My computer just started this yesterday. I ran Malwarebytes, SpyBot, SpySweeper, and SUPERAntiSpyware. All picked up their own thing and were quarantiened, but SpySweeper Internet COmmunication shield keeps popping up and blocking access to different websites every 15 seconds or so.

Also my computer is extremely slow when I turn the internet on. PLEASE help! I've done everthing I know!

two of MANY sites that keep getting blocked (these just happened to pop up while typing this)
www.klinksoftsare.com
komforochka.info







HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:56 PM, on 8/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1132970356\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] "CTHELPER.EXE"
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1132970356\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] "C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0a\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.gnc.com
O15 - Trusted Zone: http://www.imagemonster.net
O15 - Trusted Zone: *.intuit.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://mypima.pima.edu
O15 - Trusted Zone: *.piratesonline.com
O15 - Trusted Zone: http://*.piratesonline.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) -
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\CTDetres32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: 202a7999573 - C:\WINDOWS\System32\CTDetres32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 13369 bytes

I have not run SuperAnti Spyware today. It starts up on its own when I start my computer even after I've changed the settings.

Here is my newest log for combofix:

ComboFix 09-08-20.07 - Manny Bracamonte 08/21/2009 16:14.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.513 [GMT -7:00]
Running from: c:\documents and settings\Manny Bracamonte\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Manny Bracamonte\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\toolbar\toolbr.exe"
"c:\program files\LimeWire\Music\Dean Martin - White Christmas.mp3"
"c:\program files\LimeWire\Music\que porque te quierro - best track ever.mp3"
"c:\program files\LimeWire\Music\que porque te quierro.wma"
"c:\program files\LimeWire\Music\searchin for my love huey - greatest hits.wma"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\toolbar\toolbr.exe
c:\program files\LimeWire\Music\Dean Martin - White Christmas.mp3
c:\program files\LimeWire\Music\que porque te quierro - best track ever.mp3
c:\program files\LimeWire\Music\que porque te quierro.wma
c:\program files\LimeWire\Music\searchin for my love huey - greatest hits.wma

.
((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 05:41 . 2009-08-21 05:41 152576 ----a-w- c:\documents and settings\Manny Bracamonte\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-14 00:19 . 2009-08-14 00:19 -------- d-----w- c:\program files\Trend Micro
2009-08-13 23:19 . 2009-08-13 23:19 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-12 22:14 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 00:59 . 2009-08-07 01:29 29234 ----a-w- c:\windows\hpoins03.dat
2009-08-07 00:59 . 2003-08-11 08:07 34468 ------w- c:\windows\hpomdl03.dat
2009-08-06 03:29 . 2009-08-06 03:29 -------- d-----w- c:\documents and settings\Manny Bracamonte\Local Settings\Application Data\Downloaded Installations
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 23:45 . 2009-07-29 23:45 -------- d-----w- c:\program files\MSSOAP
2009-07-29 23:43 . 2009-07-29 23:43 164 ----a-w- c:\windows\install.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 22:43 . 2009-04-10 05:28 117760 ----a-w- c:\documents and settings\Manny Bracamonte\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-21 22:42 . 2007-09-19 23:06 -------- d-----w- c:\documents and settings\Manny Bracamonte\Application Data\WTablet
2009-08-21 22:22 . 2005-11-25 22:25 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2009-08-21 22:22 . 2005-11-25 22:25 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2009-08-21 06:00 . 2005-11-26 03:04 -------- d-----w- c:\documents and settings\Manny Bracamonte\Application Data\Webroot
2009-08-21 05:42 . 2005-12-01 21:53 -------- d-----w- c:\program files\Java
2009-08-19 00:28 . 2006-10-10 20:01 -------- d-----w- c:\program files\McAfee
2009-08-15 00:13 . 2008-09-30 15:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-13 23:17 . 2009-04-07 02:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-13 23:17 . 2008-09-24 23:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-13 22:58 . 2009-05-09 07:04 -------- d-----w- c:\program files\PokerStars.NET
2009-08-13 22:57 . 2009-05-10 02:48 -------- d-----w- c:\program files\PartyGaming
2009-08-12 22:46 . 2009-04-05 19:46 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-08 20:52 . 2005-12-14 02:00 -------- d-----w- c:\program files\LimeWire
2009-08-07 01:25 . 2006-01-12 18:51 -------- d-----w- c:\program files\HP
2009-08-05 09:01 . 2006-01-30 00:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 22:40 . 2006-08-09 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-08-03 22:39 . 2008-02-11 01:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 20:36 . 2008-09-24 23:38 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 20:36 . 2008-09-24 23:38 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 02:20 . 2008-11-23 17:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-25 12:23 . 2009-01-11 18:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2006-01-30 00:30 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2005-01-28 20:44 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 00:04 . 2006-08-23 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-07 08:38 . 2009-07-07 08:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-07 08:38 . 2009-07-07 08:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-05 20:01 . 2007-01-23 18:36 -------- d-----w- c:\documents and settings\Manny Bracamonte\Application Data\MSN6
2009-07-03 17:09 . 2006-01-30 00:29 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2006-01-30 00:30 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2006-01-30 00:29 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-01-30 00:29 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-01-30 00:29 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-01-30 00:29 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2006-01-30 00:29 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-24 11:18 . 2006-01-30 00:29 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2006-01-30 00:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2003-07-16 20:28 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2006-01-30 00:29 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-11 05:01 . 2009-06-11 05:01 152576 ----a-w- c:\documents and settings\Manny Bracamonte\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 16:19 . 2006-01-30 00:30 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2006-01-30 00:30 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2006-01-30 00:29 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2006-01-30 00:29 1291264 ----a-w- c:\windows\system32\quartz.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r- c:\windows\@desktop@.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-08-21_22.26.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-21 22:41 . 2009-08-21 22:41 16384 c:\windows\Temp\Perflib_Perfdata_820.dat
+ 2005-11-25 22:12 . 2009-08-21 22:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-11-25 22:12 . 2009-08-21 22:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-11-25 22:12 . 2009-08-21 22:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-11-25 22:12 . 2009-08-21 22:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-11-25 22:12 . 2009-08-21 22:41 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-11-25 22:12 . 2009-08-21 22:23 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-09 00:57 . 2009-08-21 22:41 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-04-09 00:57 . 2009-08-21 22:23 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SB Audigy 2 Startup Menu"="/L:ENG" [X]
"Walgreens PhotoShow Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [2006-04-20 237568]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"AOL Fast Start"="c:\program files\AOL 9.0a\AOL.EXE" [2007-04-18 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-17 4800512]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"HostManager"="c:\program files\Common Files\AOL\1132970356\ee\AOLSoftware.exe" [2006-09-26 50736]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-13 180269]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-17 49152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-26 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-27 212992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-02-20 110592]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-05 1626112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1132970356\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1132970356\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ESD\\AdobeDownloadManager.exe"=
"c:\\Program Files\\Disney\\Disney Online\\PiratesOnline\\Launcher1.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\American McGee's Alice\\alice.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/28/2009 8:23 AM 210216]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [8/30/2007 11:54 AM 1373480]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [7/29/2009 4:45 PM 1205760]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [1/2/2007 12:04 AM 20608]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [11/27/2008 1:41 PM 18048]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-08-07 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p psc 2400 seriesA3652443A372B157BFD83129692C2C2475483DE7249608473.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-27 01:50]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-28 17:53]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-28 17:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchURL = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: ameritrade.com\wwws
Trusted Zone: beckett.com
Trusted Zone: craigslist.org\tucson
Trusted Zone: ebay.com\k2b-bulk
Trusted Zone: gnc.com\www
Trusted Zone: hizbollah.org\english
Trusted Zone: imagemonster.net\www
Trusted Zone: intuit.com
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\office
Trusted Zone: msn.com\www
Trusted Zone: pima.edu\mypima
Trusted Zone: piratesonline.com
FF - ProfilePath - c:\documents and settings\Manny Bracamonte\Application Data\Mozilla\Firefox\Profiles\1e4ut7u7.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 16:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1965331169-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-08-21 16:26
ComboFix-quarantined-files.txt 2009-08-21 23:26
ComboFix2.txt 2009-08-21 22:34

Pre-Run: 98,853,654,528 bytes free
Post-Run: 98,789,457,920 bytes free

260 --- E O F --- 2009-08-19 10:00

PullMyBrainOut,

Log looks good


Time for some housekeeping

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
• Note the space between the X and the U, it needs to be there.
• 

The above procedure will:

• Implement some cleanup procedures.
• Reset System Restore.

Please re-enable any security that was disabled.

Now to remove most of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

Awesome. I do understand the above. Although when I restart my computer a black screen appears first asking me if how I would like to start Windows. Its only up for a few seconds and then the normal windows screen appears. Wondering if there is anyway to hide that. I've a brother and a father who try to "fix" things on the computer and I'd rather not have that screen displayed.

Also, Explorer and FireFox take longer than normal to load and that started a few months ago. I updated Explorer to see if that would fix it and it didn't. I figured after all this that you walked me through it would fix, but it hasn't. It takes about 15-30 seconds to start. For me its not that big of an issue, but before it only took 5seconds max to load. Just wondering if there is anyway to fix that. Other than that my PC is working great and the CPU is back to normal!

I just had a blue screen "Stop Error" on my computer.

The error codes I got were:

***STOP: 0X0000008E
(0XEBC2AB4C, 0XED430614, 0X00000000

PullMyBrainOut,

Let's give this a try:


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

K! finished the Scan. Here is the log, although my computer is going back to the 100% CPU Again after this scan.



setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AOL_OpenRide_1.23.16.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
ocpinst.exe\data527;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AOL_OpenRide_1.23.16.1\comps\ocpinst.exe;Probably BACKDOOR.Trojan;;
ocpinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AOL_OpenRide_1.23.16.1\comps;Archive contains infected objects;Moved.;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Documents and Settings\All Users\Application Data\AOL Downloads\kw_setupSTUS\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\kw_setupSTUS\comps\coach;Archive contains infected objects;Moved.;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\coach;Archive contains infected objects;Moved.;
config.000;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
avinst.exe\data004;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\avinst.exe;Probably BACKDOOR.Trojan;;
avinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;Moved.;
fwinst.exe/data004\data007;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\fwinst.exe/data004;Probably BACKDOOR.Trojan;;
data004;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;;
fwinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;Moved.;
pwinst.exe\data005;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\pwinst.exe;Probably BACKDOOR.Trojan;;
pwinst.exe/data008\data006;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\pwinst.exe/data008;Probably BACKDOOR.Trojan;;
data008;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;;
pwinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2;Probably BACKDOOR.Trojan;Incurable.Moved.;
config.000;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0;Probably BACKDOOR.Trojan;Incurable.Moved.;
avinst.exe\data004;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps\avinst.exe;Probably BACKDOOR.Trojan;;
avinst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps;Archive contains infected objects;Moved.;
fwinst.exe/data004\data007;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps\fwinst.exe/data004;Probably BACKDOOR.Trojan;;
data004;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps;Archive contains infected objects;;
fwinst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps;Archive contains infected objects;Moved.;
GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;Incurable.Moved.;
mcinst.exe;C:\Program Files\Common Files\McAfee\Installer;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0377941.exe\data527;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377941.exe;Probably BACKDOOR.Trojan;;
A0377941.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377942.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377942.exe;Adware.Gdown;;
A0377942.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377943.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377943.exe;Adware.Gdown;;
A0377943.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377944.exe\data004;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377944.exe;Probably BACKDOOR.Trojan;;
A0377944.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377945.exe/data004\data007;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377945.exe/data004;Probably BACKDOOR.Trojan;;
data004;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;;
A0377945.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377946.exe\data005;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377946.exe;Probably BACKDOOR.Trojan;;
A0377946.exe/data008\data006;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377946.exe/data008;Probably BACKDOOR.Trojan;;
data008;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;;
A0377946.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377947.exe\data004;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377947.exe;Probably BACKDOOR.Trojan;;
A0377947.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377948.exe/data004\data007;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377948.exe/data004;Probably BACKDOOR.Trojan;;
data004;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;;
A0377948.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AOL_OpenRide_1.23.16.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
ocpinst.exe\data527;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AOL_OpenRide_1.23.16.1\comps\ocpinst.exe;Probably BACKDOOR.Trojan;;
ocpinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AOL_OpenRide_1.23.16.1\comps;Archive contains infected objects;Moved.;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Documents and Settings\All Users\Application Data\AOL Downloads\kw_setupSTUS\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\kw_setupSTUS\comps\coach;Archive contains infected objects;Moved.;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\coach;Archive contains infected objects;Moved.;
config.000;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
avinst.exe\data004;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\avinst.exe;Probably BACKDOOR.Trojan;;
avinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;Moved.;
fwinst.exe/data004\data007;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\fwinst.exe/data004;Probably BACKDOOR.Trojan;;
data004;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;;
fwinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;Moved.;
pwinst.exe\data005;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\pwinst.exe;Probably BACKDOOR.Trojan;;
pwinst.exe/data008\data006;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps\pwinst.exe/data008;Probably BACKDOOR.Trojan;;
data008;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;;
pwinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.10.7.1\comps;Archive contains infected objects;Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2;Probably BACKDOOR.Trojan;Incurable.Moved.;
config.000;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0;Probably BACKDOOR.Trojan;Incurable.Moved.;
avinst.exe\data004;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps\avinst.exe;Probably BACKDOOR.Trojan;;
avinst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps;Archive contains infected objects;Moved.;
fwinst.exe/data004\data007;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps\fwinst.exe/data004;Probably BACKDOOR.Trojan;;
data004;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps;Archive contains infected objects;;
fwinst.exe;C:\Program Files\AOL\Installers\AOL Safety & Security Center 1.0\comps;Archive contains infected objects;Moved.;
GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;Incurable.Moved.;
mcinst.exe;C:\Program Files\Common Files\McAfee\Installer;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0377941.exe\data527;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377941.exe;Probably BACKDOOR.Trojan;;
A0377941.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377942.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377942.exe;Adware.Gdown;;
A0377942.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377943.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377943.exe;Adware.Gdown;;
A0377943.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377944.exe\data004;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377944.exe;Probably BACKDOOR.Trojan;;
A0377944.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377945.exe/data004\data007;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377945.exe/data004;Probably BACKDOOR.Trojan;;
data004;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;;
A0377945.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377946.exe\data005;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377946.exe;Probably BACKDOOR.Trojan;;
A0377946.exe/data008\data006;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377946.exe/data008;Probably BACKDOOR.Trojan;;
data008;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;;
A0377946.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377947.exe\data004;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377947.exe;Probably BACKDOOR.Trojan;;
A0377947.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;
A0377948.exe/data004\data007;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531\A0377948.exe/data004;Probably BACKDOOR.Trojan;;
data004;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;;
A0377948.exe;C:\System Volume Information\_restore{A8D96F6E-1E4E-4C0C-8FD2-BAC529E55B4D}\RP1531;Archive contains infected objects;Moved.;

PullMyBrainOut,

Your computer appears to have been infected by a backdoor trojan. These programs have the ability to steal passwords and other information from your system. If you use your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

• Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
• Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
• Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response, I'll now continue with instructions for cleaning.


Do you still use AOL?

There appears to be several BackDoor trojans in your AOL files.

Thanks for the quick reply! I'll let my dad know about the reformating since this is his computer, but if we should do that won't we lose the files we currently have saved on the computer?

PullMyBrainOut,

You backup the important things. Not programs. Stuff like pictures, music (as long as it wasn't downloaded with a sharing program).

The real important thing is that usernames and passwords are changed for... well... everything. Especially banks, but also any online gaming or any kind of secure access information. Make the changes from a different computer.

Due to inactivity this topic will be closed.
If you need help please start a new thread and post a new HJT log