I am so excited! When I logged onto the internet, the articles now appear!
Here is the combo fix log:
ComboFix 09-10-04.01 - Brenda 10/04/2009 14:36.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.68 [GMT -4:00]
Running from: c:\documents and settings\Brenda\Desktop\cfix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\osyrocu.dl
c:\documents and settings\Brenda\Local Settings\Application Data\byka._dl
c:\documents and settings\Brenda\Local Settings\Application Data\tojygosyq.dl
c:\documents and settings\Brenda\Local Settings\Temporary Internet Files\ajaciqi.ban
C:\LOG2.tmp
C:\LOG6EE.tmp
C:\LOGB.tmp
c:\program files\Common Files\qywo.dl
c:\program files\screensavers.com
c:\windows\AUTOLNCH.REG
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\cyzacufycy.dl
c:\windows\Downloaded Program Files\MiNIbugtransporter.dll
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\Installer\140811.msi
c:\windows\Installer\140816.msi
c:\windows\Installer\17fcb3.msi
c:\windows\Installer\17fcb9.msi
c:\windows\Installer\17fcbf.msi
c:\windows\Installer\24fa212.msp
c:\windows\Installer\40a4d.msp
c:\windows\ONETW.DRV
c:\windows\system32\bycasyly.ban
c:\windows\system32\cru629.dat
c:\windows\system32\hesohixiki.dl
c:\windows\system32\kihipapo.dll.tmp
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user(10).ds
c:\windows\system32\lowsec\user(11).ds
c:\windows\system32\lowsec\user(12).ds
c:\windows\system32\lowsec\user(13).ds
c:\windows\system32\lowsec\user(2).ds
c:\windows\system32\lowsec\user(3).ds
c:\windows\system32\lowsec\user(4).ds
c:\windows\system32\lowsec\user(5).ds
c:\windows\system32\lowsec\user(6).ds
c:\windows\system32\lowsec\user(7).ds
c:\windows\system32\lowsec\user(8).ds
c:\windows\system32\lowsec\user(9).ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\rijikoyi.dll.tmp
c:\windows\system32\rikojine(2).dll
c:\windows\system32\sdra64.exe
c:\windows\system32\yelosuso.dll.tmp
----- BITS: Possible infected sites -----
hxxp://download.yimg.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.
2009-09-29 00:54 . 2009-09-29 00:54 -------- d-----w- c:\documents and settings\Brenda\Application Data\Malwarebytes
2009-09-29 00:53 . 2009-09-29 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-29 00:47 . 2009-09-29 00:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-29 00:45 . 2009-09-29 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-27 22:33 . 2009-09-27 22:33 -------- d-----w- c:\documents and settings\Brenda\Application Data\DivX
2009-09-27 18:20 . 2009-09-27 18:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-27 18:20 . 2009-09-27 18:20 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-27 18:20 . 2009-10-03 21:56 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-27 18:20 . 2009-09-27 18:20 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-27 18:20 . 2009-09-27 18:20 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-27 18:08 . 2002-01-08 21:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2009-09-27 18:08 . 2000-03-23 16:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2009-09-27 18:08 . 1998-06-18 03:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-09-27 17:41 . 2009-09-27 17:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8
2009-09-27 17:40 . 2009-09-27 17:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-09-26 08:36 . 2009-10-03 00:28 -------- d-----w- c:\documents and settings\Brenda\Application Data\LimeWire
2009-09-26 01:31 . 2009-09-26 01:31 -------- d-----r- c:\documents and settings\Desktop
2009-09-25 23:22 . 2009-09-27 21:35 -------- d-----w- C:\$AVG8.VAULT$
2009-09-25 22:47 . 2009-09-25 22:47 -------- d-----w- c:\program files\AVG
2009-09-25 22:47 . 2009-09-27 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-25 22:36 . 2009-09-25 22:36 -------- d-----w- c:\documents and settings\Brenda\Application Data\AVG8
2009-09-25 22:20 . 2009-09-28 15:37 0 ----a-w- c:\windows\win32k.sys
2009-09-25 22:07 . 2009-09-25 22:07 -------- d-----r- c:\program files\Skype
2009-09-25 22:07 . 2009-09-25 22:07 -------- d-----w- c:\program files\Common Files\Skype
2009-09-25 22:05 . 2009-09-25 22:05 -------- d-----w- c:\program files\Yahoo! Games
2009-09-25 22:05 . 2009-09-25 22:05 -------- d-----w- c:\program files\Postal2STP
2009-09-25 22:05 . 2009-09-25 22:05 -------- d-----w- c:\program files\Freeze.com
2009-09-25 22:02 . 2009-09-25 22:02 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2009-09-24 05:31 . 2009-09-24 05:31 16151 ----a-w- c:\documents and settings\Brenda\Local Settings\Application Data\ywyhupinam.dat
2009-09-24 01:44 . 2009-09-24 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-23 08:30 . 2009-09-23 08:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-23 00:42 . 2009-09-25 22:08 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-23 00:42 . 2009-09-25 22:08 -------- d-----w- c:\program files\McAfee.com
2009-09-23 00:42 . 2009-09-25 22:08 -------- d-----w- c:\program files\McAfee
2009-09-22 22:46 . 2002-11-27 15:59 56952 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 22:46 . 2009-09-27 18:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-09-22 22:46 . 2009-09-27 17:30 -------- d-s---w- c:\documents and settings\Administrator
2009-09-22 22:31 . 2009-09-25 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-22 22:31 . 2009-09-22 22:31 -------- d-----w- c:\program files\Lavasoft
2009-09-22 22:16 . 2009-09-25 22:09 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-21 17:52 . 2009-10-04 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\11389214
2009-09-21 17:43 . 2009-09-21 17:43 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-20 21:31 . 2009-09-20 21:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-20 02:48 . 2009-09-23 14:17 -------- d-----w- c:\program files\Windstream Toolbar
2009-09-19 18:28 . 2009-09-19 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-09-19 18:28 . 2009-09-19 18:28 -------- d-----w- c:\program files\Common Files\Motive
2009-09-19 18:28 . 2009-09-19 18:28 -------- d-----w- c:\program files\windstream_act
2009-09-19 18:21 . 2009-09-19 18:21 -------- d-----w- c:\windows\system32\LogFiles
2009-09-17 17:10 . 2009-09-17 17:10 61440 ----a-w- c:\windows\diabunin.exe
2009-09-17 17:10 . 2009-09-17 17:36 -------- d-----w- C:\Diablo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 17:34 . 2005-12-11 07:03 -------- d-----w- c:\program files\Diablo II
2009-09-29 00:47 . 2005-04-04 01:10 -------- d-----w- c:\program files\Java
2009-09-27 22:06 . 2003-06-29 03:15 -------- d-----w- c:\documents and settings\Brenda\Application Data\Yahoo! Messenger
2009-09-27 22:05 . 2008-03-30 02:45 -------- d-----w- c:\documents and settings\Brenda\Application Data\U3
2009-09-27 22:05 . 2007-10-21 00:02 -------- d-----w- c:\documents and settings\Brenda\Application Data\Pogo Games
2009-09-27 22:04 . 2009-04-05 01:05 -------- d-----w- c:\documents and settings\Brenda\Application Data\Move Networks
2009-09-27 17:37 . 2006-10-26 22:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-25 22:05 . 2007-09-10 08:15 -------- d-----w- c:\program files\NovaLogic
2009-09-24 05:31 . 2009-09-24 05:31 16947 ----a-w- c:\program files\Common Files\xonesuj.db
2009-09-23 17:24 . 2008-07-20 07:34 58 ----a-w- c:\documents and settings\.limewire\downloads.dat
2009-09-23 17:24 . 2006-02-07 02:21 6059 ----a-w- c:\documents and settings\.limewire\spam.dat
2009-09-23 16:56 . 2009-03-28 01:22 26341 ----a-w- c:\documents and settings\.limewire\library5.dat
2009-09-23 16:33 . 2002-11-27 16:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-23 14:17 . 2009-05-25 21:34 -------- d-----w- c:\program files\DivX
2009-09-20 20:49 . 2002-11-27 16:02 -------- d-----w- c:\program files\EarthLink 5.0
2009-09-18 01:47 . 2005-11-25 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-17 17:10 . 2008-06-22 16:26 86528 ----a-w- c:\windows\bnetunin.exe
2009-08-29 17:03 . 2002-12-04 22:53 123312 ----a-w- c:\documents and settings\Brenda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 16:49 . 2009-08-29 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-29 16:46 . 2002-11-27 15:32 -------- d-----w- c:\program files\Microsoft Works
2009-08-05 09:01 . 2002-08-29 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2002-08-29 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-04 07:56 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2006-02-20 16:28 . 2006-02-20 16:29 774144 ----a-w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7f559c93-2b3f-4ad7-8b03-ed64f0b1a494}"= "c:\program files\Windstream Toolbar\Helper.dll" [2009-09-20 201216]
[HKEY_CLASSES_ROOT\clsid\{7f559c93-2b3f-4ad7-8b03-ed64f0b1a494}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{DECE53AA-244F-427E-8935-3A093D249E4C}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{31A42398-1CD9-4FB9-8451-BEE871AFD7C3}"= "c:\program files\Windstream Toolbar\Toolbar.dll" [2009-09-20 1358848]
[HKEY_CLASSES_ROOT\clsid\{31a42398-1cd9-4fb9-8451-bee871afd7c3}]
[HKEY_CLASSES_ROOT\FCTB000059851.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{E90A8C7D-65EB-4102-95F8-1037AEA4D353}]
[HKEY_CLASSES_ROOT\FCTB000059851.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31A42398-1CD9-4FB9-8451-BEE871AFD7C3}"= "c:\program files\Windstream Toolbar\Toolbar.dll" [2009-09-20 1358848]
[HKEY_CLASSES_ROOT\clsid\{31a42398-1cd9-4fb9-8451-bee871afd7c3}]
[HKEY_CLASSES_ROOT\FCTB000059851.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{E90A8C7D-65EB-4102-95F8-1037AEA4D353}]
[HKEY_CLASSES_ROOT\FCTB000059851.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"Lexmark X84-X85 Button Monitor"="c:\progra~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2002-08-23 40960]
"Lexmark X84-X85 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 53248]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-19 36864]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-06-27 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-04-02 180269]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-06 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-29 149280]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-03 2023704]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-03-04 19968]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-11-27 45056]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-6-11 303104]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-10-8 169472]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
Reality Fusion GameCam SE.lnk - c:\program files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe [2000-7-10 323584]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-27 18:20 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Diablo\\diablo.exe"=
"c:\\Program Files\\Windstream Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\Windstream Toolbar\\ToolbarUpdate.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/27/2009 2:20 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [9/27/2009 2:20 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/27/2009 2:19 PM 297752]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/27/2009 2:19 PM 908056]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-10-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-11-27 16:24]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uStart Page = hxxp://www.windstream.net/wind/portal/index.aspx
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Lisa\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKCU-Run-WebCamRT.exe - (no file)
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
HKLM-Run-newuzumuj - c:\windows\system32\dutuhabe.dll
SharedTaskScheduler-{74dfe427-475c-41a5-8a69-9b87dc64b4b7} - c:\windows\system32\wenunuve.dll
SharedTaskScheduler-{607d58cc-37ab-4649-9e29-b7caf7409b4f} - c:\windows\system32\dutuhabe.dll
SSODL-yorovolov-{74dfe427-475c-41a5-8a69-9b87dc64b4b7} - c:\windows\system32\wenunuve.dll
SSODL-behudizip-{607d58cc-37ab-4649-9e29-b7caf7409b4f} - c:\windows\system32\dutuhabe.dll
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys
AddRemove-MoodLogic DeviceLink - c:\progra~1\MOODLO~1\COMPON~1\DEVICE~1\UNWISE.EXE
AddRemove-Works2002Setup - c:\program files\Microsoft Works Suite 2002\Setup\Launcher.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-04 14:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(516)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-10-04 15:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-04 19:03
Pre-Run: 98,445,418,496 bytes free
Post-Run: 100,124,200,960 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
318 --- E O F --- 2009-08-26 07:02