1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware maybe? At1-At25 in scheduled tasks

Discussion in 'Virus & Other Malware Removal' started by Susuu, May 23, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    I don't know exactly what the problem is a few weeks ago my pc started running EXTREMELY slow, I would have to restart 2-3 times per hour just for it to run at a faster pace although it would never last. At first I thought it was because I updated AVG and pc couldn't handle it so I added more RAM and that didn't fix the problem. I then deleted AVG and Installed CA Internet Security Suite and the problem got worse. I ran various virus scans including bitdefender, kaspersky, and the current one I have and they detected no problems. As I was poking around pc I went into my scheduled tasks and found 25 tasks that I don't recall adding numbered from At1-At25, I deleted them hoping the problem would be solved but it hasn't been.
    I ran a SUPERAntispyware scan and the hijackthis.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 05/23/2009 at 06:21 AM

    Application Version : 4.26.1002

    Core Rules Database Version : 3908
    Trace Rules Database Version: 1853

    Scan type : Complete Scan
    Total Scan Time : 03:29:25

    Memory items scanned : 496
    Memory threats detected : 0
    Registry items scanned : 6422
    Registry threats detected : 3
    File items scanned : 97469
    File threats detected : 1

    Trojan.Unclassified/PotPWS
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}
    HKU\S-1-5-21-1547161642-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99C6D1BB-7555-474C-91DA-D8FB62A9CC75}

    Trojan.Fake-Alert
    C:\Documents and Settings\WinXP\Application Data\gadcom




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:43:02 AM, on 5/23/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)
    O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

    --
    End of file - 7868 bytes

    Also at times when I restart pc it just freezes and I would have to manually shut it off then back on a few times before it starts up again.
    I hope someone can help, I appreciate it!
     
  2. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    Just wondering, would a Full system restore resolve my problem, or is that just stupid thinking?
     
  3. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    Bump
     
  4. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    Posted a updated hjt file, I contacted my anti-virus tech support and they told me to uninstall then reinstall the virus program, and then also told me to do msconfig which I did, computer still freezes up, Also I noticed as I was scanning my pc that there are some files in my pc which shouldn't be there...Like AOL which I removed and haven't used in about 5 yrs and also bearshare which I removed when my sister moved out, I tried manually removing them but I can't seem to find their locations. Here is the new Hij log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:53:50 PM, on 5/25/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)
    O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
    O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

    --
    End of file - 8972 bytes

    Thanks again for any help.
     
  5. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    bump
     
  6. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    bump
     
  7. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    bump
     
  8. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    Computer seems to be running better than previously, it's still a bit slow but definitely not as bad as before and it isn't freezing much, as long as I don't have many programs open. The only problem I'm having now is every other day or so my clock changes to pacific time, I googled it and from what I read it's either some battery on my motherboard is dying, or motherboard itself is dying, or a virus, not sure really. Also I would appreciate if someone can tell me how to remove some of the unnecessary files on pc like I mentioned before AOL and bearshare, and some others that I'm not sure if I use like Soundmax?
    Any help would be appreciated!
     
  9. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    Bump..
     
  10. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,448
    Run HJT again and put a check in the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)

    Close all applications and browser windows before you click "fix checked".


    Download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.




    [​IMG] Download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Upgrading Java:
    • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 13.
    • Click the "Download" button to the right.
    • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
    • Click on Continue.
    • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version. (Vista users, right click on the jre-6u113windows-i586-p.exe and select "Run as an Administrator.")
     
  11. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    cybertech, Thanks so much for your help! I really appreciate it, I'm in the process of following through on your instructions but I wanted to ask...when you say close all applications before fixing, does that include my anti-virus?
     
  12. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    I removed the items you listed from HJT and fixed them w/ no problems, I also removed all the old versions of java but when I went to install the new version I had problems, the installation would fail and my virus program would pop up saying virus detected Win32/Bhoyah.A, so I'm not sure what to do?


    Malwarebytes' Anti-Malware 1.37
    Database version: 2192
    Windows 5.1.2600 Service Pack 3

    5/29/2009 1:02:19 PM
    mbam-log-2009-05-29 (13-02-19).txt

    Scan type: Quick Scan
    Objects scanned: 80208
    Time elapsed: 3 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 9
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{86a44ef9-78fc-4e18-a564-b18f806f7f56} (Trojan.MultiDefender) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{e81cf86b-f683-422a-b742-3f2427ea9d6a} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\system32\55yq0wT8.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\Pi25HlGK.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
     
  13. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    Oh by the way I think this is the file that was affecting my schedule tasks

    c:\WINDOWS\system32\55yq0wT8.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.

    Just thought I'd mention it, and also...My microsoft updates won't download or install, Is it possible that my antivirus program is blocking them? When I start up my pc the shield for microsoft updates will appear and it will say downloading 0% but then it won't finish loading or install and just disappear, normally it would download, ask me to install and then reboot.
     
  14. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,448
    Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System

    [​IMG]


    Download the file & save it as it's originally named.


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    Please note once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall.


    [​IMG]

    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


      [​IMG]

    • At the next prompt, click 'Yes' to run the full ComboFix scan.
    • When the tool is finished, it will produce a report for you.
    Please post the C:\ComboFix.txt in your next reply.
     
  15. Susuu

    Susuu Thread Starter

    Joined:
    May 23, 2009
    Messages:
    18
    ComboFix 09-05-30.03 - WinXP 05/30/2009 14:43.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.1057 [GMT -7:00]
    Running from: c:\documents and settings\WinXP\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\WinXP\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
    FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\jestertb.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
    .

    2009-05-29 21:14 . 2009-05-24 14:55 1385760 ----a-w c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
    2009-05-29 21:14 . 2009-05-29 21:22 152576 ----a-w c:\documents and settings\WinXP\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-05-29 19:25 . 2009-05-29 19:25 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-05-25 09:51 . 2009-05-25 09:51 -------- d-----w c:\documents and settings\WinXP\Application Data\Malwarebytes
    2009-05-25 09:51 . 2009-05-26 20:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-25 09:51 . 2009-05-26 20:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-25 09:51 . 2009-05-29 19:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-25 09:51 . 2009-05-25 09:51 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-25 09:01 . 2009-05-25 09:28 -------- d-----w c:\program files\PCPitstop
    2009-05-25 09:01 . 2009-05-25 09:04 -------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop
    2009-05-24 14:53 . 2009-05-30 14:18 -------- d-----w c:\documents and settings\WinXP\Application Data\CallingID
    2009-05-24 14:52 . 2009-05-24 14:52 -------- d-----w c:\program files\Common Files\Scanner
    2009-05-24 14:52 . 2009-05-24 14:55 880560 ----a-w c:\windows\system32\drivers\vetefile.sys
    2009-05-24 14:52 . 2009-05-24 14:55 26352 ----a-w c:\windows\system32\drivers\vet-filt.sys
    2009-05-24 14:52 . 2009-05-24 14:55 21488 ----a-w c:\windows\system32\drivers\vetfddnt.sys
    2009-05-24 14:52 . 2009-05-24 14:55 21104 ----a-w c:\windows\system32\drivers\vet-rec.sys
    2009-05-24 14:52 . 2009-05-24 14:55 161008 ----a-w c:\windows\system32\drivers\vetmonnt.sys
    2009-05-24 14:52 . 2009-05-24 14:55 108368 ----a-w c:\windows\system32\drivers\veteboot.sys
    2009-05-24 14:52 . 2008-08-30 22:14 83256 ----a-w c:\windows\system32\vetredir.dll
    2009-05-24 14:52 . 2008-08-30 22:14 91376 ----a-w c:\windows\system32\isafprod.dll
    2009-05-24 14:52 . 2008-08-30 22:14 99568 ----a-w c:\windows\system32\isafeif.dll
    2009-05-24 14:51 . 2009-05-24 14:56 -------- d-----w c:\documents and settings\All Users\Application Data\CA
    2009-05-24 14:51 . 2009-05-24 14:52 -------- d-----w c:\program files\CA
    2009-05-23 13:33 . 2009-05-23 13:33 -------- d-----w c:\program files\Trend Micro
    2009-05-23 09:45 . 2009-05-24 02:54 117760 ----a-w c:\documents and settings\WinXP\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-05-23 09:44 . 2009-05-23 09:44 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-05-23 09:44 . 2009-05-23 09:44 -------- d-----w c:\program files\SUPERAntiSpyware
    2009-05-23 09:44 . 2009-05-23 09:44 -------- d-----w c:\documents and settings\WinXP\Application Data\SUPERAntiSpyware.com
    2009-05-23 09:43 . 2009-05-23 09:43 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-05-22 05:31 . 2009-05-22 07:09 181656 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-05-22 05:31 . 2009-05-22 05:31 -------- d-----w c:\windows\system32\XPSViewer
    2009-05-22 05:30 . 2009-05-22 05:30 -------- d-----w c:\program files\MSBuild
    2009-05-22 05:30 . 2009-05-22 05:30 -------- d-----w c:\program files\Reference Assemblies
    2009-05-22 05:29 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-05-22 05:29 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
    2009-05-22 05:29 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
    2009-05-22 05:29 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
    2009-05-22 05:29 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-05-22 05:29 . 2009-05-22 05:30 -------- d-----w C:\0d4c2aae916568211d55d629f9ed
    2009-05-22 05:29 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
    2009-05-22 05:29 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
    2009-05-22 05:08 . 2009-05-22 05:08 -------- d--h--r C:\AHCache
    2009-05-22 05:03 . 2009-05-22 07:04 -------- d-----w c:\program files\Uniblue
    2009-05-22 05:03 . 2009-05-22 07:04 -------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
    2009-05-22 02:03 . 2009-05-22 02:04 -------- d-----w c:\windows\system32\NtmsData
    2009-05-15 10:45 . 2009-05-15 10:45 544768 ----a-w c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Scripting.Client.dll
    2009-05-15 10:44 . 2009-05-15 10:45 22016 ----a-w c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Scripting.Client_rc.dll
    2009-05-15 10:44 . 2009-05-15 10:44 70920 ----a-w c:\documents and settings\All Users\Application Data\CA-SupportBridge\Customer_rc.dll
    2009-05-15 10:44 . 2009-05-15 10:44 626440 ----a-w c:\documents and settings\All Users\Application Data\CA-SupportBridge\Customer.exe
    2009-05-15 10:44 . 2009-05-15 10:44 599304 ----a-w c:\documents and settings\All Users\Application Data\CA-SupportBridge\Controller.exe
    2009-05-15 10:44 . 2009-05-15 10:44 353544 ----a-w c:\documents and settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe
    2009-05-15 10:44 . 2009-05-15 10:44 632072 ----a-w c:\documents and settings\All Users\Application Data\CA-SupportBridge\msvcr80.dll
    2009-05-15 10:44 . 2009-05-15 10:45 -------- d-----w c:\documents and settings\All Users\Application Data\CA-SupportBridge
    2009-05-12 08:07 . 2009-05-30 21:23 -------- d-----w c:\windows\CAVTemp
    2009-05-12 04:43 . 2009-05-12 04:43 -------- d-----w c:\program files\Western Digital Corporation
    2009-05-12 02:51 . 2009-05-12 02:57 -------- d-----w c:\documents and settings\WinXP\Application Data\GetRightToGo

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-30 17:36 . 2009-05-24 17:11 67350 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
    2009-05-30 17:36 . 2009-05-24 17:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
    2009-05-30 17:36 . 2009-05-24 17:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
    2009-05-30 17:36 . 2009-05-24 17:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
    2009-05-30 17:36 . 2009-05-24 17:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
    2009-05-30 17:36 . 2009-05-24 17:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
    2009-05-30 17:36 . 2009-05-24 17:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
    2009-05-30 17:36 . 2009-05-24 17:11 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
    2009-05-29 21:04 . 2006-10-17 03:21 -------- d-----w c:\program files\Java
    2009-05-24 14:35 . 2006-03-11 11:04 -------- d-----w c:\program files\Common Files\InstallShield
    2009-05-23 00:23 . 2007-05-17 12:38 -------- d-----w c:\documents and settings\WinXP\Application Data\BitTorrent
    2009-05-22 07:05 . 2006-03-11 11:06 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-05-22 05:58 . 2007-11-12 18:40 -------- d-----w c:\documents and settings\WinXP\Application Data\Uniblue
    2009-05-22 05:40 . 2006-09-10 04:37 85880 -c--a-w c:\documents and settings\WinXP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-05 04:39 . 2006-09-09 17:35 -------- d-----w c:\program files\Soulseek
    2009-04-14 03:45 . 2009-04-14 03:30 -------- d-----w c:\documents and settings\WinXP\Application Data\vlc
    2009-04-01 12:15 . 2008-08-02 07:25 -------- d-----w c:\program files\DivX
    2009-04-01 12:14 . 2009-04-01 12:14 -------- d-----w c:\program files\Common Files\DivX Shared
    2009-03-06 14:22 . 2004-08-04 04:56 284160 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 00:18 . 2004-08-04 04:56 826368 ----a-w c:\windows\system32\wininet.dll
    2008-07-07 13:09 . 2008-07-07 13:09 24064 ----a-w c:\program files\GALAXY 25 at 87.doc
    2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-05-24 181488]
    "CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-30 234736]
    "QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2009-05-24 14088]
    "cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-28 771312]
    "capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-28 173296]
    "capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-28 259312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    "{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-07-23 1377720]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
    2007-05-18 21:30 79368 ----a-w c:\windows\system32\UmxWNP.dll

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "MIDI2"= SYNCOR11.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AOL ACS"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Soulseek\\slsk.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

    R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [3/19/2008 11:56 AM 93712]
    R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [3/21/2008 4:00 PM 63504]
    R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [3/21/2008 4:00 PM 45584]
    R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [3/19/2008 11:56 AM 115216]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
    R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/4/2008 12:27 PM 134648]
    R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [3/21/2008 4:00 PM 66576]
    R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 11:24 AM 1010192]
    R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 11:24 AM 801296]
    R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [4/15/2008 12:50 PM 281104]
    R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [5/30/2008 4:56 PM 88816]
    R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [5/24/2009 7:52 AM 185584]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-24 c:\windows\Tasks\CAAntiSpywareScan_Daily as WinXP at 7 52 AM.job
    - c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2009-05-24 01:44]
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-procexp90.Sys


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    LSP: c:\windows\system32\VetRedir.dll
    FF - ProfilePath - c:\documents and settings\WinXP\Application Data\Mozilla\Firefox\Profiles\ungn9gmn.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-30 14:48
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1520)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\UmxWnp.Dll
    c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
    c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
    c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
    .
    Completion time: 2009-05-30 14:54
    ComboFix-quarantined-files.txt 2009-05-30 21:54

    Pre-Run: 167,591,989,248 bytes free
    Post-Run: 167,729,078,272 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    223 --- E O F --- 2009-05-22 07:09
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/829342