# getting redirected to scour.com



## helpful_wife (Jul 11, 2010)

I have been having a recurring issue all day. Every so often when I click a link from a google search page I get redirected and then when I hit "back," it goes to scour.com. How can I get rid of whatever malware is on my computer?

I appreciate any help!

Thanks!


----------



## eddie5659 (Mar 19, 2001)

Hiya

I've removed the link you posted, so other's don't click it as well, and have the same problem 

Can you do the following:

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

Regards

eddie


----------



## helpful_wife (Jul 11, 2010)

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 8:09:25 PM, on 11/15/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe
c:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe
c:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
c:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=xfactiv_tech_main
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7000b6ca-4388-4d95-893d-6659c2d4d1ce} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Updater For Xfinity.com Toolbar 3.1 - {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files\xfinitytb\auxi\xfinityAu.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LoJackForLaptops] C:\Program Files\LFLInstall\InstallManager.exe /d60 /dd1 /bd0
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [OA009Cfg.exe] OA009Cfg.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Allyson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Chacuvurovilox] rundll32.exe "C:\Users\Allyson\AppData\Local\wimi32.dll",Startup
O4 - HKCU\..\Run: [Wsomawogepukogib] rundll32.exe "C:\Users\Allyson\AppData\Local\olobasuse.dll",Startup
O4 - HKCU\..\Run: [pack700midlevelxx.exe] C:\Users\Allyson\AppData\Roaming\68301067EE6186D5546445DDBAEC535E\pack700midlevelxx.exe
O4 - HKCU\..\RunOnce: [*upd_debug.exe] "C:\Users\Allyson\AppData\Roaming\68301067EE6186D5546445DDBAEC535E\upd_debug.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Antimalware Doctor.lnk = C:\Users\Allyson\AppData\Roaming\68301067EE6186D5546445DDBAEC535E\pack700midlevelxx.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O13 - Gopher Prefix: 
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = iacchq.com,,americanchemistry.com,hsd1.md.comcast.net.
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = iacchq.com,,americanchemistry.com,hsd1.md.comcast.net.
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = iacchq.com,,americanchemistry.com,hsd1.md.comcast.net.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = iacchq.com,,americanchemistry.com,hsd1.md.comcast.net.
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: AT&T Con App Svc (CAATT) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Sprint Con App Svc (CASprint) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Movielink Core Service - Blockbuster - C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 17454 bytes


----------



## helpful_wife (Jul 11, 2010)

Here you go


----------



## eddie5659 (Mar 19, 2001)

Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie


----------



## helpful_wife (Jul 11, 2010)

Hi there! I wanted to give you a quick update. I have a bogus "Anti-Malware/Spyware" program that has now populated on my computer and GMER keeps stopping its run. However, since you sent me instructions to download and run Temp File Cleaner without seeing my GMER scan report, I went ahead and began that.


----------



## helpful_wife (Jul 11, 2010)

Wow. Now I'm getting a message that says TFC has stopped working.


----------



## helpful_wife (Jul 11, 2010)

Just got TFC to work, rebooting now...


----------



## helpful_wife (Jul 11, 2010)

Eddie:

Thanks for your contiinued patience and help. Here are all the logs you requested, as attachments.


----------



## eddie5659 (Mar 19, 2001)

Okay, as GMER couldn't run, can you try this program for me:

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new Window should appear. 
Make sure Scan all drives is selected and click on the Start button. 
When it is complete a new Window will appear to indicate that the scan is finished.
The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

eddie


----------



## helpful_wife (Jul 11, 2010)

when I try to run this it says "failed, needs to run with admin priveleges."


----------



## helpful_wife (Jul 11, 2010)

or rather, "failed to start service. SysProt needs to be run with admin priveleges."


----------



## eddie5659 (Mar 19, 2001)

Okay, we'll leave that program for now, see if this works:

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## helpful_wife (Jul 11, 2010)

Eddie:

Here is the comboFix log--

ComboFix 10-12-07.06 - Allyson 12/08/2010 21:37:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3032.1344 [GMT -5:00]
Running from: c:\users\Allyson\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2594039022-2540460149-504229802-1000\$RA11RWP\sources\recovery\en-US\PssWiz.exe.mui
c:\$recycle.bin\S-1-5-21-2594039022-2540460149-504229802-1000\$RA11RWP\sources\recovery\en-US\RecEnv.exe.mui
c:\$recycle.bin\S-1-5-21-2594039022-2540460149-504229802-1000\$RA11RWP\sources\recovery\en-US\StartRep.exe.mui
c:\$recycle.bin\S-1-5-21-2594039022-2540460149-504229802-1000\$RA11RWP\sources\recovery\PssWiz.exe
c:\$recycle.bin\S-1-5-21-2594039022-2540460149-504229802-1000\$RA11RWP\sources\recovery\RecEnv.exe
c:\$recycle.bin\S-1-5-21-2594039022-2540460149-504229802-1000\$RA11RWP\sources\recovery\StartRep.exe
c:\users\Allyson\AppData\Local\{D41BF574-0E5F-489A-9A8E-1F68A96D6ED6}
c:\users\Allyson\AppData\Local\{D41BF574-0E5F-489A-9A8E-1F68A96D6ED6}\chrome.manifest
c:\users\Allyson\AppData\Local\{D41BF574-0E5F-489A-9A8E-1F68A96D6ED6}\chrome\content\_cfg.js
c:\users\Allyson\AppData\Local\{D41BF574-0E5F-489A-9A8E-1F68A96D6ED6}\chrome\content\overlay.xul
c:\users\Allyson\AppData\Local\{D41BF574-0E5F-489A-9A8E-1F68A96D6ED6}\install.rdf
c:\users\Allyson\AppData\Roaming\install
c:\users\Allyson\AppData\Roaming\Install.dat
c:\users\Allyson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bootprovparse.exe
c:\users\Allyson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ThinkPoint.lnk
c:\users\Allyson\Desktop\ThinkPoint.lnk
E:\AUTORUN.INF
.
((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.
2010-12-09 02:46 . 2010-12-09 02:47 -------- d-----w- c:\users\Allyson\AppData\Local\temp
2010-12-09 02:46 . 2010-12-09 02:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-09 02:46 . 2010-12-09 02:46 145920 ----a-w- c:\users\Allyson\bootxmlapp.exe
2010-11-24 06:36 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 02:02 . 2010-11-17 02:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-11-17 02:02 . 2010-11-17 02:02 -------- d-----w- c:\users\Allyson\AppData\Roaming\SUPERAntiSpyware.com
2010-11-17 02:02 . 2010-11-17 02:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-17 01:47 . 2010-11-17 01:47 -------- d-----w- c:\users\Allyson\AppData\Roaming\Malwarebytes
2010-11-17 01:47 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-17 01:47 . 2010-11-17 01:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-17 01:47 . 2010-11-17 01:47 -------- d-----w- c:\programdata\Malwarebytes
2010-11-17 01:47 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-15 05:02 . 2010-11-15 05:02 388096 ----a-r- c:\users\Allyson\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-11-15 05:01 . 2010-11-15 05:01 -------- d-----w- c:\program files\TrendMicro
2010-11-11 08:04 . 2010-11-11 08:04 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-10 14:24 . 2010-11-17 01:00 0 ----a-w- c:\users\Allyson\AppData\Local\Nxetuwus.bin
2010-11-10 14:22 . 2010-11-17 04:25 -------- d-----w- c:\programdata\WSTB
2010-11-10 14:22 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-22 01:12 . 2010-10-22 01:12 44544 ----a-w- c:\windows\system32\agremove.exe
2010-09-20 09:25 . 2010-10-15 07:00 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-10 16:37 . 2010-10-13 04:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dcc70a83-e184-40a3-906b-779af5e941c4}]
2010-01-04 16:52 87512 ----a-w- c:\program files\xfinitytb\xfinitydx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e6d0b79e-ecac-411b-8bf6-7a574981af30}]
2009-12-20 22:00 258008 ----a-w- c:\program files\xfinitytb\auxi\xfinityAu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dcc70a83-e184-40a3-906b-779af5e941c4}"= "c:\program files\xfinitytb\xfinitydx.dll" [2010-01-04 87512]
[HKEY_CLASSES_ROOT\clsid\{dcc70a83-e184-40a3-906b-779af5e941c4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Google Update"="c:\users\Allyson\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-30 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-06-03 1025264]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2010-01-14 1595864]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-25 2424560]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*bootxmlapp.exe"="c:\users\Allyson\bootxmlapp.exe" [2010-12-09 145920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"OA009Cfg.exe"="OA009Cfg.exe" [2008-10-06 32768]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-09-25 316672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2009-07-17 33352]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"MRT"="c:\windows\system32\MRT.exe" [2010-11-11 35758536]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" [2010-07-21 18240]
c:\users\Allyson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2009-9-3 97384]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-09-11 02:21 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2008-11-04 17:09 615696 ----a-w- c:\program files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBook Library Launcher]
2010-07-13 05:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm]
2010-01-28 18:03 454856 ----a-w- c:\program files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2009-09-25 13:04 75008 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe
R1 jnilzqqi;jnilzqqi;c:\windows\system32\drivers\jnilzqqi.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 136176]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2009-07-15 121416]
R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [2009-07-15 125512]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2009-09-25 124160]
R3 PRSUSB;Sony Reader;c:\windows\system32\Drivers\PRSUSB.sys [2007-10-18 18944]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 81920]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2010-01-14 633816]
S2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [2009-08-10 78360]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-06-11 29736]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 144128]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2009-03-06 133632]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2009-03-19 271552]

--- Other Services/Drivers In Memory ---
*Deregistered* - dxotukz
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 00:10]
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 00:10]
2010-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594039022-2540460149-504229802-1000Core.job
- c:\users\Allyson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-30 19:06]
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594039022-2540460149-504229802-1000UA.job
- c:\users\Allyson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-30 19:06]
2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{B840D28F-AFF1-4AB9-A9E0-3F0DCAD9E300}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.xfinity.com/?cid=xfactiv_tech_main
uInternet Settings,ProxyOverride = *.local
LSP: bmnet.dll
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{7000b6ca-4388-4d95-893d-6659c2d4d1ce} - (no file)
HKCU-Run-Chacuvurovilox - c:\users\Allyson\AppData\Local\wimi32.dll
HKCU-Run-Wsomawogepukogib - c:\users\Allyson\AppData\Local\olobasuse.dll
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
HKLM-Run-LoJackForLaptops - c:\program files\LFLInstall\InstallManager.exe
HKLM-RunOnce-*bootprovparse.exe - c:\users\Allyson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bootprovparse.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 21:47
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
[1].sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rootrepeal[1]]
"ImagePath"="\??\c:\windows\system32\drivers\rootrepeal
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dxotukz]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(2596)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\bmnet.dll
.
Completion time: 2010-12-08 21:49:30
ComboFix-quarantined-files.txt 2010-12-09 02:49
Pre-Run: 221,111,898,112 bytes free
Post-Run: 221,269,413,888 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2935F4CE7FA8F48E7B189524D8298B42

Thanks again for all your help with this ongoing issue. Please excuse my delay in replying to you. I have been slammed with work and a sick child.


----------



## eddie5659 (Mar 19, 2001)

Its okay about the delay, busy at this time of year myself. Hope your child gets well soon..

As you have ComcastSpywareScan installed, do you know if the Xfinity.com Toolbar was installed with it? If you're not sure, or want this uninstalled, let me know 

------------------

Uninstall these programs because they're not needed or are outdated or are dangerous to use.
If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later 

*Acrobat.com
Adobe AIR
Apple Software Update
*

------------

Also, can you scan the following files:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*c:\users\allyson\appdata\local\Nxetuwus.bin*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

Can you also do the following with these as well:

*c:\users\allyson\appdata\roaming\microsoft\windows\templates\memory.tmp
c:\users\Allyson\bootxmlapp.exe
c:\windows\system32\drivers\jnilzqqi.sys*

eddie


----------



## helpful_wife (Jul 11, 2010)

Eddie:

Thanks for your continued attention to my computer woes. Here is the information you requested -

c:\users\allyson\appdata\local\Nxetuwus.bin
*results* - error can't find upload file

c:\users\allyson\appdata\roaming\microsoft\windows\templates\memory.tmp
*results* - file can not be found

c:\users\Allyson\bootxmlapp.exe
*results* - 
VirSCAN.org Scanned Report :
Scanned time : 2010/12/14 21:55:05 (EST)
Scanner results: 36% Scanner(s) (13/36) found malware!
File Name : bootxmlapp.exe
File Size : 145920 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 4922a5ef2354323fd07c88a7a1ef989c
SHA1 : 64f9286b8a7a51f631efc30e59e780ccf3f53bd5
Online report : http://virscan.org/report/60f63d35b3d6292f5c6d1ab03262dee4.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.1 20101215041147 2010-12-15 5.22 -
AhnLab V3 2010.12.15.00 2010.12.15 2010-12-15 1.46 -
AntiVir 8.2.4.122 7.11.0.36 2010-12-14 0.29 TR/Crypt.XPACK.Gen
Antiy 2.0.18 20101207.6186214 2010-12-07 0.12 -
Arcavir 2010 201012151038 2010-12-15 0.10 Heur.W32
Authentium 5.1.1 201012142235 2010-12-14 1.42 -
AVAST! 4.7.4 101214-1 2010-12-14 0.01 -
AVG 8.5.850 271.1.1/3299 2010-12-06 0.26 -
BitDefender 7.90123.6418211 7.35106 2010-12-15 5.99 Gen:Variant.FakeAV.1
ClamAV 0.96.3 12390 2010-12-15 0.03 -
Comodo 4.0 7065 2010-12-14 1.45 -
CP Secure 1.3.0.5 2010.12.15 2010-12-15 0.06 -
Dr.Web 5.0.2.3300 2010.12.15 2010-12-15 10.06 Trojan.Inject.13162
F-Prot 4.4.4.56 20101214 2010-12-14 1.38 -
F-Secure 7.02.73807 2010.12.15.01 2010-12-15 0.14 -
Fortinet 4.2.254 12.671 2010-12-14 0.38 -
GData 21.1295/21.543 20101214 2010-12-14 8.34 -
ViRobot 20101214 2010.12.14 2010-12-14 0.38 -
Ikarus T3.1.32.15.0 2010.12.15.77354 2010-12-15 5.48 -
JiangMin 13.0.900 2010.11.30 2010-11-30 1.40 -
Kaspersky 5.5.10 2010.12.14 2010-12-14 0.09 -
KingSoft 2009.2.5.15 2010.12.14.18 2010-12-14 0.74 -
McAfee 5400.1158 6197 2010-12-14 17.62 FakeAlert-MalDoctor.e
Microsoft 1.6402 2010.12.15 2010-12-15 3.78 Rogue:Win32/FakeVimes
Norman 6.06.11 6.06.00 2010-12-07 10.01 -
Panda 9.05.01 2010.12.14 2010-12-14 3.26 Generic Malware 
Trend Micro 9.120-1004 7.700.18 2010-12-14 0.06 -
Quick Heal 11.00 2010.12.14 2010-12-14 0.97 Suspicious - DNAScan
Rising 20.0 22.78.00.04 2010-12-13 2.33 Packer.Win32.Agent.bk [Suspicious]
Sophos 3.14.1 4.60 2010-12-15 3.27 Mal/FakeAV-CS
Sunbelt 3.9.2459.2 7654 2010-12-14 0.65 FraudTool.Win32.FakeRean.a (v)
Symantec 1.3.0.24 20101214.001 2010-12-14 0.06 Trojan.Gen
nProtect 20101215.01 9325170 2010-12-15 15.89 Gen:Variant.FakeAV.1
The Hacker 6.7.0.1 v00101 2010-12-14 0.45 -
VBA32 3.12.14.2 20101214.2043  2010-12-14 3.52 -
VirusBuster 4.5.11.10 10.130.46/2007919 2010-12-15 2.58 -

c:\windows\system32\drivers\jnilzqqi.sys
*results* - file not found


----------



## eddie5659 (Mar 19, 2001)

Okay, lets have a sample of that file, so that we can hopefully see what it is fully.

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

*c:\users\Allyson\bootxmlapp.exe*

Let me know when its uploaded 

---------

I see you also have ComcastSpywareScan installed. Did the xfinity toolbar get installed with it, and do you still want it?

---------

Can you also run this for me:

Please download *Runscanner* to your desktop and run it.

When the first page comes up select *Beginner Mode*
On the next page select *Save a binary .Run file (Recommended)* then click *Start full scan* at the top.
At this time Runscanner.exe may request *access to the Internet* through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the *.run file* and the *log file*
Call the .run file *"RSReport"* and save it to your desktop. You will see the *RSReport.run* file on your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------

