[Closed] Computer slow, 100% CPU - SpySweeper Internet Sheild

What the Tech? It's as easy as 1,2,3! ( Log In | Register )

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

2 Pages

1 2 >

[Closed] Computer slow, 100% CPU - SpySweeper Internet Sheild, HijackThis Log - SpySweeper internet communication shield pop ups

Options

PullMyBrainOut View Member Profile	Aug 13 2009, 06:40 PM Post #1
New Member Group: Authentic Member Posts: 14 Joined: 13-August 09 Member No.: 87,320 Operating System: Windows XP	My computer just started this yesterday. I ran Malwarebytes, SpyBot, SpySweeper, and SUPERAntiSpyware. All picked up their own thing and were quarantiened, but SpySweeper Internet COmmunication shield keeps popping up and blocking access to different websites every 15 seconds or so. Also my computer is extremely slow when I turn the internet on. PLEASE help! I've done everthing I know! two of MANY sites that keep getting blocked (these just happened to pop up while typing this) www.klinksoftsare.com komforochka.info HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:24:56 PM, on 8/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\AOL\1132970356\ee\AOLSoftware.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\PROGRA~1\McAfee\MHN\McENUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\AOL 9.0a\waol.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\AOL 9.0a\shellmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" O4 - HKLM\..\Run: [CTHelper] "CTHELPER.EXE" O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe" O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1132970356\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] "C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0a\AOL.EXE" -b O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.gnc.com O15 - Trusted Zone: http://www.imagemonster.net O15 - Trusted Zone: .intuit.com O15 - Trusted Zone: http://.mcafee.com O15 - Trusted Zone: http://www.msn.com O15 - Trusted Zone: http://mypima.pima.edu O15 - Trusted Zone: .piratesonline.com O15 - Trusted Zone: http://.piratesonline.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\WINDOWS\System32\CTDetres32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: 202a7999573 - C:\WINDOWS\System32\CTDetres32.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- End of file - 13369 bytes

PullMyBrainOut View Member Profile	Aug 15 2009, 10:28 AM Post #2
New Member Group: Authentic Member Posts: 14 Joined: 13-August 09 Member No.: 87,320 Operating System: Windows XP	I have been running Spybot and Malwarebytes over and over, and they keep finding stuff. So far I haven't had a pop up from Spysweeper about websites being restricted, but my computer is still running slow! CPU is 100% PF Usage is 663MB 79 Processes (I swear I've never had that many on a start up) Here is a new log from Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:20:40 AM, on 8/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\AOL\1132970356\ee\AOLSoftware.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\PROGRA~1\McAfee\MHN\McENUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\mcafee\msc\mcshell.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" O4 - HKLM\..\Run: [CTHelper] "CTHELPER.EXE" O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe" O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1132970356\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] "C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.gnc.com O15 - Trusted Zone: http://www.imagemonster.net O15 - Trusted Zone: .intuit.com O15 - Trusted Zone: http://.mcafee.com O15 - Trusted Zone: http://www.msn.com O15 - Trusted Zone: http://mypima.pima.edu O15 - Trusted Zone: .piratesonline.com O15 - Trusted Zone: http://.piratesonline.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: C:\WINDOWS\System32\CTDetres32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: 202a7999573 - C:\WINDOWS\System32\CTDetres32.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- End of file - 13367 bytes

Tomk View Member Profile	Aug 19 2009, 10:02 AM Post #3
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	Hi PullMyBrainOut, My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Please download RootRepeal to your desktop Physically disconnect your machine from the internet as your system will be unprotected. Unzip it to it's own folder, close all other programs especially your security programs (anti-spyware, anti-virus, and firewall) and run RootRepeal.exe Click the Report tab at the bottom and then the Scan button. A box will pop up, check the boxes beside Drivers, Files, Processes SSDT and click OK. Another box will open, check the boxes beside all the drives, eg : C:\, then click OK. The scan will take a little while to run, so let it go unhindered. Once it is done, click the Save Report button, call it RepealScan and save the log to your desktop. Reconnect to the internet. Post the log here in your reply. Please download DDS by sUBs from one of the following links and save it to your desktop. DDS.scr DDS.pif Disable any script blocking protection (How to Disable your Security Programs) Double click DDS icon to run the tool (may take up to 3 minutes to run) When done, DDS.txt will open. After a few moments, attach.txt will open in a second window. Save both reports to your desktop. --------------------------------------------------- Post the contents of the DDS.txt report in your next reply *Attach* the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

PullMyBrainOut View Member Profile	Aug 20 2009, 10:44 PM Post #4
New Member Group: Authentic Member Posts: 14 Joined: 13-August 09 Member No.: 87,320 Operating System: Windows XP	Hi! Thanks for the reply. Here is my Repeal Scan report: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/20 21:14 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xEC024000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7CA9000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB88AC000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\windows\temp\mcafee_xjk6jkfcbwvdpyn Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\mcmsc_2kg8hdzu9mm4lac Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\mcmsc_lz3bp541c3h7wpm Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\mcmsc_s83rtvvf6oyfzrp Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\mcmsc_sbqrkkueti6aird Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_769juxdyxt0kihf Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_l1vyzbjgv7tuqdz Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_n2vwa3nsqph3bq6 Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_u5x7but2l9g0de6 Status: Allocation size mismatch (API: 4096, Raw: 0) SSDT ------------------- #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "<unknown>" at address 0x87354cd8 #: 041 Function Name: NtCreateKey Status: Hooked by "<unknown>" at address 0x873e2238 #: 047 Function Name: NtCreateProcess Status: Hooked by "<unknown>" at address 0x873093d8 #: 048 Function Name: NtCreateProcessEx Status: Hooked by "<unknown>" at address 0x87309360 #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x87354fa8 #: 063 Function Name: NtDeleteKey Status: Hooked by "<unknown>" at address 0x87337d10 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "<unknown>" at address 0x87309450 #: 180 Function Name: NtQueueApcThread Status: Hooked by "<unknown>" at address 0x87354d50 #: 186 Function Name: NtReadVirtualMemory Status: Hooked by "<unknown>" at address 0x87354be8 #: 192 Function Name: NtRenameKey Status: Hooked by "<unknown>" at address 0x8739b0a8 #: 213 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x87354e40 #: 226 Function Name: NtSetInformationKey Status: Hooked by "<unknown>" at address 0x873560a8 #: 228 Function Name: NtSetInformationProcess Status: Hooked by "<unknown>" at address 0x87309270 #: 229 Function Name: NtSetInformationThread Status: Hooked by "<unknown>" at address 0x87354eb8 #: 247 Function Name: NtSetValueKey Status: Hooked by "<unknown>" at address 0x873550a8 #: 253 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x873091f8 #: 254 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x87354dc8 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xed1c7df0 #: 258 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x87354f30 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x87354c60 ==EOF==

Tomk View Member Profile	Aug 20 2009, 10:52 PM Post #5
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	PullMyBrainOut, And the DDS logs?

PullMyBrainOut View Member Profile	Aug 20 2009, 10:56 PM Post #6
New Member Group: Authentic Member Posts: 14 Joined: 13-August 09 Member No.: 87,320 Operating System: Windows XP	DDS.txt report: DDS (Ver_09-07-30.01) - NTFSx86 Run by Manny Bracamonte at 21:51:10.23 on Thu 08/20/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.239 [GMT -7:00] AV: McAfee VirusScan On-access scanning enabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall enabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\AOL\1132970356\ee\AOLSoftware.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\McAfee\MHN\McENUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe svchost.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\AOL 9.0a\waol.exe C:\Program Files\AOL 9.0a\shellmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Documents and Settings\Manny Bracamonte\Desktop\dds.pif C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.msn.com uDefault_Search_URL = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/ mSearchMigratedDefaultURL = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s mSearchURL = hxxp://www.google.com/ BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [Sonic RecordNow!] uRun: [SB Audigy 2 Startup Menu] /L:ENG uRun: [Walgreens PhotoShow Media Manager] "c:\progra~1\walgre~1\walgre~1\data\xtras\mssysmgr.exe" uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe" uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe" uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe" uRun: [AOL Fast Start] "c:\program files\aol 9.0a\AOL.EXE" -b mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [CTSysVol] "c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe" mRun: [CTDVDDet] "c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE" mRun: [CTHelper] "CTHELPER.EXE" mRun: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL mRun: [UpdReg] "c:\windows\UpdReg.EXE" mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe" mRun: [HostManager] "c:\program files\common files\aol\1132970356\ee\AOLSoftware.exe" mRun: [AOLDialer] "c:\program files\common files\aol\acs\AOLDial.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe" mRun: [BCMSMMSG] "BCMSMMSG.exe" mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [nwiz] "nwiz.exe" /install mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McENUI] "c:\progra~1\mcafee\mhn\McENUI.exe" /hide mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe" mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe" mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL Trusted Zone: ameritrade.com\wwws Trusted Zone: beckett.com Trusted Zone: craigslist.org\tucson Trusted Zone: ebay.com\k2b-bulk Trusted Zone: gnc.com\www Trusted Zone: hizbollah.org\english Trusted Zone: imagemonster.net\www Trusted Zone: intuit.com Trusted Zone: mcafee.com Trusted Zone: microsoft.com\office Trusted Zone: msn.com\www Trusted Zone: pima.edu\mypima Trusted Zone: piratesonline.com DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: 202a7999573 - c:\windows\system32\CTDetres32.dll AppInit_DLLs: c:\windows\system32\CTDetres32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = :\windows\system32\srrstutocPGe.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mannyb~1\applic~1\mozilla\firefox\profiles\1e4ut7u7.default\ FF - prefs.js: browser.startup.homepage - msn.com FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: XUL Cache: {BC085934-F44B-4E44-AA42-F094B4DF7B37} - c:\documents and settings\manny bracamonte\local settings\application data\{BC085934-F44B-4E44-AA42-F094B4DF7B37} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-28 210216] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2006-10-10 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-28 144704] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-8-30 1373480] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-4-21 4048240] R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-7-29 1205760] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-28 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-28 79880] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-28 35272] R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-28 34216] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-28 40552] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408] S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088] S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-1-2 20608] S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [2008-11-27 18048] =============== Created Last 30 ================ 2009-08-13 17:19 <DIR> --d----- c:\program files\Trend Micro 2009-08-13 16:19 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-08-12 15:15 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx 2009-08-12 15:14 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-08-06 17:59 29,234 a------- c:\windows\hpoins03.dat 2009-08-06 17:59 34,468 -------- c:\windows\hpomdl03.dat 2009-08-05 02:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll 2009-07-29 16:45 <DIR> --d----- c:\program files\MSSOAP 2009-07-29 16:43 164 a------- c:\windows\install.dat ==================== Find3M ==================== 2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-07 01:38 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2009-07-07 01:38 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll 2009-06-25 01:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 01:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 01:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 01:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 01:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 01:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-24 04:18 92,928 a------- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-12 05:31 76,288 a------- c:\windows\system32\telnet.exe 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-06-10 07:13 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-09 23:14 132,096 a------- c:\windows\system32\wkssvc.dll 2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll 2008-07-11 19:24 32 ac---r-- c:\documents and settings\all users\hash.dat 1999-07-06 17:00 6 -c-shr-- c:\windows\@desktop@.dat 2008-09-08 22:54 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat ============= FINISH: 21:52:36.06 ===============

PullMyBrainOut View Member Profile	Aug 20 2009, 10:58 PM Post #7
New Member Group: Authentic Member Posts: 14 Joined: 13-August 09 Member No.: 87,320 Operating System: Windows XP	Here is the attach.txt Attached File(s) Attach.txt ( 20.07K ) Number of downloads: 6

Tomk View Member Profile	Aug 20 2009, 11:07 PM Post #8
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	PullMyBrainOut, JavaRa ...by: Paul McLain and Fred de Vries Please download JavaRa (Copyright © 2008 RaProducts.org) and unzip it to your desktop. *Please close any instances of Internet Explorer before continuing!* Print these instructions...you won't have Internet access during this particular phase! Double-click on JavaRa.exe to start the program. From the drop-down menu, choose English or the appropriate language...and click on Select. JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer. Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK. A logfile will pop up. Please save it to a convenient location. Copy and paste the contents of the JavaRa log, in your next reply. Please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2 Ensure all Firefox windows are closed. To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista). When prompted to run the scan, click Yes. GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

PullMyBrainOut View Member Profile	Aug 20 2009, 11:25 PM Post #9
New Member Group: Authentic Member Posts: 14 Joined: 13-August 09 Member No.: 87,320 Operating System: Windows XP	Okay! Here is my JavaRa log: JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Aug 20 22:14:08 2009 Found and removed: C:\Program Files\Java\j2re1.4.2_04 Found and removed: C:\Program Files\Java\jre1.5.0_11 Found and removed: C:\Program Files\Java\jre1.6.0_03 Found and removed: C:\Program Files\Java\jre1.6.0_05 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: C:\Documents and Settings\Manny Bracamonte\Application Data\Sun\Java\jre1.6.0_11 Found and removed: C:\Documents and Settings\Manny Bracamonte\Application Data\Sun\Java\jre1.6.0_12 Found and removed: C:\Documents and Settings\Manny Bracamonte\Application Data\Sun\Java\jre1.6.0_13 Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142040} Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4 Found and removed: Software\JavaSoft\Java2D\1.5.0_07 Found and removed: Software\JavaSoft\Java2D\1.5.0_09 Found and removed: Software\JavaSoft\Java2D\1.5.0_11 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001 Found and removed: SOFTWARE\Classes\JavaPlugin.150_07 Found and removed: SOFTWARE\Classes\JavaPlugin.150_09 Found and removed: SOFTWARE\Classes\JavaPlugin.150_11 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\JavaPlugin.160_03 Found and removed: SOFTWARE\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142040} Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410204 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410204 Found and removed: SOFTWARE\Classes\JavaPlugin.142_04 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_04 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11 Found and removed: Software\Classes\JavaPlugin.142_04 Found and removed: Software\Classes\JavaPlugin.160_03 Found and removed: Software\Classes\JavaPlugin.160_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05 Found and removed: Software\JavaSoft\Java2D\1.6.0_03 Found and removed: Software\JavaSoft\Java2D\1.6.0_05 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410204 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Aug 20 22:14:59 2009 ------------------------------------ Finished reporting.

PullMyBrainOut View Member Profile	Aug 20 2009, 11:26 PM Post #10
New Member Group: Authentic Member Posts: 14 Joined: 13-August 09 Member No.: 87,320 Operating System: Windows XP	Here is the GooredFix log: GooredFix by jpshortstuff (12.07.09) Log created at 22:21 on 20/08/2009 (Manny Bracamonte) Firefox version 3.0.8 (en-US) ========== GooredScan ========== Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{BC085934-F44B-4E44-AA42-F094B4DF7B37} -> Success! Deleting C:\Documents and Settings\Manny Bracamonte\Local Settings\Application Data\{BC085934-F44B-4E44-AA42-F094B4DF7B37} -> Success! C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [23:51 09/04/2009] {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [03:32 11/12/2008] {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [05:04 11/06/2009] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:26 11/04/2009] "{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [15:22 28/04/2009] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [02:27 19/03/2009] -=E.O.F=-

Tomk View Member Profile	Aug 20 2009, 11:38 PM Post #11
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	PullMyBrainOut, That's looking better. Your Java is out of date. Java™ 6 can be updated from the Java Control Panel. Go Start > Control Panel(Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. Then Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Please post this log in your next reply.

PullMyBrainOut View Member Profile	Aug 21 2009, 03:47 PM Post #12
New Member Group: Authentic Member Posts: 14 Joined: 13-August 09 Member No.: 87,320 Operating System: Windows XP	Okay! After hours of scanning!! Here is the log: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Friday, August 21, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, August 21, 2009 08:59:45 Records in database: 2669597 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 157711 Threats found: 5 Infected objects found: 5 Suspicious objects found: 0 Scan duration: 02:40:09 File name / Threat / Threats count C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1 C:\Program Files\LimeWire\Music\Dean Martin - White Christmas.mp3 Infected: Trojan-Downloader.WMA.GetCodec.z 1 C:\Program Files\LimeWire\Music\que porque te quierro - best track ever.mp3 Infected: Trojan-Downloader.WMA.GetCodec.aa 1 C:\Program Files\LimeWire\Music\que porque te quierro.wma Infected: Trojan-Downloader.WMA.GetCodec.x 1 C:\Program Files\LimeWire\Music\searchin for my love huey - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1 Selected area has been scanned.

Tomk View Member Profile	Aug 21 2009, 04:02 PM Post #13
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	PullMyBrainOut, It appears the major source of your infection is illegal file sharing. Limewire You have Limewire, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/commun...protection.mspx http://www.techweb.com/wire/160500554 [url=http://www.internetworldstats.com/articles/art053.htm]http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm I would recommend that you uninstall Limewire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. If you wish to keep it, please do not use it until your computer is cleaned. Let's get a bigger hammer out and make sure we've got it all. Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatthetech.com/How_Disable_...ams_t96260.html Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. 3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 4. Combofix prevents autorun of ALL** CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

PullMyBrainOut View Member Profile	Aug 21 2009, 04:51 PM Post #14
New Member Group: Authentic Member Posts: 14 Joined: 13-August 09 Member No.: 87,320 Operating System: Windows XP	Ooooooookay! ComboFix Log: ComboFix 09-08-20.07 - Manny Bracamonte 08/21/2009 15:14.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.556 [GMT -7:00] Running from: c:\documents and settings\Manny Bracamonte\Desktop\ComboFix.exe AV: McAfee VirusScan On-access scanning disabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall enabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Manny Bracamonte\Application Data\02000000290db1be573C.manifest c:\documents and settings\Manny Bracamonte\Application Data\02000000290db1be573O.manifest c:\documents and settings\Manny Bracamonte\Application Data\02000000290db1be573P.manifest c:\documents and settings\Manny Bracamonte\Application Data\02000000290db1be573S.manifest c:\documents and settings\Manny Bracamonte\Application Data\alot c:\windows\Installer\1a3f16.msi c:\windows\Installer\1f7d6e9.msp c:\windows\Installer\2cb6502.msi c:\windows\Installer\2e1c366.msi c:\windows\Installer\32401f2.msp c:\windows\Installer\32401f3.msp c:\windows\Installer\32401f4.msp c:\windows\Installer\32401f5.msp c:\windows\Installer\32401f6.msp c:\windows\Installer\32401f7.msp c:\windows\Installer\32401f8.msp c:\windows\Installer\32401f9.msp c:\windows\Installer\32401fa.msp c:\windows\Installer\32b3811.msp c:\windows\Installer\32b3812.msp c:\windows\Installer\32b3813.msp c:\windows\Installer\32b3814.msp c:\windows\Installer\32b3815.msp c:\windows\Installer\32b3816.msp c:\windows\Installer\32b3817.msp c:\windows\Installer\32b3818.msp c:\windows\Installer\32b3819.msp c:\windows\Installer\32b381a.msp c:\windows\Installer\332110e.msp c:\windows\Installer\3321118.msp c:\windows\Installer\3321123.msp c:\windows\Installer\51370.msp c:\windows\Installer\730954d.msi c:\windows\Installer\97f9d2c.msp c:\windows\Installer\97f9d3f.msp c:\windows\Installer\97f9d53.msp c:\windows\Installer\97f9d66.msp c:\windows\Installer\97f9d7d.msp c:\windows\Installer\98e07c.msi c:\windows\Installer\f383bc.msi c:\windows\Installer\WMEncoder.msi c:\windows\system32\_003698_.tmp.dll c:\windows\system32\_003699_.tmp.dll c:\windows\system32\_003700_.tmp.dll c:\windows\system32\_003701_.tmp.dll c:\windows\system32\4M7G5mAqjqD8M.vbs c:\windows\system32\51geWEP.vbs c:\windows\system32\A34S6EA.vbs c:\windows\system32\Data c:\windows\system32\Data\CTP0243W.DAT c:\windows\system32\hCPuqde6856hKm9.vbs c:\windows\system32\OlDbfZdHETJfZ.vbs c:\windows\system32\TXu3MRGGySh0q.vbs c:\windows\system32\XCh0L.vbs . ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 ))))))))))))))))))))))))))))))) . 2009-08-21 05:41 . 2009-08-21 05:41 152576 ----a-w- c:\documents and settings\Manny Bracamonte\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-14 00:19 . 2009-08-14 00:19 -------- d-----w- c:\program files\Trend Micro 2009-08-13 23:19 . 2009-08-13 23:19 -------- d-----w- c:\windows\system32\wbem\Repository 2009-08-12 22:14 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-07 00:59 . 2009-08-07 01:29 29234 ----a-w- c:\windows\hpoins03.dat 2009-08-07 00:59 . 2003-08-11 08:07 34468 ------w- c:\windows\hpomdl03.dat 2009-08-06 03:29 . 2009-08-06 03:29 -------- d-----w- c:\documents and settings\Manny Bracamonte\Local Settings\Application Data\Downloaded Installations 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-29 23:45 . 2009-07-29 23:45 -------- d-----w- c:\program files\MSSOAP 2009-07-29 23:43 . 2009-07-29 23:43 164 ----a-w- c:\windows\install.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-21 22:25 . 2009-04-10 05:28 117760 ----a-w- c:\documents and settings\Manny Bracamonte\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-08-21 22:24 . 2007-09-19 23:06 -------- d-----w- c:\documents and settings\Manny Bracamonte\Application Data\WTablet 2009-08-21 22:22 . 2005-11-25 22:25 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat 2009-08-21 22:22 . 2005-11-25 22:25 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat 2009-08-21 06:00 . 2005-11-26 03:04 -------- d-----w- c:\documents and settings\Manny Bracamonte\Application Data\Webroot 2009-08-21 05:42 . 2005-12-01 21:53 -------- d-----w- c:\program files\Java 2009-08-19 00:28 . 2006-10-10 20:01 -------- d-----w- c:\program files\McAfee 2009-08-15 00:13 . 2008-09-30 15:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-13 23:17 . 2009-04-07 02:37 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-13 23:17 . 2008-09-24 23:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-13 22:58 . 2009-05-09 07:04 -------- d-----w- c:\program files\PokerStars.NET 2009-08-13 22:57 . 2009-05-10 02:48 -------- d-----w- c:\program files\PartyGaming 2009-08-12 22:46 . 2009-04-05 19:46 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-08 20:52 . 2005-12-14 02:00 -------- d-----w- c:\program files\LimeWire 2009-08-07 01:25 . 2006-01-12 18:51 -------- d-----w- c:\program files\HP 2009-08-05 09:01 . 2006-01-30 00:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 22:40 . 2006-08-09 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot 2009-08-03 22:39 . 2008-02-11 01:28 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-03 20:36 . 2008-09-24 23:38 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 20:36 . 2008-09-24 23:38 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-28 02:20 . 2008-11-23 17:51 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-25 12:23 . 2009-01-11 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 2006-01-30 00:30 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 06:43 . 2005-01-28 20:44 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 00:04 . 2006-08-23 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-07-07 08:38 . 2009-07-07 08:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2009-07-07 08:38 . 2009-07-07 08:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-07-05 20:01 . 2007-01-23 18:36 -------- d-----w- c:\documents and settings\Manny Bracamonte\Application Data\MSN6 2009-07-03 17:09 . 2006-01-30 00:29 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2006-01-30 00:30 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2006-01-30 00:29 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2006-01-30 00:29 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2006-01-30 00:29 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2006-01-30 00:29 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2006-01-30 00:29 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-24 11:18 . 2006-01-30 00:29 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2006-01-30 00:29 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2003-07-16 20:28 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 12:31 . 2006-01-30 00:29 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-11 05:01 . 2009-06-11 05:01 152576 ----a-w- c:\documents and settings\Manny Bracamonte\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-10 16:19 . 2006-01-30 00:30 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 14:13 . 2006-01-30 00:30 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:14 . 2006-01-30 00:29 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:09 . 2006-01-30 00:29 1291264 ----a-w- c:\windows\system32\quartz.dll 1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@desktop@.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SB Audigy 2 Startup Menu"="/L:ENG" [X] "Walgreens PhotoShow Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [2006-04-20 237568] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "AOL Fast Start"="c:\program files\AOL 9.0a\AOL.EXE" [2007-04-18 50736] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-17 4800512] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152] "CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "HostManager"="c:\program files\Common Files\AOL\1132970356\ee\AOLSoftware.exe" [2006-09-26 50736] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-13 180269] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-17 49152] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-26 645328] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-27 212992] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-02-20 28672] "AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-02-20 110592] "BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-05 1626112] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1132970356\\EE\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\AOL 9.0a\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\1132970356\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Common Files\\Adobe\\ESD\\AdobeDownloadManager.exe"= "c:\\Program Files\\Disney\\Disney Online\\PiratesOnline\\Launcher1.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\American McGee's Alice\\alice.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/28/2009 8:23 AM 210216] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [8/30/2007 11:54 AM 1373480] R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [7/29/2009 4:45 PM 1205760] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408] S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [1/2/2007 12:04 AM 20608] S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [11/27/2008 1:41 PM 18048] --- Other Services/Drivers In Memory --- NewlyCreated - ATWPKT2 Deregistered - ATWPKT2 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-08-07 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p psc 2400 seriesA3652443A372B157BFD83129692C2C2475483DE7249608473.job - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-27 01:50] 2009-07-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-28 17:53] 2009-08-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-28 17:53] 2009-08-21 c:\windows\Tasks\wrSpySweeper_LA41CC56BD5C44EB5B36DD9C8D9DA77B2.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-08-09 22:40] 2009-08-21 c:\windows\Tasks\wrSpySweeper_LA41CC56BD5C44EB5B36DD9C8D9DA77B2.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-08-09 22:40] 2009-08-21 c:\windows\Tasks\wrSpySweeper_LB5D16960A1E142CB80C74BCD1128AB90.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-08-09 22:40] 2009-08-21 c:\windows\Tasks\wrSpySweeper_LB5D16960A1E142CB80C74BCD1128AB90.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-08-09 22:40] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe HKCU-Run-Sonic RecordNow! - (no file) Notify-202a7999573 - c:\windows\System32\CTDetres32.dll SafeBoot-svcWRSSSDK . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.com uDefault_Search_URL = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/ mSearchMigratedDefaultURL = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s mSearchURL = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: ameritrade.com\wwws Trusted Zone: beckett.com Trusted Zone: craigslist.org\tucson Trusted Zone: ebay.com\k2b-bulk Trusted Zone: gnc.com\www Trusted Zone: hizbollah.org\english Trusted Zone: imagemonster.net\www Trusted Zone: intuit.com Trusted Zone: mcafee.com Trusted Zone: microsoft.com\office Trusted Zone: msn.com\www Trusted Zone: pima.edu\mypima Trusted Zone: piratesonline.com FF - ProfilePath - c:\documents and settings\Manny Bracamonte\Application Data\Mozilla\Firefox\Profiles\1e4ut7u7.default\ FF - prefs.js: browser.startup.homepage - msn.com FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-21 15:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1935655697-1965331169-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(728) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(5868) c:\windows\system32\WININET.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Common Files\aolshare\aolshcpy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\McAfee\MHN\McENUI.exe c:\program files\AOL 9.0a\waol.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\program files\HP\hpcoretech\comp\hptskmgr.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PSIService.exe c:\windows\wanmpsvc.exe c:\program files\Webroot\Spy Sweeper\SpySweeper.exe c:\windows\system32\WTablet\Pen_TabletUser.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\AOL 9.0a\shellmon.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************* . Completion time: 2009-08-21 15:34 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-21 22:34 Pre-Run: 98,939,723,776 bytes free Post-Run: 98,847,842,304 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 359 --- E O F --- 2009-08-19 10:00

Tomk View Member Profile	Aug 21 2009, 05:03 PM Post #15
Forum God Group: Classroom Teacher Posts: 11,227 Joined: 27-December 07 From: Sisters, OR Member No.: 75,503 Operating System: xp	PullMyBrainOut, That looks pretty good. Did you run Super Anti Spyware today? Let's take care of those infected files: COMBOFIX-Script Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: CODE File:: C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\toolbar\toolbr.exe C:\Program Files\LimeWire\Music\Dean Martin - White Christmas.mp3 C:\Program Files\LimeWire\Music\que porque te quierro - best track ever.mp3 C:\Program Files\LimeWire\Music\que porque te quierro.wma C:\Program Files\LimeWire\Music\searchin for my love huey - greatest hits.wma Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

« Next Oldest · Infections Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
General Hardware Turning External HDD On/Off with Computer	2	shbrooks	25	50 minutes ago Last post by: shbrooks
Infections Removal Virus, limited use on computer 12	16	Poopkabob	301	Today, 01:01 AM Last post by: Poopkabob
Infections Removal Computer freezes	6	renobruce	65	Yesterday, 11:43 PM Last post by: renobruce
Microsoft Windows™ Computer keeps shutting down - possible display driver problem?	4	whoopie	71	Yesterday, 05:33 PM Last post by: whoopie