Solved FXstaller.exe - Generic.dx removed but IE not working properly

[Resolved] FXstaller.exe - Generic.dx removed but IE not working properly

Hi
Thanks in advance for help with my Desktop PC.
My daughter had rec'd a MSN virus. The file I found was called FXstaller or Fxsteller. I quickly tried to removed it on March 3, 2009. I looked around and saw in the Mcafee forum to use SuperAntispyware to remove it. I Also used Malwarebytes Anti-malware. I've snooped around and downloaded a bunch of tools to help with fixing my problem but have been leary to use them without guidance so hence I'm here.

My internet has been slowly getting worse with sites hanging and tonight I lost connection to the internet completely and my computer kept shutting down. It appears something is still changing the urls putting numbers behind the address.

I'm a graphic artist and you will notice many plugins (filters) to perform specific effects in case you are not familar with some of them.

attached are logs as requested.
DDS

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 1:45:43.93 on Wed 03/25/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.506 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Owner\Desktop\antispyware fixes\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CInterceptor Object: {38d3fe60-3d53-4f37-bb0e-c7a97a26a156} - c:\program files\pando networks\pando\PandoIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [<NO NAME>]
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe "
uRun: [Pando] "c:\program files\pando networks\pando\Pando.exe" /Minimized
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" - "http://www.gofreegames.com/classics-games/3D_Pong.htm "
mRun: [Lexmark X5100 Series] "c:\program files\lexmark x5100 series\lxbabmgr.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\imvu.lnk - c:\documents and settings\owner\application data\imvuclient\IMVUClient.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184262271703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://www.scn-chat.com/includes/MSNChat45.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-7-12 11264]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 213640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-4 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-4 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-4 144704]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-4 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-4 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-4 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-4 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-3 34216]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

=============== Created Last 30 ================

2009-03-11 03:15 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-03-11 01:23 <DIR> --d----- c:\program files\common files\Intel Shared
2009-03-11 01:23 48,640 a------- c:\windows\system32\inetwh32.dll
2009-03-11 01:23 119,808 a------- c:\windows\system32\G723.ACM
2009-03-11 01:21 524,288 a------- c:\windows\system32\InetIPLA6.dll
2009-03-11 01:21 516,096 a------- c:\windows\system32\InetIPLM6.dll
2009-03-11 01:21 512,000 a------- c:\windows\system32\InetIPLP6.dll
2009-03-11 01:21 503,808 a------- c:\windows\system32\InetIPLPX.dll
2009-03-11 01:21 495,616 a------- c:\windows\system32\InetIPLM5.dll
2009-03-11 01:21 491,520 a------- c:\windows\system32\InetIPLP5.dll
2009-03-11 01:21 372,736 a------- c:\windows\system32\ijl15.dll
2009-03-11 01:21 20,480 a------- c:\windows\system32\InetIPL.dll
2009-03-11 01:21 19,968 a------- c:\windows\system32\Cpuinf32.dll
2009-03-11 01:21 <DIR> --d----- c:\program files\Web Publish
2009-03-11 01:20 38,160 a------- c:\windows\system32\LMRTREND.dll
2009-03-11 01:20 182,032 a------- c:\windows\system32\dxtmsft3.dll
2009-03-11 01:20 140,800 a------- c:\windows\system32\tm20dec.ax
2009-03-11 01:20 63,488 a------- c:\windows\system32\unam4ie.exe
2009-03-11 01:20 194,320 a------- c:\windows\system32\qcut.dll
2009-03-11 01:20 11,776 a------- c:\windows\system32\mciqtz.drv



Attach file


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/11/2007 8:07:39 PM
System Uptime: 3/24/2009 9:29:49 PM (4 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2V-MX
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2199/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 38.147 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 403.284 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP623: 3/13/2009 2:48:33 AM - System Checkpoint
RP624: 3/13/2009 7:26:44 PM - Installed Pando.
RP625: 3/13/2009 7:28:12 PM - Removed Pando.
RP626: 3/14/2009 9:00:09 PM - System Checkpoint
RP627: 3/16/2009 5:28:23 AM - System Checkpoint
RP628: 3/17/2009 6:00:34 AM - System Checkpoint
RP629: 3/18/2009 7:00:46 AM - System Checkpoint
RP630: 3/19/2009 8:00:43 AM - System Checkpoint
RP631: 3/20/2009 8:06:43 AM - System Checkpoint
RP632: 3/21/2009 8:25:46 AM - System Checkpoint
RP633: 3/22/2009 9:25:48 AM - System Checkpoint
RP634: 3/23/2009 9:38:00 AM - System Checkpoint
RP635: 3/24/2009 3:27:29 PM - System Checkpoint

==== Installed Programs ======================

3D Shadow by Lokas Software
7-Zip 4.57
ABBYY FineReader 5.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Xenofex 2.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
AVIVO Codecs
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
Critical Update for Windows Media Player 11 (KB959772)
ERUNT 1.1j
Eye Candy 3
Eye Candy 4000
FamilyFeudOnlineParty (remove only)
FaxTools
Filters Unlimited 1.0
Filters Unlimited 2.0
Google Toolbar for Internet Explorer
Harry's Filters 3.01
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Intel® Create & Share® Software
ISO Recorder
J2SE Runtime Environment 5.0 Update 7
Jasc Animation Shop 3
Jasc Animation Shop 3 20041030_07 Help file Patch
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Jasc Paint Shop Pro 9.01 Patch
Java(TM) 6 Update 12
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
JMB36X Raid Configurer
Lexmark X5100 Series
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSN
MSVCRT
MSXML 6.0 Parser (KB933579)
Nero OEM
OpenOffice.org 2.1
Pando
Platform
PowerDVD
QuickTax 2003 Standard
QuickTax 2004
QuickTax 2005
QuickTax 2006
QuickTax 2007
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Segoe UI
Skins
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
System Requirements Lab
the flux collection
Ulead Particle.Plugin 1.0
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Platform Device Manager
Vizros Plug-ins 4.1
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.2
Xenofex 1.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger

==== End Of File ===========================

sry it's long ty for your assistance

 

Oh one more thing two files were created on the date I received this virus and are still in my "C" Drive. They are Mooo which was running when virus was discovered and had a message indicating something to the effect that drivers were corrupted. It is called "mooo" and is still in my folder as an exe file. The other one is called "jdsfhjq" and is an executable application file also that was placed in my "C" drive when the virus was received.

 

ok i found my original logs for the virus that was removed
so posting here too if it helps

superantispyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/04/2009 at 02:23 AM

Application Version : 4.25.1014

Core Rules Database Version : 3784
Trace Rules Database Version: 1741

Scan type : Complete Scan
Total Scan Time : 00:50:18

Memory items scanned : 560
Memory threats detected : 1
Registry items scanned : 5756
Registry threats detected : 1
File items scanned : 32591
File threats detected : 91

Trojan.Agent/Gen-FXSTALLER
C:\WINDOWS\FXSTELLER.EXE
C:\WINDOWS\FXSTELLER.EXE
[Windows UDP Control Center] C:\WINDOWS\FXSTELLER.EXE
C:\WINDOWS\Prefetch\FXSTELLER.EXE-11844F9F.pf

Adware.Tracking Cookie
C:\DOCUME~1\Britt\LOCALS~1\Temp\Cookies\britt@revsci[1].txt
C:\DOCUME~1\Britt\LOCALS~1\Temp\Cookies\britt@ads.bleepingcomputer[1].txt
C:\DOCUME~1\Britt\LOCALS~1\Temp\Cookies\britt@ads.techguy[2].txt
C:\DOCUME~1\Britt\LOCALS~1\Temp\Cookies\britt@ad.yieldmanager[1].txt
C:\DOCUME~1\Britt\LOCALS~1\Temp\Cookies\britt@microsoftwindows.112.2o7[1].txt
C:\DOCUME~1\Britt\LOCALS~1\Temp\Cookies\britt@fsecure.122.2o7[1].txt
C:\DOCUME~1\Britt\LOCALS~1\Temp\Cookies\britt@msnservices.112.2o7[1].txt
C:\DOCUME~1\Britt\LOCALS~1\Temp\Cookies\britt@chitika[1].txt
C:\DOCUME~1\Britt\LOCALS~1\Temp\Cookies\britt@indextools[2].txt
C:\DOCUME~1\Britt\LOCALS~1\Temp\Cookies\britt@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Britt\Cookies\britt@specificclick[1].txt
C:\Documents and Settings\Britt\Cookies\britt@weborama[1].txt
C:\Documents and Settings\Britt\Cookies\britt@tribalfusion[1].txt
C:\Documents and Settings\Britt\Cookies\britt@msnservices.112.2o7[1].txt
C:\Documents and Settings\Britt\Cookies\britt@stat.onestat[2].txt
C:\Documents and Settings\Britt\Cookies\britt@chitika[1].txt
C:\Documents and Settings\Britt\Cookies\britt@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Britt\Cookies\britt@thephonehouse.solution.weborama[2].txt
C:\Documents and Settings\Britt\Cookies\britt@msnonecare.112.2o7[1].txt
C:\Documents and Settings\Britt\Cookies\britt@stats.ilsemedia[2].txt
C:\Documents and Settings\Britt\Cookies\britt@www.googleadservices[1].txt
C:\Documents and Settings\Britt\Cookies\britt@ads.techguy[1].txt
C:\Documents and Settings\Britt\Cookies\britt@server.iad.liveperson[1].txt
C:\Documents and Settings\Britt\Cookies\britt@server.iad.liveperson[3].txt
C:\Documents and Settings\Britt\Cookies\britt@ad.yieldmanager[2].txt
C:\Documents and Settings\Britt\Local Settings\Temp\Cookies\britt@fsecure.122.2o7[1].txt
C:\Documents and Settings\Britt\Local Settings\Temp\Cookies\britt@msnservices.112.2o7[1].txt
C:\Documents and Settings\Britt\Local Settings\Temp\Cookies\britt@chitika[1].txt
C:\Documents and Settings\Britt\Local Settings\Temp\Cookies\britt@revsci[1].txt
C:\Documents and Settings\Britt\Local Settings\Temp\Cookies\britt@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Britt\Local Settings\Temp\Cookies\britt@indextools[2].txt
C:\Documents and Settings\Britt\Local Settings\Temp\Cookies\britt@ad.yieldmanager[1].txt
C:\Documents and Settings\Britt\Local Settings\Temp\Cookies\britt@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Britt\Local Settings\Temp\Cookies\britt@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Britt\Local Settings\Temp\Cookies\britt@ads.techguy[2].txt
C:\Documents and Settings\Hal\Cookies\hal@www.ezconversiontracker[1].txt
C:\Documents and Settings\Hal\Cookies\hal@www.googleadservices[3].txt
C:\Documents and Settings\Hal\Cookies\hal@www.googleadservices[1].txt
C:\Documents and Settings\Hal\Cookies\hal@server.iad.liveperson[2].txt
C:\Documents and Settings\Hal\Cookies\hal@account.live[2].txt
C:\Documents and Settings\Hal\Cookies\hal@www.amo-webstats[1].txt
C:\Documents and Settings\Hal\Cookies\hal@122.2o7[2].txt
C:\Documents and Settings\Hal\Cookies\hal@ads.pointroll[1].txt
C:\Documents and Settings\Hal\Cookies\hal@adserver.adtechus[1].txt
C:\Documents and Settings\Hal\Cookies\hal@amazontimex.122.2o7[1].txt
C:\Documents and Settings\Hal\Cookies\hal@ashford.112.2o7[1].txt
C:\Documents and Settings\Hal\Cookies\hal@digitalclarity.112.2o7[1].txt
C:\Documents and Settings\Hal\Cookies\hal@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Hal\Cookies\hal@kontera[2].txt
C:\Documents and Settings\Hal\Cookies\hal@nextag[1].txt
C:\Documents and Settings\Hal\Cookies\hal@server.iad.liveperson[1].txt
C:\Documents and Settings\Hal\Cookies\hal@specificclick[2].txt
C:\Documents and Settings\Hal\Cookies\hal@stats.manticoretechnology[2].txt
C:\Documents and Settings\Hal\Cookies\hal@stats.zmags[1].txt
C:\Documents and Settings\Hal\Cookies\hal@www.googleadservices[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bravenet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.adxtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.clicksor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.counterservis[1].txt
C:\Documents and Settings\Owner\Cookies\owner@amazonsearsca.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\Owner\Cookies\owner@006.free-counters.co[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partners.tattomedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@earthlink.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.widgetbucks[1].txt
C:\Documents and Settings\Owner\Cookies\owner@socialmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.socialtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@iacas.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@1.sharkadnetwork[2].txt
C:\Documents and Settings\Owner\Cookies\owner@affiliates.commissionaccount[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hc2.humanclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@myroitracking[1].txt
C:\Documents and Settings\Owner\Cookies\owner@vitamine.networldmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.ecoretrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@chitika[1].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.socialreach[2].txt
C:\Documents and Settings\Owner\Cookies\owner@homedepotca.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@workopolis.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.networldmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@videoegg.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@networldmedia[2].txt


then log from malwarebytes anti-malware

alwarebytes' Anti-Malware 1.34
Database version: 1823
Windows 5.1.2600 Service Pack 3

3/5/2009 11:09:55 PM
mbam-log-2009-03-05 (23-09-49).txt

Scan type: Quick Scan
Objects scanned: 88911
Time elapsed: 10 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Hi Treasure
Sorry for the dwlay.

Please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Thanks
Geri

 

thank Geri

here is my combofix log

ComboFix 09-04-04.01 - Owner 2009-04-10 10:21:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.551 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\oeminfo.ini
c:\windows\system32\MabryObj.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-03-31 22:59 . 2009-03-09 02:53 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-20 19:23 . 2009-03-20 19:23 <DIR> d-------- c:\documents and settings\Hal\Tracing
2009-03-19 12:21 . 2009-03-19 12:21 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-03-11 03:15 . 2009-03-11 03:15 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-03-11 01:23 . 2009-03-11 01:23 <DIR> d-------- c:\program files\Common Files\Intel Shared
2009-03-11 01:23 . 1999-07-16 13:39 119,808 --a------ c:\windows\system32\G723.ACM
2009-03-11 01:23 . 1998-04-07 15:32 48,640 --a------ c:\windows\system32\inetwh32.dll
2009-03-11 01:21 . 2009-03-11 01:21 <DIR> d-------- c:\program files\Web Publish
2009-03-11 01:21 . 2000-06-06 11:12 524,288 --a------ c:\windows\system32\InetIPLA6.dll
2009-03-11 01:21 . 2000-06-06 11:12 516,096 --a------ c:\windows\system32\InetIPLM6.dll
2009-03-11 01:21 . 2000-06-06 11:12 512,000 --a------ c:\windows\system32\InetIPLP6.dll
2009-03-11 01:21 . 2000-06-06 11:12 503,808 --a------ c:\windows\system32\InetIPLPX.dll
2009-03-11 01:21 . 2000-06-06 11:12 495,616 --a------ c:\windows\system32\InetIPLM5.dll
2009-03-11 01:21 . 2000-06-06 11:12 491,520 --a------ c:\windows\system32\InetIPLP5.dll
2009-03-11 01:21 . 2000-09-15 16:51 372,736 --a------ c:\windows\system32\ijl15.dll
2009-03-11 01:21 . 2000-06-06 11:12 20,480 --a------ c:\windows\system32\InetIPL.dll
2009-03-11 01:21 . 2000-04-25 09:10 19,968 --a------ c:\windows\system32\Cpuinf32.dll
2009-03-11 01:20 . 2009-03-11 01:24 <DIR> d-------- c:\program files\Intel
2009-03-11 01:20 . 1998-09-02 03:02 194,320 --a------ c:\windows\system32\qcut.dll
2009-03-11 01:20 . 1998-08-26 23:51 182,032 --a------ c:\windows\system32\dxtmsft3.dll
2009-03-11 01:20 . 1998-08-20 06:02 140,800 --a------ c:\windows\system32\tm20dec.ax
2009-03-11 01:20 . 1998-09-02 03:28 63,488 --a------ c:\windows\system32\unam4ie.exe
2009-03-11 01:20 . 1998-09-02 03:28 38,160 --a------ c:\windows\system32\LMRTREND.dll
2009-03-11 01:20 . 1998-08-17 04:21 11,776 --a------ c:\windows\system32\mciqtz.drv
2009-03-11 01:20 . 1998-08-17 04:21 10,240 --a------ c:\windows\system32\vidx16.dll
2009-03-11 01:20 . 1998-08-17 04:21 5,672 --a------ c:\windows\system32\quartz.vxd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 23:58 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-04-01 03:59 --------- d-----w c:\program files\Java
2009-03-24 17:43 --------- d-----w c:\program files\McAfee
2009-03-21 00:23 --------- d-----w c:\documents and settings\Hal\Application Data\OpenOffice.org2
2009-03-14 01:26 --------- d-----w c:\program files\Pando Networks
2009-03-11 06:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-09 10:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 05:09 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-06 04:58 --------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-06 04:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-06 04:52 --------- d-----w c:\program files\ERUNT
2009-03-05 00:48 --------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-03-04 09:47 --------- d-----w c:\program files\Windows Live SkyDrive
2009-03-04 09:47 --------- d-----w c:\program files\Windows Live
2009-03-04 09:47 --------- d-----w c:\program files\Microsoft
2009-03-04 08:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-04 07:29 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-04 07:29 --------- d-----w c:\documents and settings\Britt\Application Data\SUPERAntiSpyware.com
2009-03-04 07:29 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-04 07:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-04 05:06 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-03-04 05:06 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-04 05:03 --------- d-----w c:\program files\McAfee.com
2009-03-04 05:03 --------- d-----w c:\program files\Common Files\McAfee
2009-03-04 04:42 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-03 23:14 5,449 ----a-w C:\mooo.exe
2009-03-03 16:54 1,025 ----a-w C:\jdsfhjq.exe
2009-03-03 04:26 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-16 06:00 --------- d-----w c:\documents and settings\Owner\Application Data\Uniblue
2009-02-16 06:00 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-16 05:50 --------- d-----w c:\program files\PC Drivers HeadQuarters
2009-02-16 05:50 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-02-16 05:49 --------- d-----w c:\program files\Common Files\Download Manager
2009-02-11 16:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 16:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 00:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-16 20:45 73,728 ----a-w c:\windows\system32\RtNicProp32.dll
2008-08-06 23:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-06-11 4670968]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-06 68856]
"NBJ "= "c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
"Pando "= "c:\program files\Pando Networks\Pando\Pando.exe" [2009-02-19 3913032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X5100 Series "= "c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\documents and settings\Hal\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2001-11-19 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.G723 "= g723.acm
"vidc.I263 "= I263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2006-11-16 12:05 1953792 c:\windows\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2006-10-30 15:44 36864 c:\windows\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2007-07-12 17:49 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-07-12 17:49 16062464 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-07-12 17:49 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\WINDOWS\\system32\\LEXPPS.EXE "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Intel\\Createshare\\VideoPhone\\VP50.exe "=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe "=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-07-12 11264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-03-04 210216]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 10:22:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed "= "1 "
@=" "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange "= "1 "
"Installed "= "1 "
@=" "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed "= "1 "
@=" "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2009-04-10 10:24:54
ComboFix-quarantined-files.txt 2009-04-10 15:24:24

Pre-Run: 41,744,715,776 bytes free
Post-Run: 42,240,446,464 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

215 --- E O F --- 2009-02-26 00:50:56

 

ok my ie stop hanging until i rebooted my computer and now it the same as before it doesn't seem to have made a difference. I "m still getting network failure trying to upload pics to file sharing programs. I'm wondering if I should restore to a few wks ago and try again since it maybe too old. What do you think?

 

Hi
OK lets have these two files scanned.

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time
  
  • C:\mooo.exe
    C:\jdsfhjq.exe
• Click on the submit button
  
• Please post the results in your next reply.

Lets hold off on the system restore for now.

Thanks
Geri

 

File: mooo.exe
Status: OK
MD5: 527f15c44fce9b839b49c3af02d8c374
Packers detected: -

Scanner results
Scan taken on 11 Apr 2009 17:22:40 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing



File: jdsfhjq.exe
Status: OK
MD5: 3b4840876b47190871e4ae5a99c93c93
Packers detected: -

Scanner results
Scan taken on 11 Apr 2009 17:25:38 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing



when I was searching jdsfhjq.exe, I came across another forum who received this virus same day as I did and also had this file added to their drive.


note sure if it helps but here is the link i found related to the two exe files in question. 2nd one just shows the Mooo.exe as possible threat for the period I received the virus Mar 3.


http://forums.whatthetech.com/can_someone_help_please_t100607.html

http://www.incodesolutions.com/

found another related link to these files

http://www.techsupportforum.com/2009332-post4.html

 

Hi
OK please do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

Code:

File::
C:\mooo.exe
C:\jdsfhjq.exe 

Please post the combofix log.

Geri

 

here's my log ty for your assistance, ready for next step

ComboFix 09-04-12.02 - Owner 2009-04-12 8:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.557 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
C:\jdsfhjq.exe
C:\mooo.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\jdsfhjq.exe
C:\mooo.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.

2009-04-10 15:16 . 2000-08-31 13:00 89504 ----a-w c:\windows\fdsv.exe
2009-04-01 03:59 . 2009-03-09 07:53 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-03-21 00:23 . 2009-03-21 00:23 -------- d-----w c:\documents and settings\Hal\Tracing
2009-03-19 17:21 . 2009-03-19 17:21 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 23:13 . 2009-03-04 05:09 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-04-01 03:59 . 2007-07-12 01:30 -------- d-----w c:\program files\Java
2009-03-24 17:43 . 2009-03-04 05:02 -------- d-----w c:\program files\McAfee
2009-03-21 00:23 . 2007-08-03 20:52 -------- d-----w c:\documents and settings\Hal\Application Data\OpenOffice.org2
2009-03-14 01:26 . 2007-09-09 01:00 -------- d-----w c:\program files\Pando Networks
2009-03-11 08:15 . 2009-03-11 08:15 -------- d-----w c:\program files\SystemRequirementsLab
2009-03-11 06:24 . 2009-03-11 06:20 -------- d-----w c:\program files\Intel
2009-03-11 06:24 . 2007-07-12 01:29 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 06:23 . 2009-03-11 06:23 -------- d-----w c:\program files\Common Files\Intel Shared
2009-03-11 06:21 . 2009-03-11 06:21 -------- d-----w c:\program files\Web Publish
2009-03-09 10:19 . 2008-12-02 13:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 05:09 . 2009-03-06 04:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-06 04:58 . 2009-03-06 04:58 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-06 04:58 . 2009-03-06 04:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-06 04:52 . 2009-03-06 04:51 -------- d-----w c:\program files\ERUNT
2009-03-05 00:48 . 2009-03-05 00:48 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-03-04 09:47 . 2009-03-04 09:47 -------- d-----w c:\program files\Microsoft
2009-03-04 09:47 . 2008-04-22 08:02 -------- d-----w c:\program files\Windows Live
2009-03-04 09:47 . 2009-03-04 09:47 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-04 08:42 . 2008-04-12 03:30 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-04 07:29 . 2009-03-04 07:29 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-04 07:29 . 2009-03-04 07:29 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-04 07:29 . 2009-03-04 07:29 -------- d-----w c:\documents and settings\Britt\Application Data\SUPERAntiSpyware.com
2009-03-04 07:27 . 2009-03-04 07:27 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-04 05:06 . 2009-03-04 04:40 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-04 05:06 . 2009-03-04 05:06 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-03-04 05:03 . 2009-03-04 05:03 -------- d-----w c:\program files\Common Files\McAfee
2009-03-04 05:03 . 2009-03-04 05:03 -------- d-----w c:\program files\McAfee.com
2009-03-04 04:42 . 2008-05-27 00:00 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-03 04:26 . 2009-02-21 06:46 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-16 06:00 . 2009-02-16 05:32 -------- d-----w c:\documents and settings\Owner\Application Data\Uniblue
2009-02-16 06:00 . 2009-02-16 05:32 -------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-02-16 05:50 . 2009-02-16 05:50 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-02-16 05:50 . 2009-02-16 05:50 -------- d-----w c:\program files\PC Drivers HeadQuarters
2009-02-16 05:49 . 2009-02-16 05:49 -------- d-----w c:\program files\Common Files\Download Manager
2009-02-11 16:19 . 2009-03-06 04:58 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 16:19 . 2009-03-06 04:58 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 00:52 . 2009-02-07 00:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 07:50 . 2007-07-15 18:32 244 ---ha-w C:\sqmnoopt00.sqm
2009-02-06 07:50 . 2007-07-15 18:32 232 ---ha-w C:\sqmdata00.sqm
2009-01-16 20:45 . 2008-11-27 17:47 73728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-04-12 10:25 . 2008-08-06 23:47 32768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2009-04-12 10:25 . 2008-08-06 23:47 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-06-11 4670968]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-06 68856]
"NBJ "= "c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 1871872]
"Pando "= "c:\program files\Pando Networks\Pando\Pando.exe" [2009-02-19 3913032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X5100 Series "= "c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86100]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\documents and settings\Hal\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2001-11-19 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.G723 "= g723.acm
"vidc.I263 "= I263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2006-11-16 12:05 1953792 c:\windows\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
-r------- 2006-10-30 15:44 36864 c:\windows\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2007-07-12 17:49 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-07-12 17:49 16062464 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-07-12 17:49 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\WINDOWS\\system32\\LEXPPS.EXE "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Intel\\Createshare\\VideoPhone\\VP50.exe "=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe "=

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-02-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]

.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 11:53]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 08:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed "= "1 "
@=" "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange "= "1 "
"Installed "= "1 "
@=" "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed "= "1 "
@=" "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-12 8:49
ComboFix-quarantined-files.txt 2009-04-12 13:48
ComboFix2.txt 2009-04-10 15:24

Pre-Run: 42,169,815,040 bytes free
Post-Run: 42,157,723,648 bytes free

193 --- E O F --- 2009-02-26 00:50

 

Hi
OK one more time with Jotti.

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time
  
  • c:\windows\fdsv.exe
• Click on the submit button
  
• Please post the results in your next reply.

 

File: fdsv.exe
Status: OK
MD5: 9fdeb67d8ed933aa868bae20239fb674
Packers detected: -

Scanner results
Scan taken on 12 Apr 2009 17:42:53 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

 

Hi
How are things running?

Lets get a on line scan.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now the scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Geri

 

it seems a bit better.
I'm trying to do the on line scan but I keep getting java applet has failed.
I'll try again later after work.

I did the atf cleaner and selected all

I got Java to finally work, it still seems to be an issue.
Internet Explorer still hanging but not as bad as it was.
and I'm still getting " network error caused your upload to fail" when uploading to file sharing programs. I'm actually having more trouble now trying to download from filesharing sites. I Keep getting can't connect.

I appreciate all your help Geri. thank you


Here's my Kapersky log

KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, April 13, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, April 13, 2009 15:00:26
Records in database: 2040725
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 213875
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:39:37

No malware has been detected. The scan area is clean.

The selected area was scanned.

 

I know I should've waited for you Geri, but I got so frustrated with my IE I hit the reset button on the advanced tag to reset my internet explorer to the state it was at when I rec'd this computer and woohooo. I can download, upload and it's fast. I guess my problem is now it's asking me to update to ie7to the version for SP2 well I'm at SP3 so I'm leaving that for now. It's working and that's what I care about. Let me know what else I need to do finish cleaning this up if anything. And If I need to do anything else to get my IE to where it should be, I'm not really interested in downloading IE8 since I know so many have had trouble with it.

Thanks again for all your help, very much appreciated.

I "m still having problems with my card sites not loading, I'm not sure if you can do anything for me there or not. I have contacted support for those sites and I'll see what they say.

 

Hi

Please do this.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

That's your best bet.

Glad IE is working now.

Poker sites can get you, along with File sharing sites. I do not endorse either one. 90% of the infections we get here are from P2P.

We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

I'll mark this one resolved.

Surf Safely
Geri

 

I don't think I have any p2p sites installed as far as I know. On line sites like photobucket, and 4shared are the sharing sites I'm referring too. Basically used for sharing graphics (pics only) so fairly safe. I find that interesting what you said about poker sites however, I would've thought they would be pretty safe. I have an on-line poker group so chances of me getting away from those are slim and none since I teach poker but thanks for the info. I'm happy now that my Ie is working now too . I really appreciate all your help. thanks a bunch, have a good one.