Solved Possible Trojan/keylogger?

[Resolved] Possible Trojan/keylogger?

Well, I think my computers been hacked. It actually started with my World of Warcraft account which I haven't accessed in over a month, only to find it hacked and closed. I havent found any issues yet using my McAfee AVS on one computer (the one from the logs below, Vista SP1) nor on my HTPC with Windows 7 and Kaspersky Beta AVS for W7. I'll post those logs in a seperate post tomorrow. I just want these checked out to ensure nothing is hiding. I've used the AVS as well as Spybot and AdAware so far with no results. Actually, I can't run dds on my W7 computer as it's not supported. Wouldn't work in compatibility mode either. What other program do you recommend for that system as I believe that was the system that may have been compromised?

DDS (Ver_09-02-01.01) - NTFSx86
Run by Andrew at 1:39:31.82 on Fri 02/27/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1023.256 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbfcoms.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Andrew\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: CGreenPrintPDF Object: {df96ba30-57f6-4700-8065-910ec3be9e3b} - c:\program files\greenprint technologies\greenprint world\GPIEPlugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\system32\browseui.dll
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
mRun: [PDUiP6000DMon] c:\program files\canon\memory card utility\pixma ip6000d\PDUiP6000DMon.exe
mRun: [PDUiP6000DTskbr] c:\program files\canon\memory card utility\pixma ip6000d\PDUiP6000DTskbr.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe "
mRun: [Yapta Tracker] c:\program files\yapta\YaptaClient.exe /onstartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [GPPrinterNotify] "c:\program files\greenprint technologies\greenprint world\GPPrinterNotify.exe "
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe "
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
StartupFolder: c:\users\andrew\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\users\andrew\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\greenp~2.lnk - c:\program files\greenprint technologies\greenprint world\GPPrinterNotify.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\greenp~1.lnk - c:\program files\greenprint technologies\greenprint world\GPTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {DF96BA30-57F6-4700-8065-910EC3BE9E3B}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {554099FE-3856-4d93-86B5-0024AEF63BC7} - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - c:\program files\greenprint technologies\greenprint world\GPIEPlugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://upload.smugmug.com/photos/activex/ImageUploader4-082807.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/ct.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.94.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\ktjpfqq5.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\ktjpfqq5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

============= SERVICES / DRIVERS ===============

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-11-25 19456]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-10-10 42112]

=============== Created Last 30 ================

2009-02-22 12:06 7,409 a------- c:\windows\system32\Config.MPF
2009-02-22 12:06 <DIR> --d----- c:\programdata\SiteAdvisor
2009-02-22 12:02 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-02-22 12:02 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-02-22 12:02 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-02-22 12:02 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-02-22 12:02 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-02-22 12:01 125,728 a------- c:\windows\system32\drivers\Mpfp.sys
2009-02-22 12:01 <DIR> --d----- c:\program files\McAfee.com
2009-02-22 12:01 <DIR> --d----- c:\program files\common files\McAfee
2009-02-22 12:00 <DIR> --d----- c:\program files\McAfee
2009-02-22 11:34 <DIR> --d----- c:\programdata\McAfee
2009-02-12 03:03 <DIR> --d----- c:\windows\SQL9_KB960089_ENU
2009-02-11 06:07 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 06:07 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-01 01:06 <DIR> --d----- c:\programdata\BOINC
2009-02-01 01:06 <DIR> --d----- c:\program files\BOINC
2009-02-01 01:06 <DIR> --d----- c:\progra~2\BOINC
2009-01-31 23:19 <DIR> --d----- c:\program files\Motorola Tools
2009-01-31 19:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-01-31 19:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-01-31 19:34 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-01-31 19:30 <DIR> --d----- c:\program files\common files\Motorola Shared

==================== Find3M ====================

2009-01-31 19:32 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-31 19:32 86,016 a------- c:\windows\inf\infstor.dat
2009-01-31 19:32 51,200 a------- c:\windows\inf\infpub.dat
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-09 11:07 828,160 a------- c:\windows\boinc.scr
2008-11-12 22:55 56 a---h--- c:\programdata\ezsidmv.dat
2008-11-12 22:55 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-22 02:44 174 a--sh--- c:\program files\desktop.ini
2008-06-22 02:26 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-08 23:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-08-08 23:02 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-08-08 23:02 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 1:42:09.43 ===============

DDS (Ver_09-02-01.01)

Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume3
Install Date: 1/25/2007 2:45:36 AM
System Uptime: 2/24/2009 7:17:12 PM (54 hours ago)

Motherboard: ASUSTeK Computer Inc. | | A8V Deluxe
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2202/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 82.609 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 120.926 GiB free.
E: is FIXED (NTFS) - 279 GiB total, 234.986 GiB free.
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Wireless Notebook Adapter MN-730
Device ID: PCI\VEN_14E4&DEV_4325&SUBSYS_00041414&REV_02\3&267A616A&0&60
Manufacturer: Broadcom
Name: Microsoft Wireless Notebook Adapter MN-730
PNP Device ID: PCI\VEN_14E4&DEV_4325&SUBSYS_00041414&REV_02\3&267A616A&0&60
Service: BCM43XV

Class GUID:
Description:
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\3&267A616A&0&69
Manufacturer:
Name:
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\3&267A616A&0&69
Service:

==== System Restore Points ===================


==== Installed Programs ======================

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Applications
ATI Catalyst Install Manager
BOINC
Bonjour
Branding
Canon Inkjet Printer Driver Add-On Module
Canon PIXMA iP6000D Memory Card Utility
Canon Utilities Easy-LayoutPrint
Canon Utilities Easy-PhotoPrint
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
Citrix Presentation Server Client
Compatibility Pack for the 2007 Office system
Creative Audio Console
Creative Audio Processing Object Interface Module
DIRECTV2PC Playback Advisor
Form Fill (Windows Live Toolbar)
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
GreenPrint World
Highlight Viewer (Windows Live Toolbar)
ImgBurn
iTunes
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
LeapFrog Connect
LeapFrog Tag Plugin
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
Microsoft IntelliPoint 6.1
Microsoft IntelliType Pro 6.1
Microsoft Location Finder
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Small Business Connectivity Components
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Motorola Driver Installation 3.7.0
Mozilla Firefox (3.0.6)
MyHeritage Family Tree Builder
OpenAL
OpenOffice.org 2.3
QuickTime
RadarLab HD
RealPlayer
Rhapsody Player Engine
Safari
Skins
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
URGE
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Player Firefox Plugin
Windows Mobile Device Center
WinRAR archiver
World of Warcraft

==== End Of File ===========================

 

Hi VampyreGTX
Welcome to WindowsBBS.

Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now this.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on "Accept" If your pop "“up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the "Scan Report" On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Will run Kaspersky online overnight and will post the results aftger work tomorrow night. Thanks again!

 

Hi
OK no problem.

Geri

 

Okay, I've run ATF-Cleaner.

I also ran Kaspersky online last night and had zero across the board for any threats. I didn't save the log as it clear.

 

Hi
OK well, I see nothing in your DDS log and Kaspersky comes up clean, I don't believe your system is compromised.

If you are not satisfied we can run a Panda scan also? What would you like to do?

Thanks
Geri

 

Thanks for the help! Glad it all appears secure, I have a second post for my HTPC system as well. Hopefully that is clean too.

I haven't heard of Panda Scan, what is that? If it's not too much of a hassle, I may as well run that as well.

 

Hi
Panda is another virus scaner.

Here are the instructions, If anything shows post the log.

Make sure you run ATF Cleaner before the scan.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Geri

 

nothing malicious was detected. The only issues were the cookies in my dual-boot OS (XP) which I haven't used in quite some time and will actually be removing it this weekend most likely. Looks like that computer is in the clear! Thanks for the help. Hopefully I'll get the HTPC running W7 I posted on given an all clear soon as well.

 

Hi
OK good to hear. you'er welcome.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

I'll mark this resolved.

Surf Safely
Geri