directory: C:\WINDOWS
12:26:28:906 2488 Processor architecture: Intel x86
12:26:28:906 2488 Number of processors: 2
12:26:28:906 2488 Page size: 0x1000
12:26:29:093 2488 Boot type: Normal boot
12:26:29:093 2488 ================================================================================
12:26:29:093 2488 ForceUnloadDriver: NtUnloadDriver error 2
12:26:29:093 2488 ForceUnloadDriver: NtUnloadDriver error 2
12:26:29:093 2488 ForceUnloadDriver: NtUnloadDriver error 2
12:26:29:093 2488 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
12:26:29:218 2488 main: Driver KLMD successfully dropped
12:26:29:234 2488 main: Driver KLMD successfully loaded
12:26:29:234 2488
Scanning Registry ...
12:26:29:265 2488 ScanServices: Searching service UACd.sys
12:26:29:265 2488 ScanServices: Open/Create key error 2
12:26:29:265 2488 ScanServices: Searching service TDSSserv.sys
12:26:29:265 2488 ScanServices: Open/Create key error 2
12:26:29:265 2488 ScanServices: Searching service gaopdxserv.sys
12:26:29:265 2488 ScanServices: Open/Create key error 2
12:26:29:265 2488 ScanServices: Searching service gxvxcserv.sys
12:26:29:265 2488 ScanServices: Open/Create key error 2
12:26:29:265 2488 ScanServices: Searching service MSIVXserv.sys
12:26:29:265 2488 ScanServices: Open/Create key error 2
12:26:29:281 2488 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000
12:26:30:140 2488 UnhookRegistry: Kernel local addr: A40000
12:26:30:171 2488 UnhookRegistry: KeServiceDescriptorTable addr: ACB520
12:26:30:671 2488 UnhookRegistry: KiServiceTable addr: A4D8B0
12:26:30:687 2488 UnhookRegistry: NtEnumerateKey service number (local): 47
12:26:30:687 2488 UnhookRegistry: NtEnumerateKey local addr: AE1E14
12:26:30:765 2488 KLMD_OpenDevice: Trying to open KLMD device
12:26:30:765 2488 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
12:26:30:765 2488 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
12:26:30:765 2488 KLMD_ReadMem: Trying to ReadMemory 0x804E380F[0x4]
12:26:30:765 2488 UnhookRegistry: NtEnumerateKey service number (kernel): 47
12:26:30:765 2488 KLMD_ReadMem: Trying to ReadMemory 0x804E49CC[0x4]
12:26:30:765 2488 UnhookRegistry: NtEnumerateKey real addr: 80578E14
12:26:30:765 2488 UnhookRegistry: NtEnumerateKey calc addr: 80578E14
12:26:30:765 2488 UnhookRegistry: No SDT hooks found on NtEnumerateKey
12:26:30:765 2488 KLMD_ReadMem: Trying to ReadMemory 0x80578E14[0xA]
12:26:30:765 2488 UnhookRegistry: No splicing found on NtEnumerateKey
12:26:30:781 2488
Scanning Kernel memory ...
12:26:30:781 2488 KLMD_OpenDevice: Trying to open KLMD device
12:26:30:781 2488 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
12:26:30:781 2488 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
12:26:30:781 2488 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86379380
12:26:30:781 2488 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects
12:26:30:781 2488 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 863C8C68
12:26:30:781 2488 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863C8C68
12:26:30:781 2488 KLMD_ReadMem: Trying to ReadMemory 0x863C8C68[0x38]
12:26:30:781 2488 DetectCureTDL3: DRIVER_OBJECT addr: 86379380
12:26:30:781 2488 KLMD_ReadMem: Trying to ReadMemory 0x86379380[0xA8]
12:26:30:781 2488 KLMD_ReadMem: Trying to ReadMemory 0xE154C688[0x208]
12:26:30:781 2488 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
12:26:30:781 2488 DetectCureTDL3: IrpHandler (0) addr: F7671BB0
12:26:30:781 2488 DetectCureTDL3: IrpHandler (1) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (2) addr: F7671BB0
12:26:30:781 2488 DetectCureTDL3: IrpHandler (3) addr: F766BD1F
12:26:30:781 2488 DetectCureTDL3: IrpHandler (4) addr: F766BD1F
12:26:30:781 2488 DetectCureTDL3: IrpHandler (5) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (6) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (7) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (8) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (9) addr: F766C2E2
12:26:30:781 2488 DetectCureTDL3: IrpHandler (10) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (11) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (12) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (13) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (14) addr: F766C3BB
12:26:30:781 2488 DetectCureTDL3: IrpHandler (15) addr: F766FF28
12:26:30:781 2488 DetectCureTDL3: IrpHandler (16) addr: F766C2E2
12:26:30:781 2488 DetectCureTDL3: IrpHandler (17) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (18) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (19) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (20) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (21) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (22) addr: F766DC82
12:26:30:781 2488 DetectCureTDL3: IrpHandler (23) addr: F767299E
12:26:30:781 2488 DetectCureTDL3: IrpHandler (24) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (25) addr: 804F9739
12:26:30:781 2488 DetectCureTDL3: IrpHandler (26) addr: 804F9739
12:26:30:781 2488 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
12:26:30:781 2488 KLMD_ReadMem: DeviceIoControl error 1
12:26:30:781 2488 TDL3_StartIoHookDetect: Unable to get StartIo handler code
12:26:30:781 2488 TDL3_FileDetect: Processing driver: Disk
12:26:30:781 2488 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
12:26:30:781 2488 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
12:26:30:781 2488 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
12:26:30:812 2488 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 863C8030
12:26:30:812 2488 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863C8030
12:26:30:812 2488 KLMD_ReadMem: Trying to ReadMemory 0x863C8030[0x38]
12:26:30:812 2488 DetectCureTDL3: DRIVER_OBJECT addr: 86379380
12:26:30:812 2488 KLMD_ReadMem: Trying to ReadMemory 0x86379380[0xA8]
12:26:30:812 2488 KLMD_ReadMem: Trying to ReadMemory 0xE154C688[0x208]
12:26:30:812 2488 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
12:26:30:812 2488 DetectCureTDL3: IrpHandler (0) addr: F7671BB0
12:26:30:812 2488 DetectCureTDL3: IrpHandler (1) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (2) addr: F7671BB0
12:26:30:812 2488 DetectCureTDL3: IrpHandler (3) addr: F766BD1F
12:26:30:812 2488 DetectCureTDL3: IrpHandler (4) addr: F766BD1F
12:26:30:812 2488 DetectCureTDL3: IrpHandler (5) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (6) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (7) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (8) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (9) addr: F766C2E2
12:26:30:812 2488 DetectCureTDL3: IrpHandler (10) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (11) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (12) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (13) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (14) addr: F766C3BB
12:26:30:812 2488 DetectCureTDL3: IrpHandler (15) addr: F766FF28
12:26:30:812 2488 DetectCureTDL3: IrpHandler (16) addr: F766C2E2
12:26:30:812 2488 DetectCureTDL3: IrpHandler (17) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (18) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (19) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (20) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (21) addr: 804F9739
12:26:30:812 2488 DetectCureTDL3: IrpHandler (22) addr: F766DC82
12:26:30:812 2488 DetectCureTDL3: IrpHandler (23) addr: F767299E
12:26:30:828 2488 DetectCureTDL3: IrpHandler (24) addr: 804F9739
12:26:30:828 2488 DetectCureTDL3: IrpHandler (25) addr: 804F9739
12:26:30:828 2488 DetectCureTDL3: IrpHandler (26) addr: 804F9739
12:26:30:828 2488 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
12:26:30:828 2488 KLMD_ReadMem: DeviceIoControl error 1
12:26:30:828 2488 TDL3_StartIoHookDetect: Unable to get StartIo handler code
12:26:30:828 2488 TDL3_FileDetect: Processing driver: Disk
12:26:30:828 2488 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
12:26:30:828 2488 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
12:26:30:828 2488 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
12:26:30:859 2488 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 863CBC68
12:26:30:859 2488 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863CBC68
12:26:30:859 2488 KLMD_ReadMem: Trying to ReadMemory 0x863CBC68[0x38]
12:26:30:859 2488 DetectCureTDL3: DRIVER_OBJECT addr: 86379380
12:26:30:859 2488 KLMD_ReadMem: Trying to ReadMemory 0x86379380[0xA8]
12:26:30:859 2488 KLMD_ReadMem: Trying to ReadMemory 0xE154C688[0x208]
12:26:30:859 2488 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
12:26:30:859 2488 DetectCureTDL3: IrpHandler (0) addr: F7671BB0
12:26:30:859 2488 DetectCureTDL3: IrpHandler (1) addr: 804F9739
12:26:30:859 2488 DetectCureTDL3: IrpHandler (2) addr: F7671BB0
12:26:30:859 2488 DetectCureTDL3: IrpHandler (3) addr: F766BD1F
12:26:30:859 2488 DetectCureTDL3: IrpHandler (4) addr: F766BD1F
12:26:30:859 2488 DetectCureTDL3: IrpHandler (5) addr: 804F9739
12:26:30:859 2488 DetectCureTDL3: IrpHandler (6) addr: 804F9739
12:26:30:859 2488 DetectCureTDL3: IrpHandler (7) addr: 804F9739
12:26:30:859 2488 DetectCureTDL3: IrpHandler (8) addr: 804F9739
12:26:30:875 2488 DetectCureTDL3: IrpHandler (9) addr: F766C2E2
12:26:30:875 2488 DetectCureTDL3: IrpHandler (10) addr: 804F9739
12:26:30:875 2488 DetectCureTDL3: IrpHandler (11) addr: 804F9739
12:26:30:875 2488 DetectCureTDL3: IrpHandler (12) addr: 804F9739
12:26:30:875 2488 DetectCureTDL3: IrpHandler (13) addr: 804F9739
12:26:30:875 2488 DetectCureTDL3: IrpHandler (14) addr: F766C3BB
12:26:30:875 2488 DetectCureTDL3: IrpHandler (15) addr: F766FF28
12:26:30:875 2488 DetectCureTDL3: IrpHandler (16) addr: F766C2E2
12:26:30:875 2488 DetectCureTDL3: IrpHandler (17) addr: 804F9739
12:26:30:875 2488 DetectCureTDL3: IrpHandler (18) addr: 804F9739
12:26:30:875 2488 DetectCureTDL3: IrpHandler (19) addr: 804F9739
12:26:30:875 2488 DetectCureTDL3: IrpHandler (20) addr: 804F9739
12:26:30:875 2488 DetectCureTDL3: IrpHandler (21) addr: 804F9739
12:26:30:875 2488 DetectCureTDL3: IrpHandler (22) addr: F766DC82
12:26:30:875 2488 DetectCureTDL3: IrpHandler (23) addr: F767299E
12:26:30:875 2488 DetectCureTDL3: IrpHandler (24) addr: 804F9739
12:26:30:875 2488 DetectCureTDL3: IrpHandler (25) addr: 804F9739
12:26:30:875 2488 DetectCureTDL3: IrpHandler (26) addr: 804F9739
12:26:30:875 2488 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
12:26:30:875 2488 KLMD_ReadMem: DeviceIoControl error 1
12:26:30:875 2488 TDL3_StartIoHookDetect: Unable to get StartIo handler code
12:26:30:875 2488 TDL3_FileDetect: Processing driver: Disk
12:26:30:875 2488 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
12:26:30:875 2488 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
12:26:30:875 2488 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
12:26:30:968 2488 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 86374AB8
12:26:30:968 2488 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86374AB8
12:26:30:968 2488 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 86376968
12:26:30:968 2488 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86376968
12:26:30:968 2488 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 863CE940
12:26:30:968 2488 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863CE940
12:26:30:968 2488 KLMD_ReadMem: Trying to ReadMemory 0x863CE940[0x38]
12:26:30:968 2488 DetectCureTDL3: DRIVER_OBJECT addr: 8637A168
12:26:30:968 2488 KLMD_ReadMem: Trying to ReadMemory 0x8637A168[0xA8]
12:26:30:968 2488 KLMD_ReadMem: Trying to ReadMemory 0xE156A538[0x208]
12:26:30:968 2488 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
12:26:30:968 2488 DetectCureTDL3: IrpHandler (0) addr: F75236F2
12:26:30:968 2488 DetectCureTDL3: IrpHandler (1) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (2) addr: F75236F2
12:26:30:968 2488 DetectCureTDL3: IrpHandler (3) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (4) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (5) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (6) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (7) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (8) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (9) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (10) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (11) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (12) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (13) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (14) addr: F7523712
12:26:30:968 2488 DetectCureTDL3: IrpHandler (15) addr: F751F852
12:26:30:968 2488 DetectCureTDL3: IrpHandler (16) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (17) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (18) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (19) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (20) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (21) addr: 804F9739
12:26:30:968 2488 DetectCureTDL3: IrpHandler (22) addr: F752373C
12:26:30:968 2488 DetectCureTDL3: IrpHandler (23) addr: F752A336
12:26:30:984 2488 DetectCureTDL3: IrpHandler (24) addr: 804F9739
12:26:30:984 2488 DetectCureTDL3: IrpHandler (25) addr: 804F9739
12:26:30:984 2488 DetectCureTDL3: IrpHandler (26) addr: 804F9739
12:26:30:984 2488 KLMD_ReadMem: Trying to ReadMemory 0xF7520864[0x400]
12:26:30:984 2488 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0
12:26:30:984 2488 TDL3_FileDetect: Processing driver: atapi
12:26:30:984 2488 TDL3_FileDetect: Similar paths for origin and cured (C:\WINDOWS\system32\drivers\atapi.tsk)! Generate new path
12:26:30:984 2488 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.tsk, C:\WINDOWS\system32\Drivers\atapi.ts0, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.ts0
12:26:30:984 2488 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.tsk
12:26:30:984 2488 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.tsk
12:26:31:015 2488
Completed

Results:
12:26:31:015 2488 Infected objects in memory: 0
12:26:31:015 2488 Cured objects in memory: 0
12:26:31:015 2488 Infected objects on disk: 0
12:26:31:015 2488 Objects on disk cured on reboot: 0
12:26:31:015 2488 Objects on disk deleted on reboot: 0
12:26:31:015 2488 Registry nodes deleted on reboot: 0
12:26:31:015 2488


Report •

#10
January 10, 2010 at 04:39:16
To follow up I am going ahead with the rest of your suggestions in your last reply.
I have not knowingly renamed anything to
c:\windows\system32\---BUaZIWHf.exe
so I suppose the answer is no, I don't know what the file is!
I am running combofix again, having dragged the CFScript.txt file into it and I will post the log.

Report •

#11
January 10, 2010 at 04:54:53
Here is the 2nd combofix log:

ComboFix 10-01-04.01 - Angela 10/01/2010 12:42:43.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.655 [GMT 0:00]
Running from: c:\documents and settings\Angela\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Angela\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\---BUaZIWHf.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\---BUaZIWHf.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-06 13:16 . 2010-01-06 13:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 11:16 . 2010-01-06 11:17 -------- d-----w- C:\rsit
2010-01-05 15:53 . 2010-01-05 15:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-05 15:53 . 2010-01-05 15:53 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-04 17:23 . 2010-01-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-04 17:23 . 2010-01-06 13:10 -------- d-----w- c:\documents and settings\Angela\Application Data\SUPERAntiSpyware.com
2010-01-04 17:23 . 2010-01-06 13:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-04 17:11 . 2010-01-05 18:19 -------- d-----w- C:\fixwareout
2010-01-04 13:51 . 2010-01-04 13:51 -------- d-----w- c:\program files\MSSOAP
2010-01-04 13:50 . 2009-11-06 15:19 1563008 ----a-w- c:\windows\WRSetup.dll
2010-01-04 13:50 . 2010-01-04 13:50 -------- d-----w- c:\program files\Webroot
2010-01-04 13:50 . 2010-01-04 13:50 -------- d-----w- c:\documents and settings\Angela\Application Data\Webroot
2010-01-04 13:50 . 2010-01-04 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-01-04 13:50 . 2010-01-04 16:42 164 ----a-w- c:\windows\install.dat
2010-01-03 16:21 . 2010-01-06 13:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-03 16:21 . 2010-01-06 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-03 13:58 . 2010-01-03 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-01 22:56 . 2010-01-01 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-01-01 22:55 . 2010-01-01 22:55 -------- d-----w- c:\program files\SoulseekNS
2010-01-01 22:14 . 2010-01-01 22:14 -------- d-----w- c:\documents and settings\Angela\Application Data\Malwarebytes
2010-01-01 22:14 . 2009-12-30 14:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 22:14 . 2010-01-01 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-01 22:14 . 2009-12-30 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 22:14 . 2010-01-01 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 22:02 . 2010-01-01 22:44 -------- d-sh--w- c:\documents and settings\Angela\.COMMgr
2010-01-01 21:51 . 2010-01-01 21:51 -------- d-----w- c:\windows\Sun
2009-12-28 20:39 . 2009-12-28 20:41 -------- d-----w- c:\documents and settings\Angela\Application Data\Apple Computer
2009-12-28 20:39 . 2009-05-18 14:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-28 20:39 . 2008-04-17 13:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-28 20:37 . 2009-12-28 20:37 -------- d-----w- c:\program files\iPod
2009-12-28 20:37 . 2009-12-28 20:39 -------- d-----w- c:\program files\iTunes
2009-12-28 20:37 . 2009-12-28 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-28 20:37 . 2009-12-28 20:37 -------- d-----w- c:\program files\Bonjour
2009-12-28 20:35 . 2009-12-28 20:37 -------- d-----w- c:\program files\QuickTime
2009-12-28 20:35 . 2009-12-28 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-28 20:35 . 2009-12-28 20:35 -------- d-----w- c:\documents and settings\Angela\Local Settings\Application Data\Apple
2009-12-28 20:35 . 2009-12-28 20:35 -------- d-----w- c:\program files\Apple Software Update
2009-12-28 20:34 . 2009-08-28 19:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-12-28 20:34 . 2009-08-28 19:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-28 20:32 . 2009-12-28 20:37 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 20:32 . 2009-12-28 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-28 20:31 . 2009-12-31 20:17 -------- d-----w- c:\documents and settings\Angela\Local Settings\Application Data\Apple Computer
2009-12-27 20:25 . 2009-12-27 20:25 0 ----a-w- c:\windows\nsreg.dat
2009-12-27 20:25 . 2009-12-27 20:25 -------- d-----w- c:\documents and settings\Angela\Local Settings\Application Data\Mozilla
2009-12-27 20:20 . 2009-12-27 20:21 -------- d-----w- C:\b771da6f9f682f7998729ab9c6b25a47
2009-12-27 20:20 . 2009-12-28 17:39 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-26 16:47 . 2010-01-10 12:52 -------- d-----w- c:\documents and settings\Angela\Tracing
2009-12-25 23:02 . 2009-12-25 23:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-25 22:56 . 2009-12-25 22:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-25 22:34 . 2009-12-25 22:35 -------- d-----w- c:\program files\CyberLink
2009-12-25 22:34 . 2009-12-25 22:34 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-12-25 22:34 . 2009-12-25 19:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2009-12-25 22:31 . 2010-01-05 20:20 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-12-25 22:31 . 2009-08-06 14:04 27488 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 22:31 . 2009-07-30 23:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-12-25 22:31 . 2009-07-30 23:56 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-12-25 22:31 . 2009-07-30 22:42 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft Help
2009-12-25 22:31 . 2009-07-30 22:37 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield
2009-12-25 22:31 . 2009-07-30 22:33 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
2009-12-25 22:31 . 2009-07-30 23:57 -------- d-sh--w- c:\documents and settings\Default User\PrivacIE
2009-12-25 22:31 . 2009-07-30 23:49 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-25 22:22 . 2009-12-25 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-12-25 19:24 . 2009-12-25 19:24 -------- d-----w- c:\windows\ie8updates
2009-12-25 19:16 . 2009-12-25 19:16 -------- d-----w- c:\documents and settings\Angela\Application Data\PlayFirst
2009-12-25 19:16 . 2009-12-25 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-12-25 19:15 . 2009-12-25 19:15 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-12-25 19:14 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-25 19:14 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-25 19:12 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-25 19:12 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-25 19:12 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-25 19:12 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-25 19:12 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-25 19:12 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-25 19:11 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-25 19:09 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-25 19:09 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-25 19:09 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-25 19:08 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 14:00 . 2008-04-14 00:10 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-01-06 13:26 . 2010-01-06 13:26 96512 ------w- c:\windows\system32\drivers\atapi.tsk
2010-01-06 13:16 . 2009-07-30 22:33 -------- d-----w- c:\program files\Java
2010-01-03 14:09 . 2009-07-30 22:29 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-01 20:08 . 2009-07-30 22:52 -------- d-----w- c:\program files\McAfee
2009-12-28 17:40 . 2009-12-25 22:32 27488 ----a-w- c:\documents and settings\Angela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-27 20:28 . 2009-07-30 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-26 06:53 . 2009-07-30 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\WinClon
2009-12-25 22:32 . 2009-12-25 22:32 0 ----a-w- c:\windows\system32\drivers\144D_SAMSUNG_N_N130_01CM.mrk
2009-11-12 17:07 . 2009-11-12 17:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-06 12:00 . 2009-11-06 12:00 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 12:00 . 2009-11-06 12:00 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 12:00 . 2009-11-06 12:00 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-04 16:54 . 2009-07-30 23:01 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 16:54 . 2009-07-30 23:01 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 16:54 . 2009-07-30 23:01 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-04 16:54 . 2009-07-30 23:01 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-04 16:53 . 2009-07-30 23:01 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-29 07:45 . 2009-07-30 21:55 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2009-07-30 21:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2009-07-30 21:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 00:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2009-07-30 21:55 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2009-07-30 21:55 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2009-07-30 21:55 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-06_14.12.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-10 12:50 . 2010-01-10 12:50 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat
+ 2009-07-30 22:32 . 2010-01-10 12:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-07-30 22:32 . 2010-01-06 13:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-06 15:54 . 2010-01-10 12:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-07-30 22:32 . 2010-01-06 13:12 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BatteryLifeExtender"="c:\program files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe" [2009-03-13 550912]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-18 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2009-06-02 3153408]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"SUPBackground"="c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe" [2009-05-21 298664]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [06/11/2009 12:00 29808]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [30/07/2009 22:34 4300]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [30/07/2009 23:37 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [30/07/2009 23:10 93320]
R3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [30/07/2009 22:37 517504]
R3 VMC33F;Vimicro Camera Service VMC33F;c:\windows\system32\drivers\VMC33F.sys [30/07/2009 22:37 237952]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30/07/2009 22:35 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [07/02/2009 01:08 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-07-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-30 12:22]

2009-07-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-30 12:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Angela\Application Data\Mozilla\Firefox\Profiles\8pjirk6a.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{8c5b4fae-528a-3d82-41d4-b2c359e8c4ec}\components\O_dtH-92.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove----BUaZIWHf - c:\windows\system32\---BUaZIWHf.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 12:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\Drivers\atapi.tsk"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe
c:\windows\system32\igfxext.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-10 12:57:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-10 12:56
ComboFix2.txt 2010-01-06 14:17

Pre-Run: 107,707,006,976 bytes free
Post-Run: 107,693,551,616 bytes free

- - End Of File - - 3E772D780A2F4C05965B82521F71CE00


Report •

#12
January 10, 2010 at 07:46:41
Go to start> control panel> internet options> under browser history click delete> select (History, tempory Internet files and cookies)> ok> ok.

Please download TFC by Old Timer from the following link and save it to your desktop.

TFC by Old Timer



1. Save any unsaved work. TFC will close ALL open programs including your browser

2. Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.

3. Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

4. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Then let me know if you are being redirected or have pop-ups.


Report •

Ask Question