Inactive Possible Trojan Infection

[Inactive] Possible Trojan Infection

I was searching the net, clicked on a WOT green light site and bam, a redirect to you have won a prize or some such nonsense. I immediately used the task manager to shut down browser. (was using chrome). Did nothing else. Ran the requisite scans and the logs will be posted. Malwarebytes found and removed a trojan but I want to be sure.
Not happy about this but thanks as always!!


DDS (Ver_10-12-12.02) - NTFSx86
Run by Steven at 0:24:57.53 on Mon 01/10/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1773 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\58FRFWGE\dds[1].scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Google Update] "c:\users\steven\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\steven\appdata\roaming\mozilla\firefox\profiles\bms4nseq.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\steven\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\steven\appdata\roaming\mozilla\firefox\profiles\bms4nseq.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\steven\appdata\roaming\mozilla\firefox\profiles\bms4nseq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-5 988216]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-5 399416]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-5-18 119256]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-6-19 604672]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-6 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-01-10 05:23:16 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{db87c11e-3b92-4916-81e2-4f95af709fae}\mpengine.dll
2011-01-10 04:05:52 -------- d-----w- c:\program files\ESET
2011-01-10 03:52:10 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-10 03:51:04 -------- d-----w- c:\program files\Bonjour
2011-01-10 02:38:03 -------- d-----w- c:\users\steven\appdata\local\{E81487E4-DECB-480B-8807-F1FCE03F28A9}
2011-01-07 05:10:26 -------- d-----w- c:\windows\en
2011-01-07 05:07:21 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-01-07 05:07:21 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-01-07 05:07:20 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-01-07 05:06:26 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-01-07 05:06:26 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-01-07 05:05:56 15712 ----a-w- c:\program files\common files\windows live\.cache\90fe21f11cbae280a\MeshBetaRemover.exe
2011-01-07 04:43:05 -------- d-----w- c:\program files\FileHippo.com
2011-01-07 04:38:46 -------- d-----w- c:\users\steven\appdata\local\Secunia PSI
2011-01-07 04:38:40 -------- d-----w- c:\program files\Secunia
2011-01-07 04:35:38 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-01-07 02:12:52 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-06 04:05:20 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{c839705a-3aba-43b2-8fc5-c6834c042747}\gapaengine.dll
2011-01-06 04:00:28 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-06 04:00:16 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-02 09:00:31 -------- d-----w- c:\program files\MSXML 4.0
2011-01-01 02:16:52 -------- d-----w- c:\progra~2\Seagate
2011-01-01 02:16:06 -------- d-----w- c:\users\steven\appdata\local\Downloaded Installations
2011-01-01 02:16:01 -------- d-----w- c:\program files\Carbonite
2011-01-01 02:16:00 -------- d-sh--w- c:\windows\ftpcache
2011-01-01 02:15:33 -------- d-----w- c:\program files\Seagate
2011-01-01 02:15:14 -------- d-----w- c:\program files\common files\muvee Technologies
2010-12-31 20:54:47 -------- d-----w- c:\users\steven\appdata\local\temp
2010-12-31 04:42:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-31 04:42:11 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-15 21:27:02 516096 ----a-w- c:\program files\windows mail\wab.exe
2010-12-15 21:27:01 2048 ----a-w- c:\windows\system32\tzres.dll

==================== Find3M ====================

2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-10 07:54:18 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-11-10 07:28:46 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

============= FINISH: 0:25:28.27 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2009 2:51:01 PM
System Uptime: 1/9/2011 11:28:33 PM (1 hours ago)

Motherboard: Acer | | Aspire 4730Z
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | uPGA-478 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 89.275 GiB free.
D: is FIXED (NTFS) - 143 GiB total, 118.045 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP552: 1/5/2011 11:28:35 PM - Removed Java(TM) 6 Update 23
RP553: 1/5/2011 11:29:28 PM - Removed Java(TM) 6 Update 23
RP554: 1/5/2011 11:30:23 PM - Removed Java(TM) 6 Update 23
RP555: 1/6/2011 11:35:13 PM - Windows Update
RP556: 1/6/2011 11:50:02 PM - Installed Skypeâ„¢ 5.1
RP558: 1/7/2011 12:05:44 AM - Windows Live Essentials
RP559: 1/7/2011 12:06:12 AM - Windows Update
RP561: 1/7/2011 12:06:42 AM - Installed DirectX
RP563: 1/7/2011 12:07:06 AM - Installed DirectX
RP564: 1/7/2011 12:07:34 AM - WLSetup
RP565: 1/7/2011 12:25:21 AM - Installed Google Earth.
RP566: 1/7/2011 2:06:42 AM - Windows Update
RP567: 1/7/2011 9:30:17 PM - Windows Update
RP568: 1/8/2011 2:06:33 AM - Windows Update
RP569: 1/8/2011 6:28:50 PM - Windows Update
RP570: 1/9/2011 2:06:35 AM - Windows Update
RP571: 1/9/2011 12:09:07 PM - Windows Update
RP572: 1/9/2011 10:51:42 PM - Installed iTunes
RP573: 1/9/2011 10:59:24 PM - Removed iTunes
RP574: 1/9/2011 11:17:16 PM - Removed Google Earth.

==== Installed Programs ======================


7-Zip 9.20
Acer Crystal Eye Webcam
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Adobe Shockwave Player 11.5
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CDBurnerXP
D3DX10
ESET Online Scanner v3
FileHippo.com Update Checker
Google Chrome
Google Earth
Google Update Helper
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 23
JMicron Flash Media Controller Driver
Junk Mail filter update
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Mozilla Firefox (3.6.13)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal Seagate Edition
OGA Notifier 2.0.0048.0
Picasa 3
PokerStars
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
Seagate Manager Installer
Secunia PSI (2.0.0.2001)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype web features
Skypeâ„¢ 5.1
SopCast 3.2.4
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wohiper
TurboTax 2009 wrapper
TurboTax Premier 2007
TVUPlayer 2.4.9.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin

==== Event Viewer Messages From Past Week ========

1/9/2011 11:28:51 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
1/9/2011 11:28:51 PM, Error: atikmdag [43029] - Display is not active
1/9/2011 11:27:03 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/7/2011 11:53:32 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
1/6/2011 9:53:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/6/2011 9:48:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/6/2011 9:12:06 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/6/2011 8:55:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/6/2011 8:43:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/6/2011 8:21:31 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
1/6/2011 8:21:31 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s).
1/6/2011 8:10:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 5:03:08 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
1/6/2011 4:42:39 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/6/2011 4:39:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
1/6/2011 4:39:38 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
1/6/2011 4:37:38 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s).
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 4:37:38 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 2:12:32 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.3310.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
1/6/2011 12:45:02 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/6/2011 12:45:02 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe has been ended.
1/6/2011 10:30:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/5/2011 11:10:40 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/5/2011 11:02:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
1/5/2011 10:54:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.485.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
1/5/2011 10:53:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.485.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
1/5/2011 10:52:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/5/2011 10:47:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/5/2011 10:37:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/5/2011 10:31:59 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Koobface.gen!E&threatid=2147625899 User: Steven-PC\Steven Name: Worm:Win32/Koobface.gen!E ID: 2147625899 Severity: Severe Category: Worm Path: Action: Quarantine Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.3310.0, AS: 1.95.3310.0 Engine Version: 1.1.6402.0
1/5/2011 10:31:23 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

==== End Of File ===========================

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5491

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/9/2011 11:14:19 PM
mbam-log-2011-01-09 (23-14-19).txt

Scan type: Quick scan
Objects scanned: 141928
Time elapsed: 9 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Steven\local settings\temporary internet files\Content.IE5\MFUXTS74\googleearthwin[1].exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully.


Done!

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 4730Z
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 188):
0x82C52000 \SystemRoot\system32\ntkrnlpa.exe
0x82C1B000 \SystemRoot\system32\halmacpi.dll
0x80B96000 \SystemRoot\system32\kdcom.dll
0x83225000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8329D000 \SystemRoot\system32\PSHED.dll
0x832AE000 \SystemRoot\system32\BOOTVID.dll
0x832B6000 \SystemRoot\system32\CLFS.SYS
0x832F8000 \SystemRoot\system32\CI.dll
0x8AE3C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AEAD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AEBB000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8AF03000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8AF0C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8AF14000 \SystemRoot\system32\DRIVERS\pci.sys
0x8AF3E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8AF49000 \SystemRoot\System32\drivers\partmgr.sys
0x8AF5A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AF62000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AF6D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8AF7D000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AFC8000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B010000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B0EA000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B0F3000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B127000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B236000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B365000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B390000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B3A3000 \SystemRoot\System32\Drivers\cng.sys
0x8B200000 \SystemRoot\System32\drivers\pcw.sys
0x8B20E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B138000 \SystemRoot\system32\drivers\ndis.sys
0x833A3000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AE00000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B401000 \SystemRoot\System32\drivers\tcpip.sys
0x8B54A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B57B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B5BA000 \SystemRoot\System32\Drivers\spldr.sys
0x8B5C2000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B5EF000 \SystemRoot\System32\Drivers\mup.sys
0x8B217000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B616000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B648000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B659000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B776000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B795000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8B7BC000 \SystemRoot\System32\Drivers\Null.SYS
0x8B7C3000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B7CA000 \SystemRoot\System32\drivers\vga.sys
0x8B7D6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B600000 \SystemRoot\System32\drivers\watchdog.sys
0x8B60D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B7F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B21F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B227000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B1EF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8AE25000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B000000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90006000 \SystemRoot\system32\drivers\afd.sys
0x90060000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90092000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90099000 \SystemRoot\system32\DRIVERS\pacer.sys
0x900B8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x900C9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x900D7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x900EA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x900FA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9013B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90145000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9014F000 \SystemRoot\System32\drivers\discache.sys
0x9015B000 \SystemRoot\System32\Drivers\dfsc.sys
0x90173000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90181000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x901A2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90805000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x90D1A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x901B4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90DD1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9042F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9047A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90489000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x904A8000 \SystemRoot\system32\DRIVERS\netr28.sys
0x90543000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9054D000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x90592000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x905B1000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x905D7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x905DB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x905F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90400000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9040D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90416000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x90DDC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8AFDE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90423000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x83200000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x833E1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92C1E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92C35000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92C4C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92C4E000 \SystemRoot\system32\DRIVERS\ks.sys
0x92C82000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92C90000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92CD4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x81E17000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x82023000 \SystemRoot\system32\drivers\portcls.sys
0x82052000 \SystemRoot\system32\drivers\drmk.sys
0x8206B000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x82171000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x82173000 \SystemRoot\system32\drivers\modem.sys
0x82590000 \SystemRoot\System32\win32k.sys
0x82180000 \SystemRoot\System32\drivers\Dxapi.sys
0x8218A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92CE5000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x82197000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x821A8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x821BF000 \SystemRoot\System32\Drivers\usbvideo.sys
0x821E3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x827F0000 \SystemRoot\System32\TSDDD.dll
0x821EE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x81E00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x821F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92DBF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x82420000 \SystemRoot\System32\cdd.dll
0x92DCB000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x92DD4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92DDF000 \SystemRoot\system32\drivers\luafv.sys
0x92C00000 \SystemRoot\system32\drivers\WudfPf.sys
0x90DEE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8B67E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x901ED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8B6C4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8B6D7000 \SystemRoot\system32\drivers\HTTP.sys
0x8B75C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A632000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A644000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A667000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A6A2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9A6D5000 \SystemRoot\system32\drivers\peauth.sys
0x9A76C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9A776000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9A780000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A7A1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9A7AE000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9A81E000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A87B000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0x9A87E000 \??\C:\Users\Steven\AppData\Local\Temp\uxryqpob.sys
0x9A900000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9A909000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x77010000 \Windows\System32\ntdll.dll
0x48010000 \Windows\System32\smss.exe
0x77250000 \Windows\System32\apisetschema.dll
0x00610000 \Windows\System32\autochk.exe
0x77230000 \Windows\System32\normaliz.dll
0x77190000 \Windows\System32\advapi32.dll
0x76E70000 \Windows\System32\setupapi.dll
0x76DF0000 \Windows\System32\comdlg32.dll
0x77150000 \Windows\System32\ws2_32.dll
0x761A0000 \Windows\System32\shell32.dll
0x76110000 \Windows\System32\oleaut32.dll
0x760C0000 \Windows\System32\gdi32.dll
0x760B0000 \Windows\System32\lpk.dll
0x75FB0000 \Windows\System32\wininet.dll
0x75F90000 \Windows\System32\sechost.dll
0x75F70000 \Windows\System32\imm32.dll
0x75EC0000 \Windows\System32\rpcrt4.dll
0x75CC0000 \Windows\System32\iertutil.dll
0x75CB0000 \Windows\System32\psapi.dll
0x75C10000 \Windows\System32\usp10.dll
0x75B80000 \Windows\System32\clbcatq.dll
0x75AB0000 \Windows\System32\msctf.dll
0x75A60000 \Windows\System32\Wldap32.dll
0x75A30000 \Windows\System32\imagehlp.dll
0x75950000 \Windows\System32\kernel32.dll
0x758A0000 \Windows\System32\msvcrt.dll
0x75740000 \Windows\System32\ole32.dll
0x75600000 \Windows\System32\urlmon.dll
0x755F0000 \Windows\System32\nsi.dll
0x75590000 \Windows\System32\shlwapi.dll
0x75530000 \Windows\System32\difxapi.dll
0x75460000 \Windows\System32\user32.dll
0x75340000 \Windows\System32\crypt32.dll
0x752F0000 \Windows\System32\KernelBase.dll
0x75260000 \Windows\System32\comctl32.dll
0x75230000 \Windows\System32\cfgmgr32.dll
0x75210000 \Windows\System32\devobj.dll
0x751E0000 \Windows\System32\wintrust.dll
0x751D0000 \Windows\System32\msasn1.dll

Processes (total 56):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
436 csrss.exe
512 C:\Windows\System32\wininit.exe
524 csrss.exe
560 C:\Windows\System32\services.exe
576 C:\Windows\System32\lsass.exe
584 C:\Windows\System32\lsm.exe
688 C:\Windows\System32\winlogon.exe
748 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\svchost.exe
872 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
964 C:\Windows\System32\atiesrxx.exe
1008 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\atieclxx.exe
1584 C:\Windows\System32\spoolsv.exe
1624 C:\Windows\System32\svchost.exe
1748 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1820 C:\Program Files\Bonjour\mDNSResponder.exe
1856 C:\Windows\System32\svchost.exe
1896 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
1984 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1404 C:\Program Files\Secunia\PSI\psia.exe
908 C:\Windows\System32\svchost.exe
812 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2388 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2420 C:\Windows\System32\taskhost.exe
2448 C:\Windows\System32\dwm.exe
2656 C:\Windows\explorer.exe
2756 C:\Windows\System32\svchost.exe
3112 C:\Windows\System32\rundll32.exe
3308 C:\Program Files\Microsoft Security Client\msseces.exe
3360 C:\Program Files\Windows Sidebar\sidebar.exe
3396 C:\Program Files\Secunia\PSI\psi_tray.exe
3800 WmiPrvSE.exe
3904 C:\Windows\System32\SearchIndexer.exe
3992 C:\Program Files\Windows Media Player\wmpnetwk.exe
2996 C:\Program Files\Internet Explorer\iexplore.exe
3248 C:\Windows\System32\svchost.exe
3476 C:\Program Files\Internet Explorer\iexplore.exe
3668 C:\Program Files\Secunia\PSI\sua.exe
4576 dllhost.exe
1176 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
3240 C:\Windows\System32\audiodg.exe
4128 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
4868 C:\Windows\System32\SearchProtocolHost.exe
4440 C:\Windows\System32\SearchFilterHost.exe
4524 dllhost.exe
2952 dllhost.exe
720 C:\Users\Steven\Desktop\MBRCheck.exe
1240 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`00400000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`c3100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-10 00:03:00
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: dl1ybp08.exe; Driver: C:\Users\Steven\AppData\Local\Temp\uxryqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C95599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB9F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90806000, 0x2D5378, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2996] USER32.dll!CreateWindowExW 75470E51 5 Bytes JMP 713F818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2996] USER32.dll!DialogBoxIndirectParamW 75494AA7 5 Bytes JMP 7151FE70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2996] USER32.dll!DialogBoxParamW 7549564A 5 Bytes JMP 71314BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2996] USER32.dll!DialogBoxParamA 754ACF6A 5 Bytes JMP 7151FE0D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2996] USER32.dll!DialogBoxIndirectParamA 754AD29C 5 Bytes JMP 7151FED3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2996] USER32.dll!MessageBoxIndirectA 754BE8C9 5 Bytes JMP 7151FDA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2996] USER32.dll!MessageBoxIndirectW 754BE9C3 5 Bytes JMP 7151FD37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2996] USER32.dll!MessageBoxExA 754BEA29 5 Bytes JMP 7151FCD5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2996] USER32.dll!MessageBoxExW 754BEA4D 5 Bytes JMP 7151FC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] USER32.dll!UnhookWindowsHookEx 7546CC7B 5 Bytes JMP 714083A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] USER32.dll!CallNextHookEx 7546CC8F 5 Bytes JMP 713E9D8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] USER32.dll!CreateWindowExW 75470E51 5 Bytes JMP 713F818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] USER32.dll!SetWindowsHookExW 7547210A 5 Bytes JMP 713A4643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] USER32.dll!DialogBoxIndirectParamW 75494AA7 5 Bytes JMP 7151FE70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] USER32.dll!DialogBoxParamW 7549564A 5 Bytes JMP 71314BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] USER32.dll!DialogBoxParamA 754ACF6A 5 Bytes JMP 7151FE0D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] USER32.dll!DialogBoxIndirectParamA 754AD29C 5 Bytes JMP 7151FED3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] USER32.dll!MessageBoxIndirectA 754BE8C9 5 Bytes JMP 7151FDA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] USER32.dll!MessageBoxIndirectW 754BE9C3 5 Bytes JMP 7151FD37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] USER32.dll!MessageBoxExA 754BEA29 5 Bytes JMP 7151FCD5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] USER32.dll!MessageBoxExW 754BEA4D 5 Bytes JMP 7151FC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] ole32.dll!OleLoadFromStream 75745BF6 5 Bytes JMP 715201C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] ole32.dll!CoCreateInstance 7579590C 5 Bytes JMP 713F8C7D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] ws2_32.DLL!closesocket 77153BED 5 Bytes JMP 68C5EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] ws2_32.DLL!socket 77153F00 5 Bytes JMP 68C5E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] ws2_32.DLL!recv 771547DF 5 Bytes JMP 68C5F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] ws2_32.DLL!connect 771548BE 5 Bytes JMP 68C5E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] ws2_32.DLL!getaddrinfo 77156737 5 Bytes JMP 68C5E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3476] ws2_32.DLL!send 7715C4C8 5 Bytes JMP 68C5E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[3112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3112] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [750B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

I searched for college basketball RPI, the site realtimerpi.com had a green wot
lable so I assumed no problem with it. When I opened it I got the redirect. I could understand if I was "off in the woods somewhere," but searching for this type of info seems pretty standard to me. I am so sorry to be bugging the daylights out of you!! I have alot of faith in WOT and use it as a guide for safe browsing, I can not explain how or why this would happen!

 

The redirect was a one time thing. Took me to a " you have won a Prize" type of site. MSE did not catch it. I then went to the task manager and killed the browser. I am not currently being redirected as far as I can tell.

I know enough that these redirects are malicious so I ran Malwarebytes which found and says it removed the bad guy.

 

Was from that site only!!

 

What I do not understand is the infected file seems to have a google earth signature. I do not know the relavance ot this.

Is a computer truly infected is MSE of Malwarebytes finds and quarantines a malicious item?
Should you tell the scanner to remove the item in Question if one is uncovered?

First log proceeding event.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5491

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/9/2011 11:14:19 PM
mbam-log-2011-01-09 (23-14-19).txt

Scan type: Quick scan
Objects scanned: 141928
Time elapsed: 9 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Steven\local settings\temporary internet files\Content.IE5\MFUXTS74\googleearthwin[1].exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully.

Second log now.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5493

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/10/2011 1:03:14 AM
mbam-log-2011-01-10 (01-03-14).txt

Scan type: Quick scan
Objects scanned: 140575
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

I can live with that, but can you please explain the redirect.

 

realtimerpi "dot "com

 

Could this be a problem with "chrome?" What browser would you recomend? I used firefox for a long time but switched to Chrome some time back, seem more streamlined and quicker.

 

Will do. Thank you for your patience and expertise. I hope you know that I appreciate it more that I can say.

Is there any concern with running beta versions of browsers?

Thank you very much

Steven

Please mark the thread resolved

 

Will do. I will reinstall chrome to a non beta.

Thanks again.

Steven