requesting malware removal assistance Report

[Neet Sushi]

Iobit Scan Report

 

IObit Security 360

 

OS:Windows Vista

Version:1.4.5.67

Define Version:1632

Time Elapsed:00:42:41

Objects Scanned:70019

Threats Found:3

 

|Name|Type|Description|ID|

Tracking Cookies - Removed, Cookies, http://live-cams-0.livejasmin.com/?t_id=wl_netvertising_02&cobrand_site_id=2202&noadvertmodel=1&custommodels=2202, 7-1943

Tracking Cookies - Removed, Cookies, Cookie:user@quantserve.com/, 7-2072

Backdoor.Frauder - Removed, Registry Key, HKEY_CURRENT_USER\SOFTWARE\XML, 4-22428

 

=========================================================

 

DDS Scan Report

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by USER at 13:17:05.05 on Sat 07/10/2010

Internet Explorer: 8.0.6001.18928

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1012.144 [GMT 8:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k Akamai

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\tbh\monitor\bin\tbhMonitor.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\tbh\base\bin\tbhDaemon.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\USBAntiVirus\USBAntiVirus.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files\tbh\base\bin\tbhSystray.exe

C:\Windows\V0330Mon.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Users\USER\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Hewlett-Packard\KBD\kbd.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\USER\Downloads\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [Octoshape Streaming Services] "c:\users\user\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun

uRun: [Halo2] rundll32.exe c:\windows\system32\sshnas21.dll,GetMainWnd

uRun: [EWABQAF7KL] c:\users\user\appdata\local\temp\Qkd.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [skytel] Skytel.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [uSBAntiVirus.exe] c:\program files\usbantivirus\USBAntiVirus.exe -Hide

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [V0330Mon.exe] c:\windows\V0330Mon.exe

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenote 2007 screen clipper and launcher.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee security scan plus.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: avgrsstx.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\110jigzm.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\110jigzm.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\110jigzm.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\110jigzm.default\extensions\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}\components\FFExternalAlert.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\110jigzm.default\extensions\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}\components\RadioWMPCore.dll

FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\110jigzm.default\extensions\browserhighlighter@ebay.com\components\Shim.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\user\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll

FF - plugin: c:\users\user\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npoctoshape.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-19 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-19 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-19 27784]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-19 108552]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-8 54632]

 

=============== Created Last 30 ================

 

2010-07-09 16:48:24 0 d-----w- c:\programdata\IObit

2010-07-09 10:51:34 212992 ----a-w- c:\windows\Qcunya.exe

2010-07-09 10:51:18 249344 ----a-w- c:\windows\system32\sshnas21.dll

2010-07-08 13:51:43 0 d-----w- c:\users\user\appdata\roaming\Synthesia

2010-07-08 13:49:44 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2010-07-05 10:00:54 33431 ----a-w- c:\users\user\.recently-used.xbel

2010-06-24 19:00:29 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-24 19:00:29 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-24 19:00:29 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-24 19:00:29 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-24 19:00:28 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-24 05:40:03 0 d-----w- c:\users\user\appdata\roaming\IObit

2010-06-23 20:59:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-06-23 20:59:20 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-06-23 11:19:42 0 d-----w- c:\users\user\appdata\roaming\Octoshape

2010-06-17 11:26:08 0 d-----w- c:\programdata\Yahoo! Companion

2010-06-12 15:16:54 0 d-----w- c:\users\user\appdata\roaming\Facebook

2010-06-10 06:31:57 2037248 ----a-w- c:\windows\system32\win32k.sys

 

==================== Find3M ====================

 

2010-07-08 02:09:40 51200 ----a-w- c:\windows\inf\infpub.dat

2010-07-08 02:09:39 86016 ----a-w- c:\windows\inf\infstrng.dat

2010-07-08 02:07:37 86016 ----a-w- c:\windows\inf\infstor.dat

2010-05-30 12:16:21 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-21 06:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll

2010-03-18 19:36:30 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-01-21 02:41:56 174 --sha-w- c:\program files\desktop.ini

2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-11-22 00:28:43 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-12-29 03:41:06 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-04-09 23:35:35 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

 

============= FINISH: 13:19:07.82 ===============

 

DDS Attach Report

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft® Windows Vista™ Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 10/19/2009 8:32:48 AM

System Uptime: 7/10/2010 12:19:56 PM (1 hours ago)

 

Motherboard: MSI | | Boston

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | Socket 775 | 1200/800mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 116 GiB total, 72.525 GiB free.

D: is FIXED (NTFS) - 116 GiB total, 105.403 GiB free.

E: is CDROM (UDF)

H: is Removable

 

==== Disabled Device Manager Items =============

 

Class GUID: {bc103702-dd72-406f-9b28-95c868337b59}

Description: Belkin USB Easy Transfer Cable

Device ID: ROOT\TRANSFER_CABLE\0000

Manufacturer: Microsoft

Name: Belkin USB Easy Transfer Cable

PNP Device ID: ROOT\TRANSFER_CABLE\0000

Service: winusb

 

==== System Restore Points ===================

 

 

==== Installed Programs ======================

 

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop CS

Adobe Photoshop Lightroom 2.2

Adobe Reader 9.3.3

Advanced SystemCare 3

Apple Application Support

Apple Software Update

Applian FLV Player

ArcSoft PhotoStudio 5.5

Audacity 1.3.12 (Unicode)

AVG 8.5

Browser Highlighter - Firefox

Canon MP Navigator 3.0

Canon MP160

Canon Utilities Digital Photo Professional 1.6.1

Canon Utilities Easy-PhotoPrint

Canon Utilities Easy-PhotoPrint EX

Creative WebCam Vista/Live! Cam Chat Driver (1.10.04.00)

Enhanced Multimedia Keyboard Solution

Facebook Plug-In

GIMP 2.6.8

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Picasso Media Center Add-In

Intel® Graphics Media Accelerator Driver

IObit Security 360

J2SE Runtime Environment 5.0 Update 6

Junk Mail filter update

K-Lite Mega Codec Pack 3.6.5

LAME v3.98.2 for Audacity

Macromedia Dreamweaver 8

Macromedia Extension Manager

Macromedia Fireworks 8

McAfee Security Scan Plus

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Expression Web

Microsoft Expression Web MUI (English)

Microsoft Expression Web Service Pack 1 (SP1)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mozilla Firefox (3.6.6)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero Media Player

Nero OEM

NeroVision Express 2

O+

Octoshape Streaming Services

OGA Notifier 2.0.0048.0

osu!

Pando Media Booster

QuickTime

Real Alternative 1.9.0

Realtek High Definition Audio Driver

ScanSoft OmniPage SE 4.0

Secret of the Solstice

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office Publisher 2007 (KB982124)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB982135)

Solstice

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (kb983486)

USB Drive AntiVirus 2.3

Winamp

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

WinRAR archiver

Yahoo! BrowserPlus 2.7.1

Yahoo! Messenger

Yahoo! Search Protection

Yahoo! Software Update

Yahoo! Toolbar

 

==== End Of File ===========================

[Melvin_Deal]

Hi!

 

What exactly do you wish to accomplish??? You have seemed to disguise your link within your post to avoid the autobots and seem to think that will work.

[Neet Sushi]

Umm...?

 

Sorry i dont understand what u mean..

 

so my computer is safe now?

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

 

====================================

Malwarebytes' Anti-Malware (MBAM)

 

If you already have Malwarebytes be sure to check for updates before scanning!

 

Download Malwarebytes Anti-Malware and save it to your desktop. Alternate download link

 

•Double-click mbam-setup.exe and follow the prompts to install the program.

 

•Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

 

•If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

•If an update is found, it will download and install the latest version.

•Once the program has loaded, select Perform Quick Scan, then click Scan.

 

•When the scan is complete, click OK, then Show Results to view the results.

 

•Be sure that everything is checked, and click Remove Selected.

 

•When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.

 

•The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.

 

•Copy and Paste the contents of the report in your reply.

 

•Exit MBAM.

.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

=======================================

 

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

 

======================================