Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post How did you find PC CLEANER PRO on my c ...
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory monitor motherboard network operating system printer problem ram registry router slow software sound svchost.exe toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Malware, Trojan, possibly Virus help needed! (New)

Page 1 of 2 1 2
Reply  
Thread Tools
fjvb's Avatar
Member with 37 posts.
  
Join Date: Sep 2010
05-Sep-2010, 09:24 PM #1
Exclamation Malware, Trojan, possibly Virus help needed!
I have Windows XP. I have had problems with sound not coming through the speakers, link re-directs when using Google, slow machine starts, and on and off again internet connections when rebooting, McAfee stopped running and comes up with a blank screen. My entire computer is now affected, when I try to use any program (Media Player, internet, Word, etc.) I get an error message stating "Security warning - Application cannot be executed. The file is infected. Do you want to activate your anti-virus software now?" Then an unfamiliar program tries to run a supposed anti-viral program and prompts me to make a purchase.

I am unable to use the internet; I get the message when trying to use Google "internet explorer warning - Using website may harm your computer!" I've tried restoring my computer in safe mode to an earlier point but it says it is unable. I was able to transfer all my important data to an external hard drive in safe mode.

Because my internet connection is compromised on that computer, I've run all the reports requested by downloading them from another computer and then run them in safe mode. See below; please help!

Hijack This
Logfile of random's system information tool 1.07 (written by random/random)
Run by Fil at 2010-09-05 15:12:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 127 GB (85%) free of 149 GB
Total RAM: 1014 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:12:43 PM, on 9/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1128568506\ee\aolsoftware.exe
c:\program files\common files\aol\1128568506\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1128568506\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AOL9~1.0\waol.exe
C:\PROGRA~1\AOL9~1.0\shellmon.exe
C:\Documents and Settings\Fil\Application Data\U3\485740116F035D12\LaunchPad.exe
C:\Documents and Settings\Fil\Desktop\RSIT.exe
C:\Program Files\trend micro\Fil.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100815074912.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128568506\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [dbiqdadn] C:\Documents and Settings\Fil\Local Settings\Application Data\mgfaexxkc\hfhvbbntssd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [exhvseqg] C:\Documents and Settings\Fil\Local Settings\Application Data\ebxqjifbf\fgvdtbytssd.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [rcncegff] C:\Documents and Settings\NetworkService\Local Settings\Application Data\jjwdvtqll\ugmfvqnshdw.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dbiqdadn] C:\Documents and Settings\Fil\Local Settings\Application Data\mgfaexxkc\hfhvbbntssd.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AOL9~1.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [exhvseqg] C:\Documents and Settings\Fil\Local Settings\Application Data\ebxqjifbf\fgvdtbytssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Ksobaxacod] rundll32.exe "C:\WINDOWS\msh31adt.dll",Startup (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rcncegff] C:\Documents and Settings\NetworkService\Local Settings\Application Data\jjwdvtqll\ugmfvqnshdw.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [wmsdk64_32.exe] C:\WINDOWS\TEMP\wmsdk64_32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [exhvseqg] C:\Documents and Settings\Fil\Local Settings\Application Data\ebxqjifbf\fgvdtbytssd.exe (User 'Default user')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDPass Class) - http://www.cdpass.com/cdkey/CDPass.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...9/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136613649093
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 12775 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{55D5B121-FFF7-405D-93E3-53B7620C1A30}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2010-05-03 245272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100815074912.dll [2010-05-31 73288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-04 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-04-06 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-04-06 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-04-06 114688]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"CTSysVol"=C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-10 90112]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2006-01-19 110592]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-26 86016]
"HostManager"=C:\Program Files\Common Files\AOL\1128568506\ee\AOLSoftware.exe [2006-09-25 50736]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [2006-01-19 11776]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 122941]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-12-05 282624]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-31 30192]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"MaxMenuMgr"=C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"dbiqdadn"=C:\Documents and Settings\Fil\Local Settings\Application Data\mgfaexxkc\hfhvbbntssd.exe []
"ISUSPM Startup"=c:\progra~1\common~1\instal~1\update~1\isuspm.exe [2004-07-27 221184]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"exhvseqg"=C:\Documents and Settings\Fil\Local Settings\Application Data\ebxqjifbf\fgvdtbytssd.exe []
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-07-01 1193848]
"rcncegff"=C:\Documents and Settings\NetworkService\Local Settings\Application Data\jjwdvtqll\ugmfvqnshdw.exe [2010-09-04 241152]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-23 68856]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"dbiqdadn"=C:\Documents and Settings\Fil\Local Settings\Application Data\mgfaexxkc\hfhvbbntssd.exe []
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-11-06 2356088]
"AOL Fast Start"=C:\PROGRA~1\AOL9~1.0\AOL.EXE [2007-01-23 50736]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-06 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFS vc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscs vc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefir e]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefir ek]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefir ek.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehid k]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehid k.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\1128568506\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1128568506\ee\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1128568506\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1128568506\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"K:\BitLord\BitLord.exe"="K:\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*isabled:Internet Explorer"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"L:\BitLord\BitLord.exe"="L:\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe"="C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\K]
shell\AutoRun\command - K:\.\EncryptionTool\MaxtorEncryption.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{03000d3f-dbea-11dc-bc0d-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{078165c8-e6ff-11db-bb7b-00038a000015}]
shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{3b386c88-1195-11dc-bb98-00038a000015}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{43b67856-f73f-11db-bb83-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{7f8c2f8d-ffbb-11dd-bca0-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{961c0639-0455-11de-bca3-00038a000015}]
shell\AutoRun\command - K:\.\EncryptionTool\MaxtorEncryption.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b8f16a00-844a-11de-bce5-00038a000015}]
shell\AutoRun\command - J:\LaunchU3.exe -a

======List of files/folders created in the last 3 months======
2010-09-04 11:06:58 ----AC---- C:\WINDOWS\system32\0.07360703213080044.exe
2010-07-30 22:34:47 ----AC---- C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll
2010-07-30 22:30:56 ----DC---- C:\Program Files\AnVi
2010-07-30 22:28:51 ----DC---- C:\WINDOWS\PRAGMAvpopseomks
======List of files/folders modified in the last 3 months======
2010-09-05 15:12:43 ----DC---- C:\Program Files\trend micro
2010-09-05 15:12:42 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-09-05 15:12:41 ----D---- C:\WINDOWS\Temp
2010-09-05 15:11:57 ----DC---- C:\Documents and Settings\Fil\Application Data\U3
2010-09-05 15:10:50 ----AC---- C:\VETlog.txt
2010-09-05 15:10:48 ----AC---- C:\WINDOWS\win.ini
2010-09-05 14:14:36 ----DC---- C:\Temp
2010-09-05 14:12:06 ----RDC---- C:\Program Files
2010-09-05 13:57:32 ----DC---- C:\WINDOWS
2010-09-05 12:08:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-05 09:52:36 ----AC---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2010-09-04 22:32:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-04 20:12:05 ----DC---- C:\WINDOWS\system32
2010-09-04 11:08:20 ----DC---- C:\WINDOWS\Prefetch
2010-08-31 21:02:27 ----D---- C:\WINDOWS\system32\FxsTmp
2010-08-21 09:02:37 ----DC---- C:\Program Files\McAfee.com
2010-08-20 22:57:30 ----DC---- C:\Program Files\McAfee
2010-08-20 22:57:09 ----DC---- C:\Program Files\Common Files\McAfee
2010-08-15 07:51:33 ----HDC---- C:\WINDOWS\inf
2010-08-15 07:49:21 ----D---- C:\WINDOWS\system32\drivers
2010-08-15 07:48:34 ----SD---- C:\WINDOWS\Tasks
2010-08-07 20:10:19 ----DC---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-07-23 09:48:59 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-16 09:25:35 ----SHDC---- C:\WINDOWS\Installer
2010-07-13 15:49:26 ----D---- C:\WINDOWS\system32\wbem
2010-07-13 15:49:24 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-01 21:12:46 ----D---- C:\WINDOWS\system32\config
2010-07-01 21:11:22 ----DC---- C:\WINDOWS\Registration
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2010-05-31 82952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2010-05-31 312616]
R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-05-31 88480]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 PRAGMAvpopseomks;PRAGMAvpopseomks; C:\WINDOWS\PRAGMAvpopseomks\PRAGMAd.sys [2010-07-30 52224]
S2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
S2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
S2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
S2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
S2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
S2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
S2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
S2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
S2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
S2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 ATWPKT2;ATWPKT2; \??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2010-05-31 55456]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-06 830684]
S3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
S3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
S3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
S3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2010-05-31 95568]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-05-31 152320]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-05-31 51688]
S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-05-31 88480]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2010-05-31 83496]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
S3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-09 840960]
S3 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
S2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2006-10-23 46640]
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-05-31 170144]
S2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
S2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-14 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-31 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-14 182768]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 364216]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------


DDS
DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Fil at 16:31:30.95 on Sun 09/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.654 [GMT -7:00]
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\AOL\1128568506\ee\aolsoftware.exe
c:\program files\common files\aol\1128568506\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1128568506\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AOL9~1.0\waol.exe
C:\PROGRA~1\AOL9~1.0\shellmon.exe
C:\Documents and Settings\Fil\Application Data\U3\485740116F035D12\LaunchPad.exe
C:\Documents and Settings\Fil\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100815074912.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [dbiqdadn] c:\documents and settings\fil\local settings\application data\mgfaexxkc\hfhvbbntssd.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [AOL Fast Start] "c:\progra~1\aol9~1.0\AOL.EXE" -b
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [HostManager] c:\program files\common files\aol\1128568506\ee\AOLSoftware.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] c:\program files\dell support center\gs_agent\custom\dsca.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [dbiqdadn] c:\documents and settings\fil\local settings\application data\mgfaexxkc\hfhvbbntssd.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [exhvseqg] c:\documents and settings\fil\local settings\application data\ebxqjifbf\fgvdtbytssd.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [rcncegff] c:\documents and settings\networkservice\local settings\application data\jjwdvtqll\ugmfvqnshdw.exe
dRun: [exhvseqg] c:\documents and settings\fil\local settings\application data\ebxqjifbf\fgvdtbytssd.exe
dRun: [Ksobaxacod] rundll32.exe "c:\windows\msh31adt.dll",Startup
dRun: [rcncegff] c:\documents and settings\networkservice\local settings\application data\jjwdvtqll\ugmfvqnshdw.exe
dRun: [wmsdk64_32.exe] c:\windows\temp\wmsdk64_32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136613649093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-15 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-15 82952]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-15 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-15 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-15 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-15 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-15 88480]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-6 93320]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-15 271480]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-15 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-15 170144]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2005-10-5 20160]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-15 55456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-2-15 30192]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-15 152320]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-15 51688]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-15 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-15 83496]
=============== Created Last 30 ================
2010-09-04 18:06:58 96256 -c--a-w- c:\windows\system32\0.07360703213080044.exe
2010-08-15 14:49:11 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-15 14:48:55 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-15 14:48:55 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-08-15 14:48:55 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-15 14:48:55 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-08-15 14:48:55 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-15 14:48:55 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-15 14:48:55 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-15 14:48:55 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-15 14:48:55 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-07 03:12:45 664 -c--a-w- c:\windows\system32\d3d9caps.dat
==================== Find3M ====================
2010-09-05 00:56:41 1175 -c--a-w- c:\docume~1\alluse~1\applic~1\pragmamfeklnmal.dll
2010-07-02 02:17:30 66 -c--a-w- c:\program files\wp4.dat
2010-07-02 02:17:30 3 -c--a-w- c:\program files\wp3.dat
2010-07-02 01:59:34 36 -c--a-w- c:\program files\skynet.dat
2008-07-16 06:31:09 56 -csh--r- c:\windows\system32\9927772B73.sys
2008-07-16 06:31:09 1786 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-23 06:11:13 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-19 16:33:05 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat
============= FINISH: 16:33:29.04 ===============


ARK
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-05 16:36:31
Windows 5.1.2600 Service Pack 3
Running: 5fhsourj.exe; Driver: C:\DOCUME~1\Fil\LOCALS~1\Temp\awdoapod.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7598D74]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7598D88]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Register for free to hide this ad!
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
06-Sep-2010, 07:11 AM #2
Please run the following:

Note: both these programs will run directly from USB


Please download exeHelper to your desktop. (or in your case > to USB > transfer to ailing computer)
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).



NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
__________________
Microsoft MVP - 2010, 2011
fjvb's Avatar
Member with 37 posts.
  
Join Date: Sep 2010
06-Sep-2010, 02:16 PM #3
Thank you for your help!

During ComboFix, when I went to save NIRCMD the dialogue box disappeared and didn't prompt me where to save it and I actually didn't see it saved on the desktop. However it continued to run the program.

I kept getting the message "NIRCMD is not recognized as an internal or external command, operable program or batch file" or "the system cannot find NIRCMD" or "Windows cannot find NIRCMD, make sure the name is typed correctly and try again to search for file click start and then search."

ComboFix continued to run its process. I don't know that it ran properly if NIRCMD didn't install and I kept getting messages. See logs below:


exeHelper by Raktor
Build 20100414
Run at 09:10:52 on 09/06/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


ComboFix 10-09-04.06 - Fil 09/06/2010 9:33.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.667 [GMT -7:00]
Running from: c:\documents and settings\Fil\Desktop\ComboFix.exe
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Fil\LOCALS~1\Temp\wscsvc32.exe
c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\NetworkService\Local Settings\Application Data\jjwdvtqll
c:\documents and settings\NetworkService\Local Settings\Application Data\jjwdvtqll\ugmfvqnshdw.exe
c:\program files\AnVi
c:\program files\AnVi\avt.db
c:\program files\Data Protection
c:\program files\Data Protection\dat.db
c:\program files\skynet.dat
c:\program files\wp3.dat
c:\program files\wp4.dat
c:\windows\msh31adt.dll
c:\windows\PRAGMAvpopseomks
c:\windows\PRAGMAvpopseomks\pragmabbr.dll
c:\windows\PRAGMAvpopseomks\PRAGMAc.dll
c:\windows\PRAGMAvpopseomks\PRAGMAcfg.ini
c:\windows\PRAGMAvpopseomks\pragmaserf.dll
c:\windows\PRAGMAvpopseomks\PRAGMAsrcr.dat
c:\windows\settings.reg
c:\windows\system32\0.07360703213080044.exe
c:\windows\system32\bszip.dll
c:\windows\system32\Data
c:\windows\system32\PRAGMAerrors.log
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PRAGMAVPOPSEOMKS
-------\Service_PRAGMAvpopseomks

((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.
2010-09-06 16:32 . 2010-09-06 16:32 -------- dc----w- c:\windows\LastGood.Tmp
2010-09-06 16:16 . 2010-09-06 16:19 -------- dc----r- C:\32788R22FWJFW
2010-09-05 01:29 . 2010-09-05 01:29 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2010-09-04 18:25 . 2010-09-04 18:25 -------- dcsh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-15 14:49 . 2010-06-01 03:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-15 14:48 . 2010-06-01 03:32 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-15 14:48 . 2010-06-01 03:32 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-08-15 14:48 . 2010-06-01 03:32 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-15 14:48 . 2010-06-01 03:32 82952 -c--a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-08-15 14:48 . 2010-06-01 03:32 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-15 14:48 . 2010-06-01 03:32 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-15 14:48 . 2010-06-01 03:32 385880 -c--a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-15 14:48 . 2010-06-01 03:32 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-15 14:48 . 2010-06-01 03:32 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-08 17:45 . 2010-08-08 17:47 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 16:05 . 2007-04-11 16:46 -------- dc----w- c:\documents and settings\Fil\Application Data\U3
2010-09-05 22:12 . 2010-05-22 14:59 -------- dc----w- c:\program files\trend micro
2010-09-05 03:12 . 2008-10-16 17:59 1100 -c--a-w- c:\windows\system32\d3d8caps.dat
2010-08-27 05:16 . 2010-08-07 03:12 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2010-08-21 16:02 . 2005-09-17 03:53 -------- dc----w- c:\program files\McAfee.com
2010-08-21 05:57 . 2005-10-07 04:27 -------- dc----w- c:\program files\McAfee
2010-08-21 05:57 . 2007-02-09 17:48 -------- dc----w- c:\program files\Common Files\McAfee
2010-08-08 03:10 . 2007-01-20 06:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2008-07-16 06:31 . 2005-10-06 03:18 56 -csh--r- c:\windows\system32\9927772B73.sys
2008-07-16 06:31 . 2005-10-06 03:18 1786 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-07 2356088]
"AOL Fast Start"="c:\progra~1\AOL9~1.0\AOL.EXE" [2007-01-23 50736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"HostManager"="c:\program files\Common Files\AOL\1128568506\ee\AOLSoftware.exe" [2006-09-26 50736]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-06 282624]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-01 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-29 181544]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1193848]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1128568506\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\AOL\\1128568506\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/15/2010 7:48 AM 82952]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 5:42 PM 156968]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/6/2008 4:42 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/15/2010 7:48 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/15/2010 7:48 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/15/2010 7:49 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/15/2010 7:48 AM 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/15/2010 7:48 AM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/15/2010 7:48 AM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/15/2010 7:48 AM 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 9:34 AM 135664]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [10/5/2005 11:26 AM 20160]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/15/2007 10:50 AM 30192]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/15/2010 7:48 AM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/15/2010 7:48 AM 83496]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 16:34]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 16:34]
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{55D5B121-FFF7-405D-93E3-53B7620C1A30}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-dbiqdadn - c:\documents and settings\Fil\Local Settings\Application Data\mgfaexxkc\hfhvbbntssd.exe
HKLM-Run-dbiqdadn - c:\documents and settings\Fil\Local Settings\Application Data\mgfaexxkc\hfhvbbntssd.exe
HKLM-Run-exhvseqg - c:\documents and settings\Fil\Local Settings\Application Data\ebxqjifbf\fgvdtbytssd.exe
HKU-Default-Run-exhvseqg - c:\documents and settings\Fil\Local Settings\Application Data\ebxqjifbf\fgvdtbytssd.exe
HKU-Default-Run-Ksobaxacod - c:\windows\msh31adt.dll
AddRemove-BitLord - l:\bitlord\uninst.exe
AddRemove-KLiteCodecPack_is1 - l:\k-lite codec pack\unins000.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 09:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\Rundll32.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\progra~1\AOL9~1.0\waol.exe
c:\program files\common files\aol\1128568506\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\progra~1\AOL9~1.0\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-09-06 10:04:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-06 17:04
Pre-Run: 131,567,558,656 bytes free
Post-Run: 133,458,268,160 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3CEA724BD547D95972840AC31C589838
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
06-Sep-2010, 02:29 PM #4
Hi

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"3246:TCP"=-
"2479:TCP"=-

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6092
Trusted Zone: musicmatch.com\online
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Download and run HAMeb_check.exe save it to your desktop.

Click on the icon to run it, when complete it will open a log for you, please post the content of the log in your next reply.

Note: The log is temporary - it will not be saved when closed, so please be sure to copy the content so that you can paste it into your next reply before you close the log
__________________
Microsoft MVP - 2010, 2011
fjvb's Avatar
Member with 37 posts.
  
Join Date: Sep 2010
06-Sep-2010, 05:32 PM #5
ComboFix 10-09-06.02 - Fil 09/06/2010 13:09:39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.598 [GMT -7:00]
Running from: c:\documents and settings\Fil\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Fil\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\1033\CompatL.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\1033\DwnloadL.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\1033\L10NRes.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\1033\PDUPluginRes.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\1033\SysCheckL.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\CodeRes.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\Compat.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\Dwnload.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\Install.exe
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\InstProg.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\McBrwsr2.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\McUtil.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\MispLF.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\PDUPlugin.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SelfProtect\Win32\aploader.exe
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SelfProtect\Win32\mfeapfa.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SelfProtect\Win32\mfeapfk.sys
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SelfProtect\Win32\mfehida.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SelfProtect\Win32\mfehidin.exe
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SelfProtect\Win32\mfehidk.sys
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SelfProtect\Win64\aploader.exe
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SelfProtect\Win64\mfeapfa.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SelfProtect\Win64\mfeapfk.sys
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SelfProtect\Win64\mfehida.dll
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SelfProtect\Win64\mfehidin.exe
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SelfProtect\Win64\mfehidk.sys
c:\docume~1\Fil\LOCALS~1\Temp\McInstallTemp\SysCheck.dll
c:\documents and settings\Fil\GoToAssistDownloadHelper.exe
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\1033\CompatL.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\1033\DwnloadL.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\1033\L10NRes.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\1033\PDUPluginRes.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\1033\SysCheckL.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\CodeRes.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\Compat.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\Dwnload.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\Install.exe
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\InstProg.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\McBrwsr2.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\McUtil.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\MispLF.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\PDUPlugin.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win32\aploader.exe
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win32\mfeapfa.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win32\mfeapfk.sys
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win32\mfehida.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win32\mfehidin.exe
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win32\mfehidk.sys
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win64\aploader.exe
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win64\mfeapfa.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win64\mfeapfk.sys
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win64\mfehida.dll
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win64\mfehidin.exe
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win64\mfehidk.sys
c:\documents and settings\Fil\Local Settings\temp\McInstallTemp\SysCheck.dll
.
((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.
2010-09-06 18:50 . 2010-09-06 18:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Citrix
2010-09-06 18:30 . 2010-09-06 18:30 -------- dc----w- c:\program files\Citrix
2010-09-06 18:30 . 2010-09-06 18:30 -------- dc----w- c:\documents and settings\Fil\Local Settings\Application Data\Citrix
2010-09-05 01:29 . 2010-09-05 01:29 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2010-09-04 18:25 . 2010-09-04 18:25 -------- dcsh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-08 17:45 . 2010-08-08 17:47 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 19:37 . 2005-10-07 04:28 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-09-06 16:05 . 2010-09-06 16:05 1859584 -c--a-w- c:\documents and settings\Fil\Application Data\U3\485740116F035D12\LaunchPad.exe
2010-09-06 16:05 . 2007-04-11 16:46 -------- dc----w- c:\documents and settings\Fil\Application Data\U3
2010-09-05 22:12 . 2010-05-22 14:59 -------- dc----w- c:\program files\trend micro
2010-09-05 03:12 . 2008-10-16 17:59 1100 -c--a-w- c:\windows\system32\d3d8caps.dat
2010-08-27 05:16 . 2010-08-07 03:12 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2010-08-08 03:10 . 2010-08-08 03:10 27630760 -c--a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-08-08 03:10 . 2007-01-20 06:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-27 03:54 . 2010-07-27 03:54 452104 -c--a-w- c:\documents and settings\Fil\Application Data\Real\Update\setup3.12\setup.exe
2010-06-15 00:23 . 2010-08-08 03:10 607472 -c--a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2008-07-16 06:31 . 2005-10-06 03:18 56 -csh--r- c:\windows\system32\9927772B73.sys
2008-07-16 06:31 . 2005-10-06 03:18 1786 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"HostManager"="c:\program files\Common Files\AOL\1128568506\ee\AOLSoftware.exe" [2006-09-26 50736]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-06 282624]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-01 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-29 181544]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1128568506\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\AOL\\1128568506\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 5:42 PM 156968]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 9:34 AM 135664]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [10/5/2005 11:26 AM 20160]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/15/2007 10:50 AM 30192]
.
Contents of the 'Scheduled Tasks' folder
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 16:34]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 16:34]
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{55D5B121-FFF7-405D-93E3-53B7620C1A30}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 13:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1376)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\Rundll32.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\common files\aol\1128568506\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-09-06 13:25:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-06 20:25
ComboFix2.txt 2010-09-06 17:04
Pre-Run: 135,475,732,480 bytes free
Post-Run: 135,556,222,976 bytes free
- - End Of File - - 6D949A3256D4784364BA3FE8752C5BB2



HAMeb
C:\Documents and Settings\Fil\Desktop\HAMeb_check.exe
Mon 09/06/2010 at 13:30:07.87
Account active Yes
Local Group Memberships *Administrators
~~ Checking profile list ~~
S-1-5-21-2829982825-1445443841-2811999404-1005
%SystemDrive%\Documents and Settings\HelpAssistant.DCM4JH81
~~ Checking for HelpAssistant directories ~~
HelpAssistant
HelpAssistant.DCM4JH81
~~ Checking mbr ~~
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !
~~ Checking for termsrv32.dll ~~
termsrv32.dll present!

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll
~~ Checking firewall ports ~~
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\Global lyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"3246:TCP"=3246:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"3246:TCP"=3246:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services

~~ EOF ~~
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
06-Sep-2010, 05:48 PM #6
Hi

Please do the following:


Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.

Double click the file to run it and follow any prompts.

If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.

Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.

Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.

Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.


**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
__________________
Microsoft MVP - 2010, 2011
fjvb's Avatar
Member with 37 posts.
  
Join Date: Sep 2010
06-Sep-2010, 07:44 PM #7
HelpAsst Mebroot
C:\Documents and Settings\Fil\Desktop\HelpAsst_mebroot_fix.exe
Mon 09/06/2010 at 14:33:40.21
HelpAssistant account is Active ~ attempting to de-activate
Account active Yes
Local Group Memberships *Administrators
HelpAssistant successfully set Inactive
~~ Checking for termsrv32.dll ~~
termsrv32.dll present! ~ attempting to remove
termsrv32.dll successfully removed
~~ Checking firewall ports ~~
backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports
HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\global lyopenports\list
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"3246:TCP"=-
"2479:TCP"=-
backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports
HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\glob allyopenports\list
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"3246:TCP"=-
"2479:TCP"=-
~~ Checking profile list ~~
HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-2829982825-1445443841-2811999404-1005
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant.DCM4JH81 ~ attempting to remove
~ All C:\Documents and Settings\HelpAssistant.DCM4JH81 files successfully removed ~
~~ Checking mbr ~~
user & kernel MBR OK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Status check on Mon 09/06/2010 at 15:42:41.37
Account active No
Local Group Memberships
~~ Checking mbr ~~
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !
~~ Checking for termsrv32.dll ~~
termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll
~~ Checking profile list ~~
No HelpAssistant profile in registry
~~ Checking for HelpAssistant directories ~~
HelpAssistant
~~ Checking firewall ports ~~
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\Global lyOpenPorts\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]

~~ EOF ~~
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
06-Sep-2010, 07:55 PM #8
Good

Please do the following:
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT



Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
__________________
Microsoft MVP - 2010, 2011
fjvb's Avatar
Member with 37 posts.
  
Join Date: Sep 2010
06-Sep-2010, 08:06 PM #9
When I try to update Malware I get the error message "An error occurred. Please report the following error code to the Malware support team. Error Code: 732 (0, 0).

Does it need to be removed and re-installed?
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
06-Sep-2010, 08:42 PM #10
Yes,
  1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
  2. Restart your computer (very important).
  3. Download and run this utility.
  4. It will ask to restart your computer (please allow it to).
  5. After the computer restarts, install the latest version from here.
fjvb's Avatar
Member with 37 posts.
  
Join Date: Sep 2010
07-Sep-2010, 02:19 AM #11
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4557
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/6/2010 5:25:40 PM
mbam-log-2010-09-06 (17-25-40).txt
Scan type: Quick scan
Objects scanned: 157653
Time elapsed: 6 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\CLJZ4I8W\eH8b546d32V0100f080006R00000000102Tc0531ddb201l0 40930dP000301080[1] (Malware.Packer) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, September 6, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 06, 2010 21:10:42
Records in database: 4200731
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics:
Objects scanned: 157025
Threats found: 24
Infected objects found: 65
Suspicious objects found: 0
Scan duration: 03:47:12

File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP3D7.tmp\aspapp\setup.exe Infected: Trojan.Win32.Agent.ehmr 1
C:\Documents and Settings\Fil\Application Data\Sun\Java\Deployment\cache\6.0\14\527e030e-31176b18 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\Fil\Application Data\Sun\Java\Deployment\cache\6.0\14\527e030e-31176b18 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\Fil\Application Data\Sun\Java\Deployment\cache\6.0\14\527e030e-31176b18 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\Fil\Application Data\Sun\Java\Deployment\cache\6.0\2\1f3f8202-143e3953 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Fil\Application Data\Sun\Java\Deployment\cache\6.0\56\9b47178-1bc587b2 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Fil\Application Data\Sun\Java\Deployment\cache\6.0\8\73bbfa48-37a1074e Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\Fil\Application Data\Sun\Java\Deployment\cache\6.0\8\73bbfa48-37a1074e Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\Fil\Application Data\Sun\Java\Deployment\cache\6.0\8\73bbfa48-37a1074e Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\jar_cache4618822120641265874.tmp Infected: Trojan-Downloader.Java.Agent.ah 2
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\jar_cache6954499488107030359.tmp Infected: Trojan-Downloader.Java.Agent.ad 1
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\jar_cache6954499488107030359.tmp Infected: Trojan-Downloader.Java.Agent.ae 1
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\begp[1].pdf Infected: Exploit.JS.Pdfka.ama 1
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\news[1].htm Infected: Trojan-Downloader.JS.Agent.etf 1
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\OR7SX0SP\cnf[1].htm Infected: Trojan.JS.Agent.axf 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\26\575401da-3535e3f9 Infected: Trojan-Downloader.Java.Agent.cf 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\8\380a4e88-4addad57 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\8\380a4e88-4addad57 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\8\380a4e88-4addad57 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\60c7b913-33b42205 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\60c7b913-33b42205 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\60c7b913-33b42205 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-705e64ae Infected: Trojan-Downloader.Java.Agent.fx 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-705e64ae Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-705e64ae Infected: Trojan-Downloader.Java.Agent.fy 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\39\653f5167-3b2a1029 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\39\653f5167-3b2a1029 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\39\653f5167-3b2a1029 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\jar_cache4618822120641265874.tmp Infected: Trojan-Downloader.Java.Agent.ah 2
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\jar_cache6954499488107030359.tmp Infected: Trojan-Downloader.Java.Agent.ad 1
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\jar_cache6954499488107030359.tmp Infected: Trojan-Downloader.Java.Agent.ae 1
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\KbQa.dll Infected: Backdoor.Win32.Sinowal.fox 1
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\begp[1].pdf Infected: Exploit.JS.Pdfka.ama 1
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\news[1].htm Infected: Trojan-Downloader.JS.Agent.etf 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win32\_aploader_.exe.zip Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win32\_mfeapfk_.sys.zip Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win32\_mfehidk_.sys.zip Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\Local Settings\temp\McInstallTemp\SelfProtect\Win64\_mfehida_.dll.zip Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\Local Settings\temp\McInstallTemp\_Compat_.dll.zip Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\Local Settings\temp\McInstallTemp\_Install_.exe.zip Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\Local Settings\temp\McInstallTemp\_McUtil_.dll.zip Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\Local Settings\temp\McInstallTemp\_PDUPlugin_.dll.zip Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\LOCALS~1\temp\McInstallTemp\Compat.dll.vir Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\LOCALS~1\temp\McInstallTemp\Install.exe.vir Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\LOCALS~1\temp\McInstallTemp\McUtil.dll.vir Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\LOCALS~1\temp\McInstallTemp\PDUPlugin.dll.vir Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\LOCALS~1\temp\McInstallTemp\SelfProtect\Win32\aploader.exe.vir Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\LOCALS~1\temp\McInstallTemp\SelfProtect\Win32\mfeapfk.sys.vir Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\LOCALS~1\temp\McInstallTemp\SelfProtect\Win32\mfehidk.sys.vir Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\Fil\LOCALS~1\temp\McInstallTemp\SelfProtect\Win64\mfehida.dll.vir Infected: Packed.Win32.Krap.hc 1
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\jjwdvtqll\ugmfvqnshdw.exe.vir Infected: Trojan-Dropper.Win32.Agent.cybv 1
C:\Qoobox\Quarantine\C\WINDOWS\msh31adt.dll.vir Infected: Trojan-Downloader.Win32.Mufanom.aegn 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1040\A0547884.exe Infected: Trojan-Dropper.Win32.Agent.cybv 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1040\A0547909.exe Infected: Trojan-Downloader.Win32.Mufanom.aeka 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1040\A0548789.exe Infected: Trojan.Win32.Tdss.bkfi 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1042\A0549840.sys Infected: Virus.Win32.TDSS.b 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1042\A0549896.sys Infected: Trojan.Win32.TDSS.beeb 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1042\A0549903.exe Infected: Trojan-Dropper.Win32.Agent.cybv 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1042\A0549904.dll Infected: Trojan-Downloader.Win32.Mufanom.aegn 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1042\A0549905.dll Infected: Trojan.Win32.TDSS.beea 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1042\A0549906.dll Infected: Trojan.Win32.TDSS.beea 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1042\A0549908.dll Infected: Trojan.Win32.TDSS.beea 1
Selected area has been scanned.
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
07-Sep-2010, 07:38 PM #12
Hi

We need to update your Java and empty your Java cache, then delete those infected files:

Please do the following:


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 21 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 21 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


NEXT
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
File::
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP3D7.tmp\aspapp\setup.exe 
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\jar_cache4618822120641265874.tmp 
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\jar_cache6954499488107030359.tmp
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\jar_cache6954499488107030359.tmp
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\begp[1].pdf 
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\news[1].htm 
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\OR7SX0SP\cnf[1].htm 
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\jar_cache4618822120641265874.tmp
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\jar_cache6954499488107030359.tmp 
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\jar_cache6954499488107030359.tmp 
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\KbQa.dll 
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\begp[1].pdf 
C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\news[1].htm
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
__________________
Microsoft MVP - 2010, 2011
fjvb's Avatar
Member with 37 posts.
  
Join Date: Sep 2010
07-Sep-2010, 11:29 PM #13
ComboFix 10-09-07.01 - Fil 09/07/2010 19:15:46.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.524 [GMT -7:00]
Running from: c:\documents and settings\Fil\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Fil\Desktop\CFScript.txt
FILE ::
"c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP3D7.tmp\aspapp\setup.exe"
"c:\documents and settings\HelpAssistant\Local Settings\Temp\jar_cache4618822120641265874.tmp"
"c:\documents and settings\HelpAssistant\Local Settings\Temp\jar_cache6954499488107030359.tmp"
"c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\begp[1].pdf"
"c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\news[1].htm"
"c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\OR7SX0SP\cnf[1].htm"
"c:\helpasst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\jar_cache4618822120641265874.tmp"
"c:\helpasst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\jar_cache6954499488107030359.tmp"
"c:\helpasst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\KbQa.dll"
"c:\helpasst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\begp[1].pdf"
"c:\helpasst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\news[1].htm"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP3D7.tmp\aspapp\setup.exe
c:\documents and settings\HelpAssistant\Local Settings\Temp\jar_cache4618822120641265874.tmp
c:\documents and settings\HelpAssistant\Local Settings\Temp\jar_cache6954499488107030359.tmp
c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\begp[1].pdf
c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\news[1].htm
c:\documents and settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\OR7SX0SP\cnf[1].htm
c:\helpasst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\jar_cache4618822120641265874.tmp
c:\helpasst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\jar_cache6954499488107030359.tmp
c:\helpasst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temp\KbQa.dll
c:\helpasst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\begp[1].pdf
c:\helpasst_backup\C\DOCUME~1\HELPAS~1.DCM\Local Settings\Temporary Internet Files\Content.IE5\KGM08F7C\news[1].htm
.
((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.
2010-09-08 02:03 . 2010-09-08 02:03 61440 -c--a-w- c:\documents and settings\Fil\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-369486c3-n\decora-sse.dll
2010-09-08 02:03 . 2010-09-08 02:03 503808 -c--a-w- c:\documents and settings\Fil\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-18ab1bbd-n\msvcp71.dll
2010-09-08 02:03 . 2010-09-08 02:03 499712 -c--a-w- c:\documents and settings\Fil\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-18ab1bbd-n\jmc.dll
2010-09-08 02:03 . 2010-09-08 02:03 348160 -c--a-w- c:\documents and settings\Fil\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-18ab1bbd-n\msvcr71.dll
2010-09-08 02:03 . 2010-09-08 02:03 12800 -c--a-w- c:\documents and settings\Fil\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-369486c3-n\decora-d3d.dll
2010-09-08 02:03 . 2010-09-08 02:03 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-09-08 02:03 . 2010-09-08 02:03 -------- dc----w- c:\program files\Java
2010-09-07 00:17 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 00:17 . 2010-09-07 00:17 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 00:17 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 22:15 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-06 22:15 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-06 21:33 . 2010-09-06 21:33 -------- dc----w- C:\HelpAsst_backup
2010-09-06 18:50 . 2010-09-06 18:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Citrix
2010-09-06 18:30 . 2010-09-06 18:30 -------- dc----w- c:\program files\Citrix
2010-09-06 18:30 . 2010-09-06 18:30 -------- dc----w- c:\documents and settings\Fil\Local Settings\Application Data\Citrix
2010-09-06 16:05 . 2010-09-06 16:05 1859584 -c--a-w- c:\documents and settings\Fil\Application Data\U3\485740116F035D12\LaunchPad.exe
2010-09-05 01:29 . 2010-09-05 01:29 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2010-09-04 18:25 . 2010-09-04 18:25 -------- dcsh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-27 05:32 . 2006-12-11 17:20 180224 -c--a-w- c:\documents and settings\Fil\Application Data\U3\0000187115733C81\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\U3AppWrapper.exe
2010-08-27 05:32 . 2006-12-11 17:20 983829 -c--a-w- c:\documents and settings\Fil\Application Data\U3\0000187115733C81\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\master.exe
2010-08-27 05:32 . 2006-12-11 17:20 72192 -c--a-w- c:\documents and settings\Fil\Application Data\U3\0000187115733C81\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKLIST.EXE
2010-08-27 05:32 . 2006-12-11 17:20 72192 -c--a-w- c:\documents and settings\Fil\Application Data\U3\0000187115733C81\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKKILL.EXE
2010-08-27 05:32 . 2006-12-11 17:20 325 -c--a-w- c:\documents and settings\Fil\Application Data\U3\0000187115733C81\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\stopApp.bat
2010-08-27 05:32 . 2006-12-11 17:20 15 -c--a-w- c:\documents and settings\Fil\Application Data\U3\0000187115733C81\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\run_me.bat
2010-08-27 05:32 . 2006-12-11 17:20 40960 -c--a-w- c:\documents and settings\Fil\Application Data\U3\0000187115733C81\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\appstop.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 00:17 . 2008-10-20 16:49 -------- dc----w- c:\documents and settings\Fil\Application Data\Malwarebytes
2010-09-07 00:17 . 2008-10-20 16:48 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-06 22:32 . 2010-05-01 03:01 -------- dc----w- c:\program files\Microsoft Silverlight
2010-09-06 19:37 . 2005-10-07 04:28 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee
2010-09-06 16:05 . 2007-04-11 16:46 -------- dc----w- c:\documents and settings\Fil\Application Data\U3
2010-09-05 22:12 . 2010-05-22 14:59 -------- dc----w- c:\program files\trend micro
2010-09-05 03:12 . 2008-10-16 17:59 1100 -c--a-w- c:\windows\system32\d3d8caps.dat
2010-08-27 05:16 . 2010-08-07 03:12 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2010-08-08 03:10 . 2010-08-08 03:10 27630760 -c--a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-08-08 03:10 . 2007-01-20 06:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-27 03:54 . 2010-07-27 03:54 452104 -c--a-w- c:\documents and settings\Fil\Application Data\Real\Update\setup3.12\setup.exe
2010-06-30 12:31 . 2004-08-10 17:51 149504 -c--a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-10 17:51 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-10 17:51 1851904 -c--a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2005-09-17 03:21 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 17:51 80384 -c--a-w- c:\windows\system32\iccvid.dll
2010-06-15 00:23 . 2010-08-08 03:10 607472 -c--a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-14 14:31 . 2004-08-10 18:02 744448 -c--a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-10 17:51 1172480 -c--a-w- c:\windows\system32\msxml3.dll
2008-07-16 06:31 . 2005-10-06 03:18 56 -csh--r- c:\windows\system32\9927772B73.sys
2008-07-16 06:31 . 2005-10-06 03:18 1786 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"AOL Fast Start"="c:\progra~1\AOL9~1.0\AOL.EXE" [2007-01-23 50736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"HostManager"="c:\program files\Common Files\AOL\1128568506\ee\AOLSoftware.exe" [2006-09-26 50736]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-06 282624]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-01 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-10 16384]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-29 181544]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1128568506\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\AOL\\1128568506\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 5:42 PM 156968]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2010 9:34 AM 135664]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [10/5/2005 11:26 AM 20160]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/15/2007 10:50 AM 30192]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
2010-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 16:34]
2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 16:34]
2010-09-08 c:\windows\Tasks\User_Feed_Synchronization-{55D5B121-FFF7-405D-93E3-53B7620C1A30}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 19:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-09-07 19:25:28
ComboFix-quarantined-files.txt 2010-09-08 02:25
ComboFix2.txt 2010-09-06 20:25
ComboFix3.txt 2010-09-06 17:04
Pre-Run: 134,228,959,232 bytes free
Post-Run: 134,439,772,160 bytes free
- - End Of File - - 62F52C71A566EDFA76F8459AC4547EB1
CatByte's Avatar
Malware Removal Specialist with 3,373 posts.
  
Join Date: Feb 2009
08-Sep-2010, 12:05 AM #14
That looks good now,

please do the following:

Go to Start > Run > copy/paste the bolded command into the run box > OK

helpasst -cleanup

NEXT

Please advise how the computer is running now and if there are any outstanding issues.
fjvb's Avatar
Member with 37 posts.
  
Join Date: Sep 2010
08-Sep-2010, 12:12 AM #15
Ran helpasst -cleanup and it quickly disappeared. All seems to be running well. Thank you for your help!

Any advice on maintenance?
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Multiple Trojans and Keylogger. Help needed, please! dvs20 Virus & Other Malware Removal 2 08-Aug-2010 01:09 PM
possible virus or malware? need help jsticky Virus & Other Malware Removal 0 29-Nov-2009 02:16 AM
Trojan SPM/LX - help needed to remove malware braemar243 Virus & Other Malware Removal 0 10-Aug-2009 11:15 PM
Help needed with Trojan .fxa simbafluff Virus & Other Malware Removal 0 01-Apr-2009 01:36 PM


Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:19 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.