Help Internet Security 2010 Crashed ME

[Sypalyons]

I don't know what to do. Trend Micro didn't find it but I did on HijackThis. Now what? Not sure I'll be able to get back on once I shut down. DeskTop is gone.

[Derek]

please explain exactly what you are talking about

post the log so I can see

[Sypalyons]

Last night, in Yahoo, I had what appeared to be a MS alert pop up telling me I had been infected and did I want a scan and to delete it. I hit "Yes," thinking it was my Windows Firewall or MS Security Essentials; however, I'm a blind user, so listen to the computer (use Dragon and ZoomText). The warning kept popping up, then along came a large screening with offer to DOWNLOAD Internet Security 2010 - I knew it was a 'hit.' I ran everything I have, then ran Trend Micro, which found only a minor flaw - low threat. I cleaned out all temp. files, and nothing worked right - my DeskTop was gone within minutes. I cannot open any icons on it, even OE, for example. I can open a browser, so went to your site b/c you helped me before with a Trojan.

I'll slaughter who ever has designed this thing.

I'm using a Dell Mini, now. My HP Business Desktop computer won't work right, and I did download Spyware Doctor b/c PC Tools stated it could get rid of Internet Security 2010; it doesn't! My mistake was believing that MS Security Essentials was a good protection.

[Sypalyons]

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\WINDOWS\system32\smss32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\InternetSecurity2010\IS2010.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.breastcancer-experience.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide

O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe

O4 - HKLM\..\RunOnce: [TSC] "C:\DOCUME~1\PUDDIN~1\LOCALS~1\Temp\HouseCall\tsc.exe" /HD

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Puddintaine\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

 

--

End of file - 4414 bytes

[Derek]

Delete any existing version of ComboFix you have sitting on your desktop

Please read and follow all these instructions very carefully

Download ComboFix from Here to your Desktop.

**Note:  It is important that it is saved directly to your desktop  and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus and  anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
• Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  
• Remember to re enable the protection again after combofix has finished
  

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on combofix.exe & follow the prompts.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you. 
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. 

[Sypalyons]

Derek, I have to copy this and take it to my desktop computer - well, guess I can take my mini to it.  thank you - on the way. If you need me pls. email. I'm deadheaded . . .

[Sypalyons]

  How'd you do that? I'm back up, Derek!  This is simply amazing. I'm concerned about using Spyware Doctor now b/c it keeps asking for $$ to "clean your computer."      Which do you suggest - I have Spyware Blaster suspended. And, using AVG, now! I unintalled that bogus MS Security Essentials. A lot of good that did me. 

[Sypalyons]

Thank you, Derek!  I sent a donation via Pay Pal.

[Derek]

can you post the log that combofix made so I can see what it did fix & what still needs to be done

[Sypalyons]

ComboFix 10-01-25.02 - Puddintaine 01/25/2010  17:07:59.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.655 [GMT -6:00]
Running from: c:\documents and settings\Puddintaine\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Puddintaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
c:\documents and settings\Puddintaine\Local Settings\Application Data\{715E4D52-51A6-4741-AA44-76EC8F5E0059}
c:\documents and settings\Puddintaine\Local Settings\Application Data\{715E4D52-51A6-4741-AA44-76EC8F5E0059}\chrome.manifest
c:\documents and settings\Puddintaine\Local Settings\Application Data\{715E4D52-51A6-4741-AA44-76EC8F5E0059}\chrome\content\_cfg.js
c:\documents and settings\Puddintaine\Local Settings\Application Data\{715E4D52-51A6-4741-AA44-76EC8F5E0059}\chrome\content\overlay.xul
c:\documents and settings\Puddintaine\Local Settings\Application Data\{715E4D52-51A6-4741-AA44-76EC8F5E0059}\install.rdf
c:\program files\InternetSecurity2010
c:\program files\InternetSecurity2010\IS2010.exe
C:\s
c:\windows\omasiziwawazula.dll
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\smss32.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\warning.html
c:\windows\system32\winlogon32.exe

.
(((((((((((((((((((((((((   Files Created from 2009-12-25 to 2010-01-25  )))))))))))))))))))))))))))))))
.

2010-01-25 17:34 . 2009-11-10 16:28   149456   ----a-w-   c:\windows\SGDetectionTool.dll
2010-01-25 17:34 . 2009-11-10 16:26   767952   ----a-w-   c:\windows\BDTSupport.dll
2010-01-25 17:34 . 2008-11-26 18:08   131   ----a-w-   c:\windows\IDB.zip
2010-01-25 17:34 . 2009-11-10 16:28   165840   ----a-w-   c:\windows\PCTBDRes.dll
2010-01-25 17:34 . 2009-11-10 16:28   1640400   ----a-w-   c:\windows\PCTBDCore.dll
2010-01-25 17:34 . 2009-10-28 07:36   1152444   ----a-w-   c:\windows\UDB.zip
2010-01-25 17:30 . 2009-10-30 17:11   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-01-25 17:29 . 2009-11-09 17:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-01-25 17:29 . 2009-10-06 22:31   87784   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-25 17:29 . 2009-09-03 15:45   70408   ----a-w-   c:\windows\system32\drivers\pctplsg.sys
2010-01-25 17:28 . 2010-01-25 17:34   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-01-25 17:28 . 2010-01-25 23:03   --------   d-----w-   c:\program files\Spyware Doctor
2010-01-25 17:28 . 2010-01-25 17:28   --------   d-----w-   c:\documents and settings\Puddintaine\Application Data\PC Tools
2010-01-25 17:28 . 2010-01-25 17:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2010-01-25 17:00 . 2010-01-25 22:52   120   ----a-w-   c:\windows\Qketesi.dat
2010-01-25 17:00 . 2010-01-25 17:00   0   ----a-w-   c:\windows\Yjuxa.bin
2010-01-25 06:25 . 2010-01-04 17:36   54776   ----a-w-   c:\windows\system32\drivers\mozy.sys
2010-01-25 06:24 . 2010-01-25 06:25   --------   d-----w-   c:\program files\MozyHome
2010-01-08 00:24 . 2010-01-08 00:24   466944   ----a-w-   c:\windows\Lake Michigan Shoreline.scr
2010-01-08 00:24 . 2010-01-08 00:24   1917116   ----a-w-   c:\windows\Lake Michigan Shoreline.dat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-25 23:15 . 2008-06-14 01:46   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-01-25 16:58 . 2008-06-14 01:46   --------   d-----w-   c:\program files\SpywareBlaster
2010-01-25 05:17 . 2009-12-26 02:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2010-01-24 17:56 . 2007-08-13 09:48   --------   d-----r-   c:\program files\Favorites
2010-01-14 17:12 . 2009-10-19 17:49   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-08 00:29 . 2009-12-06 19:18   28672   ----a-w-   c:\windows\system32\ssconfig.exe
2010-01-08 00:29 . 2009-12-06 19:18   180224   ----a-w-   c:\windows\UninstallWSST.exe
2010-01-05 10:00 . 2003-03-31 12:00   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2007-08-11 19:37   78336   ------w-   c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2003-03-31 12:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2009-12-30 22:00 . 2009-12-26 02:46   --------   d-----w-   c:\documents and settings\Puddintaine\Application Data\skypePM
2009-12-29 02:21 . 2008-06-19 16:28   --------   d-----w-   c:\program files\Opera
2009-12-29 02:15 . 2007-08-15 05:25   --------   d-----w-   c:\program files\Lavasoft
2009-12-29 02:15 . 2007-08-15 05:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-25 17:46 . 2009-08-31 15:30   --------   d-----w-   c:\documents and settings\Puddintaine\Application Data\HPAppData
2009-12-25 14:50 . 2007-08-11 19:45   49368   ----a-w-   c:\documents and settings\Puddintaine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 02:21 . 2009-08-04 23:12   --------   d-----w-   c:\documents and settings\Puddintaine\Application Data\mjusbsp
2009-12-20 22:53 . 2009-12-20 22:53   26089140   ----a-w-   c:\windows\Faux Fire Saver.SCR
2009-12-20 22:53 . 2009-12-20 22:53   --------   d-----w-   c:\documents and settings\Puddintaine\Application Data\iScreensaver
2009-12-14 22:56 . 2008-08-26 20:17   --------   d-----w-   c:\program files\Quote-Fix
2009-12-06 19:25 . 2009-12-06 19:25   5879617   ----a-w-   c:\windows\christmas2005.scr
2009-12-06 19:18 . 2009-12-06 19:18   2610006   ----a-w-   c:\windows\Snow People.dat
2009-12-06 19:18 . 2009-12-06 19:18   466944   ----a-w-   c:\windows\Snow People.scr
2009-11-21 15:51 . 2003-03-31 12:00   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
2009-11-12 03:30 . 2009-11-12 03:30   93360   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2009-10-10 01:26 . 2009-10-10 01:26   1615732   ----a-w-   c:\program files\ProcessExplorer.zip
2009-10-05 05:59 . 2009-10-05 05:59   4143779   ----a-w-   c:\program files\cdbxp_setup_4.2.6.1706.exe
2009-10-04 01:26 . 2009-10-04 01:26   308160   ----a-w-   c:\program files\avast_home_setup.exe
2009-09-02 00:01 . 2009-09-02 00:01   57182416   ----a-w-   c:\program files\Nero-9.4.12.3d_free.exe
2009-08-01 20:14 . 2009-08-01 20:14   442080   ----a-w-   c:\program files\msgr9us.exe
2009-01-27 13:20 . 2009-01-27 13:20   2874184   ----a-w-   c:\program files\EASetup.exe
2009-01-27 12:34 . 2009-01-27 12:34   0   ----a-w-   c:\program files\install_flash_player.exe
2009-01-27 12:34 . 2009-01-27 12:33   1778425   ----a-w-   c:\program files\install_flash_player.exe.part
2008-12-01 23:29 . 2008-12-01 23:29   2400784   ----a-w-   c:\program files\WLinstaller.exe
2008-07-28 04:43 . 2008-07-28 04:43   23766320   ----a-w-   c:\program files\Common Files\QuickTimeInstaller.exe
2008-06-24 01:23 . 2008-06-24 01:22   922042   ----a-w-   c:\program files\internet-eraser-setup.exe
2008-06-14 01:39 . 2008-06-14 01:39   2869536   ----a-w-   c:\program files\spywareblastersetup41.exe
2008-06-02 02:09 . 2008-06-02 02:09   2092744   ----a-w-   c:\program files\PPnews080215.mp3
2007-09-03 00:43 . 2007-09-03 00:42   1998664   ----a-w-   c:\program files\oeqbfull.zip
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 17:36   2848568   ----a-w-   c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 17:36   2848568   ----a-w-   c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Puddintaine\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli srfmomdb.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ------w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31   80896   ----a-w-   c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 14:32   77824   ----a-w-   c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 14:36   114688   ----a-w-   c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-31 20:23   149280   ----a-w-   c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"avg8emc"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"McciCMService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"aswUpdSv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\freecell.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Kurzweil Educational Systems\\Kurzweil 1000\\Kurzweil 1000.exe"=
"c:\\Documents and Settings\\Puddintaine\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/25/2010 11:29 AM 207792]
R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [8/11/2007 10:01 PM 7168]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/25/2010 11:34 AM 112592]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/25/2010 11:29 AM 359624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.breastcancer-experience.net/
Trusted Zone: advancial.org\www
Trusted Zone: microsoft.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Oruyesa - c:\windows\omasiziwawazula.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 17:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-507921405-1580818891-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-507921405-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3EA73A8E-70E3-D08A-A8BE-1BAA36EB0185}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(740)
c:\windows\srfmomdb.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2312)
c:\windows\system32\WININET.dll
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\srfmomdb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\MozyHome\mozybackup.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-25  17:23:21 - machine was rebooted
ComboFix-quarantined-files.txt  2010-01-25 23:23
ComboFix2.txt  2009-10-05 16:13

Pre-Run: 14,966,190,080 bytes free
Post-Run: 14,948,876,288 bytes free

- - End Of File - - 9B7E467195C0783DB9088E18C0224F0F

[Would you do all this for nothing?]

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts

[Information]

  
  Information
   Security & Protection Blog
   Prevention
   Using Autoruns
     System Restore
  Rss feeds
     Microsoft at Home
     MSRC
     Malware blog

Take the Kaspersky Challenge: See what your current antivirus is missing. Our free online virus scanner is a great way to find out if you have any viruses or spyware on your machine without having to uninstall your current antivirus software or install a new one.

Kaspersky Online Scanner

Most importantly, you can see what viruses your current antivirus software let slip through! Now works with ANY Java enabled browser