Solved Computer Hacked -Switched to McAfee:Not convinced Problem gone

gmanphotog · 2009/10/28

[Resolved] Computer Hacked -Switched to McAfee:Not convinced Problem gone

About three weeks ago I was showing a friend pictures I had posted on Webshots.com. I was showing her albums that I hadn't looked at in years. A few hours later I received an email bomb of compliments for precisely the albums which I had looked. A week later I uploaded pictures from an art exhibition opening I photographed. Hours later I received another email bomb of compliment. These comments are not listed on the Webshots.com and are filled with links to ringtone sites (I did not actually open these emails- I looked at them through email properties).

My computer has been running slowly and this only comfirmed what I suspected. I contacted Symantec, who was very unhelpful. Rather that suggesting steps to rid my computer of viruses, the only help they would volunteer cost $90. I decided to switch internet security programs to McAfee through AT&T, however McAfee's scan only turned up one item. My computer is running faster- though it's partly because I put my computer in selective startup- and have left it that way!! I still suspect my computer is compromised: I don't see the hard drive light constantly going like it did with NIS 2009, but if I leave my computer unattended the hard drive lights up like crazy.

Here are my logs:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Gregory Wiley 2 at 11:25:56.02 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2045.410 [GMT -5:00]

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\java.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\Gregory Wiley 2\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\notepad.exe
C:\Windows\system32\wscript.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Users\Gregory Wiley 2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.net/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: TwcToolbarBhoApp Class: {aa1f9ddb-e605-4ba6-81d4-e427dee012ad} - c:\windows\system32\TwcToolbarBho.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [<NO NAME>]
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 CLDTVHNService;CLDTVHNService;c:\program files\directv\directv\kernel\dmp\CLDTVHNService.exe [2009-9-17 75048]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-25 203280]
R2 ntk_dtv;ntk_dtv;c:\program files\directv\directv\kernel\dmp\ntk_dtv.sys [2009-9-17 119792]
R2 tgsrvc_chatsupport.palm.com;SupportSoft Repair Service (chatsupport.palm.com);c:\program files\chatsupport.palm.com\bin\tgsrvc.exe [2008-5-21 148768]
R3 CamdDriverV32;CamdDriverV32;c:\windows\system32\drivers\CamdDriverV32.sys [2008-6-26 23096]
R3 CamdVideo32;CamdVideo32;c:\windows\system32\drivers\CamdVideo32.sys [2008-6-26 3768]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2009-7-15 38528]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2009-7-15 54656]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2009-7-15 11520]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2009-7-15 54528]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2009-7-15 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2009-7-15 54656]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2009-7-15 54656]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-10-5 29744]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-6-26 184320]

=============== Created Last 30 ================

2009-10-28 16:05:18 0 d-----w- c:\program files\Trend Micro
2009-10-27 17:47:02 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 17:47:00 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 04:40:56 8479 ----a-w- c:\windows\system32\Config.MPF
2009-10-26 04:40:38 0 d-----w- c:\programdata\SiteAdvisor
2009-10-26 04:39:11 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-26 04:39:11 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-26 04:39:11 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-26 04:39:08 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-26 04:38:48 0 d-----w- c:\program files\common files\McAfee
2009-10-26 04:38:46 0 d-----w- c:\program files\McAfee.com
2009-10-26 04:38:44 0 d-----w- c:\program files\McAfee
2009-10-26 04:20:27 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-20 08:33:43 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 08:33:14 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 08:33:01 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-20 08:33:01 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-15 18:07:27 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 18:07:23 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 18:07:23 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 18:05:46 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 18:05:45 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 18:05:44 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-06 07:53:01 0 d-----w- c:\programdata\CyberLink
2009-10-06 07:52:27 0 d-----w- c:\program files\DirecTV
2009-10-04 09:37:38 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-04 09:37:38 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-04 09:36:58 0 d-----w- c:\program files\iPod
2009-10-04 09:36:54 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-04 09:36:54 0 d-----w- c:\program files\iTunes
2009-10-04 05:03:53 0 d-----w- c:\windows\system32\Adobe
2009-10-03 01:09:26 0 d-----w- c:\programdata\McAfee
2009-10-03 01:08:29 0 d-----w- c:\programdata\McAfee Security Scan
2009-10-03 01:08:27 0 d-----w- c:\program files\McAfee Security Scan

==================== Find3M ====================

2009-10-13 15:32:34 86016 ----a-w- c:\windows\inf\infpub.dat
2009-10-13 15:32:34 239616 ----a-w- c:\windows\inf\infstrng.dat
2009-10-13 15:32:34 143360 ----a-w- c:\windows\inf\infstor.dat
2009-09-17 23:40:54 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-09-16 15:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-12 05:25:27 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-22 08:06:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-06-24 16:28:20 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-04-14 08:09:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008041420080415\index.dat
2007-11-06 18:19:37 16384 --sha-w- c:\windows\temp\cookies\index.dat
2007-11-06 18:19:37 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2007-11-06 18:19:37 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-10-05 19:27:03 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 11:26:31.88 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/5/2007 6:34:57 AM
System Uptime: 10/28/2009 8:13:00 AM (3 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 775 | 1998/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 78.04 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.155 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
G: is FIXED (NTFS) - 112 GiB total, 76.48 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP706: 10/4/2009 4:28:47 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP708: 10/6/2009 2:50:10 AM - Installed DTCPIP Advisor
RP710: 10/6/2009 3:08:48 AM - Installed DirecTV
RP712: 10/6/2009 3:16:44 AM - Installed DirecTV
RP714: 10/8/2009 12:28:36 PM - Scheduled Checkpoint
RP715: 10/9/2009 2:48:17 AM - Scheduled Checkpoint
RP716: 10/14/2009 5:10:10 PM - Scheduled Checkpoint
RP717: 10/15/2009 1:40:08 PM - Scheduled Checkpoint
RP718: 10/15/2009 9:04:18 PM - Windows Update
RP719: 10/16/2009 1:53:35 PM - Scheduled Checkpoint
RP720: 10/17/2009 4:15:54 AM - Scheduled Checkpoint
RP721: 10/19/2009 2:57:10 AM - Scheduled Checkpoint
RP722: 10/20/2009 3:32:26 AM - Windows Update
RP723: 10/26/2009 4:37:23 AM - Scheduled Checkpoint
RP724: 10/27/2009 1:59:53 PM - Scheduled Checkpoint
RP725: 10/27/2009 2:20:41 PM - Windows Update
RP726: 10/28/2009 2:46:14 AM - Scheduled Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.5
Adobe Shockwave Player 11.5
AOL Install
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bluetooth Stack for Windows by Toshiba
Bonjour
Choice Guard
Conexant D850 PCI V.92 Modem
Corel Paint Shop Pro Photo X2
Cricket Broadband
Cricket EVDO Modem
Dell Support Center (Support Software)
Dell System Customization Wizard
Digital Line Detect
DIRECTV2PC Playback Advisor
DIRECTV2PC(TM)
DivX
EarthLink Setup Files
Flight Unlimited III
Games, Music, & Photos Launcher
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP My Display
HP Product Detection
Intel(R) PRO Network Connections 12.1.11.0
Internet Service Offers Launcher
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
KB408682
Last.fm 1.5.1.29527
Linksys Updater
McAfee Security Scan
McAfee SecurityCenter
MelodyCan 3.4.5
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Flight Simulator X Demo
Microsoft IntelliPoint 6.2
Microsoft IntelliType Pro 6.1
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
Move Media Player
Move Networks Media Player for Internet Explorer
MSN Missile Launcher V1.0
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MyPublisher
Napster
Napster Burn Engine
NetWaiting
Nokia Connectivity Cable Driver
Nokia Map Loader
Nokia Maps Updater 1.0.8
Nokia Multimedia Common Components 2.4
Nokia Music
Nokia PC Suite
Nokia Software Updater
NVIDIA Drivers
OpenOffice.org Installer 1.0
Orb
PalmAdvancedChatTools_v6_setup
PayPal Plug-In
PC Connectivity Solution
Picasa 2
Picture Package Music Transfer
Pinnacle TVCenter Pro
Pivot Software
PIXresizer 2.0.2
Product Documentation Launcher
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
SDK
SecureZIP for Windows 12.30.0016
Skype web features
Skypeâ„¢ 4.1
Sonic Activation Module
Sony Ericsson PC Suite
Sony Picture Utility
Spelling Dictionaries Support For Adobe Reader 8
The Weather Channel Desktop 6
The Weather Channel Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
URL Assistant
USb Missile Launcher
USB PC Camera(ZS0211)
User's Guides
Virtual Earth 3D (Beta)
Weather Services
Webshots Desktop
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player 5.2
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile Feb. 2008 DST Updates
Yahoo! Install Manager
Yahoo! Widgets

==== Event Viewer Messages From Past Week ========

10/28/2009 11:14:22 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Gregory-PC\Gregory Wiley 2 SID (S-1-5-21-1075233885-2534712998-2995224060-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/26/2009 4:26:09 PM, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070002.
10/23/2009 9:47:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
10/23/2009 9:46:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
10/23/2009 7:59:32 PM, Error: netbt [4307] - Initialization failed because the transport refused to open initial addresses.

==== End Of File ===========================

broni · 2009/10/28

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

gmanphotog · 2009/10/28

I just finished running SuperAntiSpyware- but it did not find anything. When I was running SuperAntiSpyware, however McAfee was disabled and I got the following warnings:

Real Time Scannning disabled
Spyware and Unwanted Program Protection disabled
IM scanning disabled
Script scanning disabled
Buffer Flow protection disabled

When I restarted my computer everything was back to normal with McAfee. I assume SuperAntiSpyware disabled McAfee to run the scan and that this is normal.

In any case here are the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/28/2009 at 06:33 PM

Application Version : 4.29.1004

Core Rules Database Version : 4162
Trace Rules Database Version: 2112

Scan type : Complete Scan
Total Scan Time : 03:52:13

Memory items scanned : 352
Memory threats detected : 0
Registry items scanned : 8555
Registry threats detected : 0
File items scanned : 446005
File threats detected : 0

I am now running Malwarebytes. I will post later.

broni · 2009/10/28

Ok...

gmanphotog · 2009/10/28

I just finished running Malwarebytes, and it did find 3 items which I had the software remove:

Malwarebytes' Anti-Malware 1.41
Database version: 3050
Windows 6.0.6002 Service Pack 2

10/28/2009 11:29:39 PM
mbam-log-2009-10-28 (23-29-39).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 631984
Time elapsed: 4 hour(s), 6 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Gregory Wiley 2\AppData\Local\Temp\CD16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

I am going to run Gmer and post the results later.

gmanphotog · 2009/10/29

I have attempted to run gmer five different times, but have been unable to. Each time the program crashes shortly after being started. The third and fifth times it crashed my entire system and I got the BSOD. I don't have a history getting the BSOD on my system, so this is unusual.

gmanphotog · 2009/10/29

Below is my Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:12 AM, on 10/28/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\Gregory Wiley 2\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\MelodyCan\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\MelodyCan\YouTubeRipper.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLDTVHNService - Unknown owner - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (chatsupport.palm.com) (tgsrvc_chatsupport.palm.com) - SupportSoft, Inc. - C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11431 bytes

broni · 2009/10/29

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

gmanphotog · 2009/10/29

I ran combifix and here is the report generated:

ComboFix 09-10-28.08 - Gregory Wiley 2 10/29/2009 17:54.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1264 [GMT -5:00]
Running from: c:\users\Gregory Wiley 2\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\emMON.exe

----- BITS: Possible infected sites -----

hxxp://www.spiralfrog.com
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-29 23:08 . 2009-10-29 23:10 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Local\temp
2009-10-29 23:08 . 2009-10-29 23:08 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2009-10-29 23:08 . 2009-10-29 23:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-29 23:08 . 2009-10-29 23:08 -------- d-----w- c:\users\Lowly Guest User\AppData\Local\temp
2009-10-29 23:08 . 2009-10-29 23:08 -------- d-----w- c:\users\Gregory\AppData\Local\temp
2009-10-29 23:08 . 2009-10-29 23:08 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-10-29 22:54 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-29 00:05 . 2009-10-29 00:05 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\Malwarebytes
2009-10-29 00:05 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 00:05 . 2009-10-29 00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 00:05 . 2009-10-29 00:05 -------- d-----w- c:\programdata\Malwarebytes
2009-10-29 00:05 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 19:19 . 2009-10-28 19:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-28 19:18 . 2009-10-28 19:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-28 19:18 . 2009-10-28 19:18 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\SUPERAntiSpyware.com
2009-10-28 19:17 . 2009-10-28 19:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-28 16:05 . 2009-10-28 16:05 -------- d-----w- c:\program files\Trend Micro
2009-10-27 17:47 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 17:47 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 04:40 . 2009-10-26 04:40 -------- d-----w- c:\programdata\SiteAdvisor
2009-10-26 04:39 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-26 04:39 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-26 04:39 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-26 04:39 . 2009-07-16 17:32 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-26 04:38 . 2009-10-26 04:39 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-26 04:38 . 2009-10-26 04:38 -------- d-----w- c:\program files\McAfee.com
2009-10-26 04:38 . 2009-10-27 20:28 -------- d-----w- c:\program files\McAfee
2009-10-26 04:20 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-20 08:33 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-20 08:33 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-20 08:33 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-20 08:33 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 08:33 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-20 08:33 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-20 08:33 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 08:33 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-20 08:33 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-17 10:35 . 2009-10-29 22:49 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Local\CrashDumps
2009-10-15 18:07 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 18:07 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 18:07 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 18:05 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 18:05 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 18:05 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-06 08:14 . 2009-10-06 08:14 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\CyberLink
2009-10-06 08:14 . 2009-10-06 08:14 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Local\PowerCinema
2009-10-06 08:13 . 2009-10-06 08:14 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Local\DIRECTV2PC(TM)
2009-10-06 07:53 . 2009-10-06 07:53 -------- d-----w- c:\programdata\CyberLink
2009-10-06 07:52 . 2009-10-06 08:11 -------- d-----w- c:\program files\DirecTV
2009-10-04 09:37 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-04 09:37 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-04 09:36 . 2009-10-04 09:36 -------- d-----w- c:\program files\iPod
2009-10-04 09:36 . 2009-10-04 09:37 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-04 09:36 . 2009-10-04 09:37 -------- d-----w- c:\program files\iTunes
2009-10-04 09:34 . 2009-10-04 09:34 -------- d-----w- c:\program files\QuickTime
2009-10-04 05:03 . 2009-10-04 05:03 -------- d-----w- c:\windows\system32\Adobe
2009-10-03 01:09 . 2009-10-26 16:31 -------- d-----w- c:\programdata\McAfee
2009-10-03 01:08 . 2009-10-03 01:08 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-03 01:08 . 2009-10-03 01:08 -------- d-----w- c:\program files\McAfee Security Scan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 22:46 . 2008-06-06 17:44 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-29 22:26 . 2008-06-17 08:10 -------- d-----w- c:\program files\SpiralFrog
2009-10-29 15:03 . 2007-10-19 13:34 -------- d-----w- c:\programdata\Google Updater
2009-10-26 04:17 . 2009-02-26 19:59 -------- d-----w- c:\programdata\Norton
2009-10-26 04:15 . 2007-10-05 11:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-26 04:15 . 2009-02-26 20:00 -------- d-----w- c:\program files\Symantec
2009-10-16 02:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 02:08 . 2007-10-05 11:59 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 03:44 . 2008-04-17 21:51 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\Move Networks
2009-10-06 18:19 . 2009-09-16 06:17 680 ----a-w- c:\users\Gregory Wiley 2\AppData\Local\d3d9caps.dat
2009-10-06 08:33 . 2008-04-17 08:55 85152 ----a-w- c:\users\Gregory Wiley 2\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-06 08:18 . 2007-10-05 11:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-04 09:57 . 2008-04-17 08:55 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\Apple Computer
2009-10-04 09:36 . 2007-11-07 21:13 -------- d-----w- c:\program files\Common Files\Apple
2009-10-04 09:01 . 2009-07-07 20:09 -------- d-----w- c:\program files\Safari
2009-09-22 08:46 . 2008-06-29 02:40 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\Skype
2009-09-22 07:47 . 2008-06-29 02:43 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\skypePM
2009-09-17 23:40 . 2009-09-17 23:40 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-09-16 15:22 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-12 05:25 . 2008-05-19 05:07 88 --sh--r- c:\windows\system32\B0FB1C29E8.sys
2009-09-12 05:25 . 2008-05-19 04:58 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-09 08:47 . 2007-10-05 11:43 -------- d-----w- c:\program files\Java
2009-09-09 08:18 . 2008-08-13 20:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 20:00 . 2008-06-22 04:59 -------- d-----w- c:\programdata\Spiralfrog
2009-09-02 19:39 . 2009-03-31 20:17 -------- d-----r- c:\program files\Skype
2009-09-02 19:38 . 2009-09-02 19:38 -------- d-----w- c:\program files\Common Files\Skype
2009-09-02 19:38 . 2008-06-29 02:39 -------- d-----w- c:\programdata\Skype
2009-08-29 00:42 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:27 . 2009-09-02 18:47 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 18:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-15 18:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 18:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 18:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 18:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 06:28 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 06:28 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 06:28 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 06:28 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 06:28 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 06:28 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 06:28 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 06:28 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 06:28 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 06:28 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 06:28 105984 ----a-w- c:\windows\system32\netiohlp.dll
2007-10-05 19:27 . 2007-10-05 19:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-19 68856]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI "= "c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Gregory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-2-27 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SecureZIP Attachments Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SecureZIP Attachments Status.lnk
backup=c:\windows\pss\SecureZIP Attachments Status.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Gregory Wiley 2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\users\Gregory Wiley 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Gregory Wiley 2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\users\Gregory Wiley 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):c6,4c,58,71,a4,0a,ca,01

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 6:17 AM 77824]
R2 CLDTVHNService;CLDTVHNService;c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [9/17/2009 6:40 PM 75048]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/25/2009 11:40 PM 203280]
R2 ntk_dtv;ntk_dtv;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys [9/17/2009 6:40 PM 119792]
R2 tgsrvc_chatsupport.palm.com;SupportSoft Repair Service (chatsupport.palm.com);c:\program files\chatsupport.palm.com\bin\tgsrvc.exe [5/21/2008 4:24 AM 148768]
R3 CamdDriverV32;CamdDriverV32;c:\windows\System32\drivers\CamdDriverV32.sys [6/26/2008 3:39 PM 23096]
R3 CamdVideo32;CamdVideo32;c:\windows\System32\drivers\CamdVideo32.sys [6/26/2008 3:39 PM 3768]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\System32\drivers\ATMFBUS.sys [7/15/2009 1:59 AM 38528]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\System32\drivers\ATMFCVsp.sys [7/15/2009 1:59 AM 54656]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\System32\drivers\ATMFFLT.sys [7/15/2009 1:59 AM 11520]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\System32\drivers\ATMFMdm.sys [7/15/2009 1:59 AM 54528]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\System32\drivers\ATMFNET.sys [7/15/2009 1:59 AM 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\System32\drivers\ATMFNVsp.sys [7/15/2009 1:59 AM 54656]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\System32\drivers\ATMFVsp.sys [7/15/2009 1:59 AM 54656]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/5/2007 6:59 AM 29744]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S3 SoundMovieServer;SoundMovieServer;c:\windows\System32\snmvtsvc.exe [6/26/2008 3:39 PM 184320]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-10-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-19 19:40]

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1075233885-2534712998-2995224060-1002Core.job
- c:\users\Gregory Wiley 2\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 06:29]

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1075233885-2534712998-2995224060-1002UA.job
- c:\users\Gregory Wiley 2\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 06:29]

2009-10-27 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-26 17:22]

2009-10-27 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-26 17:22]

2009-10-29 c:\windows\Tasks\User_Feed_Synchronization-{6F6B061B-BABE-49CD-819D-6466B7E47383}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.net/
uInternet Settings,ProxyOverride = *.local
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 18:10
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&12345678&01&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&12345678&01&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&UID512\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&UID512\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\HWP26A9\5&2a33b634&0&UID272\Device Parameters\MODES]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\HWP26A9\5&2a33b634&0&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\HWP26A9\5&2a33b634&0&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\SNY0B71\5&2a33b634&0&UID257\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\SNY0B71\5&2a33b634&0&UID257\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2009-10-29 18:11
ComboFix-quarantined-files.txt 2009-10-29 23:11

Pre-Run: 87,789,113,344 bytes free
Post-Run: 125,105,291,264 bytes free

- - End Of File - - 148D3F22E9E115679ACF7BF253F997BE

broni · 2009/10/29

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\B0FB1C29E8.sys


Folder::

Driver::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]


RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

gmanphotog · 2009/10/29

Here are the update combifix and HijackThis logs:

ComboFix 09-10-28.08 - Gregory Wiley 2 10/29/2009 21:44.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1040 [GMT -5:00]
Running from: c:\users\Gregory Wiley 2\Desktop\ComboFix.exe
Command switches used :: c:\users\Gregory Wiley 2\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\B0FB1C29E8.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\B0FB1C29E8.sys

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-30 02:52 . 2009-10-30 02:52 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Local\temp
2009-10-30 02:52 . 2009-10-30 02:52 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2009-10-30 02:52 . 2009-10-30 02:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-30 02:52 . 2009-10-30 02:52 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-10-30 02:52 . 2009-10-30 02:52 -------- d-----w- c:\users\Lowly Guest User\AppData\Local\temp
2009-10-30 02:52 . 2009-10-30 02:52 -------- d-----w- c:\users\Gregory\AppData\Local\temp
2009-10-30 02:52 . 2009-10-30 02:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-30 02:52 . 2009-10-30 02:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-10-30 02:43 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-29 00:05 . 2009-10-29 00:05 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\Malwarebytes
2009-10-29 00:05 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 00:05 . 2009-10-29 00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 00:05 . 2009-10-29 00:05 -------- d-----w- c:\programdata\Malwarebytes
2009-10-29 00:05 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 19:19 . 2009-10-28 19:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-28 19:18 . 2009-10-28 19:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-28 19:18 . 2009-10-28 19:18 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\SUPERAntiSpyware.com
2009-10-28 19:17 . 2009-10-28 19:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-28 16:05 . 2009-10-28 16:05 -------- d-----w- c:\program files\Trend Micro
2009-10-27 17:47 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 17:47 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 04:40 . 2009-10-26 04:40 -------- d-----w- c:\programdata\SiteAdvisor
2009-10-26 04:39 . 2009-09-16 15:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-26 04:39 . 2009-09-16 15:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-26 04:39 . 2009-09-16 15:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-26 04:39 . 2009-07-16 17:32 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-26 04:38 . 2009-10-26 04:39 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-26 04:38 . 2009-10-26 04:38 -------- d-----w- c:\program files\McAfee.com
2009-10-26 04:38 . 2009-10-27 20:28 -------- d-----w- c:\program files\McAfee
2009-10-26 04:20 . 2009-09-16 15:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-20 08:33 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-20 08:33 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-20 08:33 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-20 08:33 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-20 08:33 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-20 08:33 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-20 08:33 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-20 08:33 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-20 08:33 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-17 10:35 . 2009-10-29 22:49 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Local\CrashDumps
2009-10-15 18:07 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 18:07 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 18:07 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 18:05 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 18:05 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 18:05 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-06 08:14 . 2009-10-06 08:14 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\CyberLink
2009-10-06 08:14 . 2009-10-06 08:14 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Local\PowerCinema
2009-10-06 08:13 . 2009-10-06 08:14 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Local\DIRECTV2PC(TM)
2009-10-06 07:53 . 2009-10-06 07:53 -------- d-----w- c:\programdata\CyberLink
2009-10-06 07:52 . 2009-10-06 08:11 -------- d-----w- c:\program files\DirecTV
2009-10-04 09:37 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-04 09:37 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-04 09:36 . 2009-10-04 09:36 -------- d-----w- c:\program files\iPod
2009-10-04 09:36 . 2009-10-04 09:37 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-04 09:36 . 2009-10-04 09:37 -------- d-----w- c:\program files\iTunes
2009-10-04 09:34 . 2009-10-04 09:34 -------- d-----w- c:\program files\QuickTime
2009-10-04 05:03 . 2009-10-04 05:03 -------- d-----w- c:\windows\system32\Adobe
2009-10-03 01:09 . 2009-10-26 16:31 -------- d-----w- c:\programdata\McAfee
2009-10-03 01:08 . 2009-10-03 01:08 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-03 01:08 . 2009-10-03 01:08 -------- d-----w- c:\program files\McAfee Security Scan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 22:46 . 2008-06-06 17:44 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-29 22:26 . 2008-06-17 08:10 -------- d-----w- c:\program files\SpiralFrog
2009-10-29 15:03 . 2007-10-19 13:34 -------- d-----w- c:\programdata\Google Updater
2009-10-26 04:17 . 2009-02-26 19:59 -------- d-----w- c:\programdata\Norton
2009-10-26 04:15 . 2007-10-05 11:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-26 04:15 . 2009-02-26 20:00 -------- d-----w- c:\program files\Symantec
2009-10-16 02:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 02:08 . 2007-10-05 11:59 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 03:44 . 2008-04-17 21:51 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\Move Networks
2009-10-06 18:19 . 2009-09-16 06:17 680 ----a-w- c:\users\Gregory Wiley 2\AppData\Local\d3d9caps.dat
2009-10-06 08:33 . 2008-04-17 08:55 85152 ----a-w- c:\users\Gregory Wiley 2\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-06 08:18 . 2007-10-05 11:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-04 09:57 . 2008-04-17 08:55 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\Apple Computer
2009-10-04 09:36 . 2007-11-07 21:13 -------- d-----w- c:\program files\Common Files\Apple
2009-10-04 09:01 . 2009-07-07 20:09 -------- d-----w- c:\program files\Safari
2009-09-22 08:46 . 2008-06-29 02:40 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\Skype
2009-09-22 07:47 . 2008-06-29 02:43 -------- d-----w- c:\users\Gregory Wiley 2\AppData\Roaming\skypePM
2009-09-17 23:40 . 2009-09-17 23:40 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-09-16 15:22 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-12 05:25 . 2008-05-19 04:58 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-09 08:47 . 2007-10-05 11:43 -------- d-----w- c:\program files\Java
2009-09-09 08:18 . 2008-08-13 20:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 20:00 . 2008-06-22 04:59 -------- d-----w- c:\programdata\Spiralfrog
2009-09-02 19:39 . 2009-03-31 20:17 -------- d-----r- c:\program files\Skype
2009-09-02 19:38 . 2009-09-02 19:38 -------- d-----w- c:\program files\Common Files\Skype
2009-09-02 19:38 . 2008-06-29 02:39 -------- d-----w- c:\programdata\Skype
2009-08-29 00:42 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:27 . 2009-09-02 18:47 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 18:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-15 18:06 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 18:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 18:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 18:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 06:28 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 06:28 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 06:28 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 06:28 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 06:28 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 06:28 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 06:28 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 06:28 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 06:28 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 06:28 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 06:28 105984 ----a-w- c:\windows\system32\netiohlp.dll
2007-10-05 19:27 . 2007-10-05 19:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-10-29_23.10.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-18 23:56 . 2009-10-29 22:55 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-18 23:56 . 2009-10-30 00:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-18 23:56 . 2009-10-30 00:30 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-18 23:56 . 2009-10-29 22:55 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-18 23:56 . 2009-10-29 22:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-10-18 23:56 . 2009-10-30 00:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-30 02:31 . 2009-10-30 02:31 6096 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3B97039DA5AE7F26917F24AA9D53DCEF43013532\B71B0F4A884055C145E58FDEEB54FA468EFA6526\Data.dat
+ 2009-10-30 02:31 . 2009-10-30 02:31 5426 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3B97039DA5AE7F26917F24AA9D53DCEF43013532\3B97039DA5AE7F26917F24AA9D53DCEF43013532\Data.dat
+ 2009-10-30 02:31 . 2009-10-30 02:31 5874 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\01B04371FB4F70CA5EDEA39DB19438068FA6FD50\834C14F55E150D7D0E615F884E59D8208B625D07\Data.dat
+ 2009-10-30 02:31 . 2009-10-30 02:31 6424 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\01B04371FB4F70CA5EDEA39DB19438068FA6FD50\01B04371FB4F70CA5EDEA39DB19438068FA6FD50\Data.dat
+ 2007-10-19 08:27 . 2009-10-30 00:22 399734 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-19 68856]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI "= "c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Gregory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-2-27 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SecureZIP Attachments Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SecureZIP Attachments Status.lnk
backup=c:\windows\pss\SecureZIP Attachments Status.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Gregory Wiley 2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\users\Gregory Wiley 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Gregory Wiley 2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\users\Gregory Wiley 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):c6,4c,58,71,a4,0a,ca,01

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 6:17 AM 77824]
R2 CLDTVHNService;CLDTVHNService;c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [9/17/2009 6:40 PM 75048]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/25/2009 11:40 PM 203280]
R2 ntk_dtv;ntk_dtv;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys [9/17/2009 6:40 PM 119792]
R2 tgsrvc_chatsupport.palm.com;SupportSoft Repair Service (chatsupport.palm.com);c:\program files\chatsupport.palm.com\bin\tgsrvc.exe [5/21/2008 4:24 AM 148768]
R3 CamdDriverV32;CamdDriverV32;c:\windows\System32\drivers\CamdDriverV32.sys [6/26/2008 3:39 PM 23096]
R3 CamdVideo32;CamdVideo32;c:\windows\System32\drivers\CamdVideo32.sys [6/26/2008 3:39 PM 3768]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\System32\drivers\ATMFBUS.sys [7/15/2009 1:59 AM 38528]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\System32\drivers\ATMFCVsp.sys [7/15/2009 1:59 AM 54656]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\System32\drivers\ATMFFLT.sys [7/15/2009 1:59 AM 11520]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\System32\drivers\ATMFMdm.sys [7/15/2009 1:59 AM 54528]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\System32\drivers\ATMFNET.sys [7/15/2009 1:59 AM 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\System32\drivers\ATMFNVsp.sys [7/15/2009 1:59 AM 54656]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\System32\drivers\ATMFVsp.sys [7/15/2009 1:59 AM 54656]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/5/2007 6:59 AM 29744]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S3 SoundMovieServer;SoundMovieServer;c:\windows\System32\snmvtsvc.exe [6/26/2008 3:39 PM 184320]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-10-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-19 19:40]

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1075233885-2534712998-2995224060-1002Core.job
- c:\users\Gregory Wiley 2\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 06:29]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1075233885-2534712998-2995224060-1002UA.job
- c:\users\Gregory Wiley 2\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-08 06:29]

2009-10-27 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-26 17:22]

2009-10-27 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-26 17:22]

2009-10-29 c:\windows\Tasks\User_Feed_Synchronization-{6F6B061B-BABE-49CD-819D-6466B7E47383}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.net/
uInternet Settings,ProxyOverride = *.local
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 21:52
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&12345678&01&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&12345678&01&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&UID512\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\Default_Monitor\5&2a33b634&0&UID512\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\HWP26A9\5&2a33b634&0&UID272\Device Parameters\MODES]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\HWP26A9\5&2a33b634&0&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\HWP26A9\5&2a33b634&0&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\SNY0B71\5&2a33b634&0&UID257\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\SNY0B71\5&2a33b634&0&UID257\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2009-10-30 21:55
ComboFix-quarantined-files.txt 2009-10-30 02:55
ComboFix2.txt 2009-10-29 23:11

Pre-Run: 126,196,916,224 bytes free
Post-Run: 126,140,088,320 bytes free

- - End Of File - - FEAA815AD5D33BF8CE4912D250D5A950

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:12 AM, on 10/28/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\Gregory Wiley 2\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\MelodyCan\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\MelodyCan\YouTubeRipper.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLDTVHNService - Unknown owner - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (chatsupport.palm.com) (tgsrvc_chatsupport.palm.com) - SupportSoft, Inc. - C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11431 bytes

broni · 2009/10/29

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
- O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
- O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
- O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

gmanphotog · 2009/10/29

I ran Hijack This Fix it on the files you told me check off, but those files don't appear to have been eliminated. Windows asked me if I wanted the registry editor to run twice, which I approved, and then nothing happened. When I reran Hijack This after restarting the files were still there.

Also I was never able to find----- O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')-----to check off in HijackThis to fix.

Finally I just wanted to state I do actually use Weather Channel Desktop. Is there any reason we are trying to eliminate it from the registry?

broni · 2009/10/29

Weather Channel entries say "(no file) ", so they appear to me as orphaned ones.

Please, post fresh HJT log.

gmanphotog · 2009/10/30

I'm sorry, I forgot to post it. My bad.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:12 AM, on 10/28/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\Gregory Wiley 2\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\MelodyCan\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\MelodyCan\YouTubeRipper.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLDTVHNService - Unknown owner - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (chatsupport.palm.com) (tgsrvc_chatsupport.palm.com) - SupportSoft, Inc. - C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11431 bytes

broni · 2009/10/30

Oh, I know what's going on. You keep posting very same HJT log (from yesterday):

Scan saved at 11:06:12 AM, on 10/28/2009
Click to expand...

gmanphotog · 2009/10/30

No it's a different log- I have them number- This is number five

gmanphotog · 2009/10/30

okay, my bad again. I was running Hijack This without right clicking "Run as Administrator" and for some reason it kept on displaying the original log file rather than updating. I ran Hijack This as administrator this time, rechecked off the items you listed, and then restarted and reran as administrator. This time these files were successfully eliminated:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:36 AM, on 10/30/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\MelodyCan\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\MelodyCan\YouTubeRipper.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLDTVHNService - Unknown owner - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (chatsupport.palm.com) (tgsrvc_chatsupport.palm.com) - SupportSoft, Inc. - C:\Program Files\chatsupport.palm.com\bin\tgsrvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10301 bytes

broni · 2009/10/30

Your computer is clean

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

[SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

8. Run defrag at your convenience.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Please, let me know, how is your computer doing.

gmanphotog · 2009/10/30

I just want to be certain- do I turn off system restore before or after running Temp File Cleaner? And Before or after system restart?

Log in or Sign up

Solved Computer Hacked -Switched to McAfee:Not convinced Problem gone

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

gmanphotog Inactive Thread Starter

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Computer Hacked -Switched to McAfee:Not convinced Problem gone

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

gmanphotog Inactive Thread Starter

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

gmanphotog Inactive Thread Starter

broni Moderator Malware Analyst

gmanphotog Inactive Thread Starter

Share This Page

Useful Searches