Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Pop ups, slow cpu, NEWBIE

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Pop ups, slow cpu, NEWBIE

Unread postby frankcs38 » April 10th, 2009, 8:38 am

Newbie Here, Having Pop ups and a slow running CPU


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:26 AM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FreeClip\FreeClip.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {f4c7a454-6f5a-49c6-a6b0-3f2ff5f4df57} - C:\WINDOWS\system32\sosazeri.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [PJAIALKT] %systemroot%\PJAIALKT.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [8cf14143] rundll32.exe "C:\WINDOWS\system32\mumenawo.dll",b
O4 - HKLM\..\Run: [wimawevuyo] Rundll32.exe "C:\WINDOWS\system32\rivenape.dll",s
O4 - HKLM\..\Run: [CPM8fc272df] Rundll32.exe "c:\windows\system32\hulifeki.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcStd7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [wimawevuyo] Rundll32.exe "C:\WINDOWS\system32\rivenape.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wimawevuyo] Rundll32.exe "C:\WINDOWS\system32\rivenape.dll",s (User 'NETWORK SERVICE')
O4 - Startup: FreeClip.lnk = C:\Program Files\FreeClip\FreeClip.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm265YYUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} (NAS Finder Helper) - http://192.168.1.108/nafcom.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\dewukobe.dll,C:\WINDOWS\system32\rivenape.dll c:\windows\system32\hulifeki.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hulifeki.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hulifeki.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
O23 - Service: Retrospect Helper - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\rthlpsvc.exe

--

End of file - 13952 bytes

Thanks in advance
frankcs38
Active Member
 
Posts: 13
Joined: April 10th, 2009, 8:20 am
Advertisement
Register to Remove

Re: Pop ups, slow cpu, NEWBIE

Unread postby MikeSwim07 » April 12th, 2009, 12:26 pm

Hello, and Image to the Malware Removal forums.
My name is Michael I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 5 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Thanks, Michael
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Pop ups, slow cpu, NEWBIE

Unread postby frankcs38 » April 13th, 2009, 8:55 am

Hello Michael,

Here is my uninstall list.

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 7.0.9 Standard
Adobe Flash Player ActiveX
Apple Software Update
Broadcom Advanced Control Suite
CA Internet Security Suite
CoffeeCup Free FTP
Critical Update for Windows Media Player 11 (KB959772)
FAS for Peachtree by Sage
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Img2CAD 7.0
Intel(R) Graphics Media Accelerator Driver
InventoryBuilder 2.1
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
M8 Free Multi Clipboard
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Theme Nunavut
Microsoft WinUsb 1.0
Mozilla Firefox (2.0)
Mozilla Thunderbird (2.0.0.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My Web Search (My Fun Cards)
OpenOffice.org Installer 1.0
Peachtree Complete Accounting 2007
PeachTree Signature Ready Forms
Peak InfoSystems Inventory Keeper 5.0.7
Pervasive Software PSQL v9.1 Client
Pervasive System Analyzer v9.1
Philips Device Manager
Photo Story 3 for Windows
PowerDVD 5.5
QuickTime
Retrospect 7.0
Sage Software Integration Services
SBC Yahoo! Applications
ScreenPrint32 v3.5
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Stamps.com
StompSoft Registry Repair 2005
TomTom HOME
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC_MergeModuleToMSI
Windows Defender
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol 2009
Yahoo! Browser Services


Thanks Frank
frankcs38
Active Member
 
Posts: 13
Joined: April 10th, 2009, 8:20 am

Re: Pop ups, slow cpu, NEWBIE

Unread postby MikeSwim07 » April 13th, 2009, 3:20 pm

Hello,

I notice signs of CA Internet Security in your log. Have you previously uninstalled this?

Download and Run ComboFix

Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found here.
    The ones that need to be closed/disabled are:

    Windows Defender
    McAfee


  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system. Please also answer my question regarding CA Internet Security.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Pop ups, slow cpu, NEWBIE

Unread postby frankcs38 » April 14th, 2009, 8:14 am

Michael,

Yes I attempted to uninstall CA I currently use McAffee . When I try to uninstall CA it gives me a error message "Error E9030 Unable to generate uninstallation command line for CA Anti Virus









ComboFix 09-04-13.A2 - Green 2009-04-13 14:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.246 [GMT -5:00]
Running from: c:\documents and settings\Green\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Green\Application Data\FunWebProducts
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0004B4B6
c:\program files\MyWebSearch\bar\Cache\001C3129
c:\program files\MyWebSearch\bar\Cache\001C33F8
c:\program files\MyWebSearch\bar\Cache\001C34F2.bin
c:\program files\MyWebSearch\bar\Cache\001C3698.bin
c:\program files\MyWebSearch\bar\Cache\001C387C.bin
c:\program files\MyWebSearch\bar\Cache\001C458C.bin
c:\program files\MyWebSearch\bar\Cache\00309689.bin
c:\program files\MyWebSearch\bar\Cache\00309783.bin
c:\program files\MyWebSearch\bar\Cache\0030982F.bin
c:\program files\MyWebSearch\bar\Cache\003098CB.bin
c:\program files\MyWebSearch\bar\Cache\0030A4D1.bin
c:\program files\MyWebSearch\bar\Cache\00CD1B62.bin
c:\program files\MyWebSearch\bar\Cache\00CD1CF8.bin
c:\program files\MyWebSearch\bar\Cache\00CD1E12.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\IE4 Error Log.txt
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-10 15:40 . 2009-04-10 15:40 -------- d-----w c:\documents and settings\Green\Application Data\WinPatrol
2009-04-02 12:28 . 2009-04-02 12:28 -------- d-----w c:\windows\system32\scripting
2009-04-02 12:28 . 2009-04-02 12:28 -------- d-----w c:\windows\l2schemas
2009-04-02 12:28 . 2009-04-02 12:28 -------- d-----w c:\windows\system32\en
2009-04-02 12:28 . 2009-04-02 12:28 -------- d-----w c:\windows\system32\bits
2009-04-02 12:24 . 2009-04-02 12:29 -------- d-----w c:\windows\ServicePackFiles
2009-03-27 18:28 . 2009-03-27 18:28 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-03-27 14:41 . 2009-03-27 14:41 -------- d-sh--w c:\documents and settings\Green\IECompatCache
2009-03-27 14:39 . 2009-03-27 14:39 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-03-27 14:39 . 2009-04-09 14:31 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-03-27 14:28 . 2009-04-14 11:51 9465 ----a-w c:\windows\system32\Config.MPF
2009-03-27 14:27 . 2009-03-27 14:27 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-03-27 14:20 . 2007-11-22 11:44 33832 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-27 14:20 . 2007-12-02 17:51 40488 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-27 14:20 . 2007-11-22 11:44 79304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-27 14:20 . 2007-11-22 11:44 35240 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-27 14:20 . 2007-11-22 11:44 201320 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-27 14:20 . 2007-07-13 11:20 113952 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-03-27 13:49 . 2009-03-27 14:28 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-27 13:36 . 2009-03-27 13:36 -------- d-sh--w c:\documents and settings\Green\PrivacIE
2009-03-27 13:01 . 2009-03-27 13:01 -------- d-sh--w c:\documents and settings\Green\IETldCache
2009-03-27 12:53 . 2009-03-27 12:53 -------- d-----w c:\windows\ie8updates
2009-03-27 12:49 . 2009-03-27 12:50 -------- dc-h--w c:\windows\ie8
2009-03-26 20:17 . 2008-10-16 19:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-03-26 20:17 . 2008-10-16 19:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-03-26 18:39 . 2008-10-16 19:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-03-26 12:13 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-03-15 16:44 . 2005-10-11 14:08 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2009-03-15 16:44 . 2004-08-11 22:22 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory
2009-03-15 16:44 . 2009-03-26 19:21 -------- d-----w c:\documents and settings\Guest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 18:51 . 2008-10-06 17:33 843318 ----a-w C:\caisslog.txt
2009-04-13 12:29 . 2008-06-30 14:23 -------- d-----w c:\program files\TomTom HOME 2
2009-04-13 12:17 . 2009-01-13 12:17 63488 --sha-w c:\windows\system32\sezerabo.exe
2009-04-13 12:17 . 2009-01-13 12:17 63488 --sha-w c:\windows\system32\sezerabo.exe
2009-04-10 15:39 . 2009-04-10 15:39 -------- d-----w c:\program files\BillP Studios
2009-04-10 12:17 . 2009-01-10 12:17 63488 --sha-w c:\windows\system32\wezisuve.exe
2009-04-10 12:17 . 2009-01-10 12:17 63488 --sha-w c:\windows\system32\wezisuve.exe
2009-04-10 00:17 . 2009-01-10 00:17 61952 --sha-w c:\windows\system32\zepulabe.exe
2009-04-10 00:17 . 2009-01-10 00:17 61952 --sha-w c:\windows\system32\zepulabe.exe
2009-04-02 13:45 . 2005-10-25 15:29 80992 ----a-w c:\documents and settings\Green\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 13:41 . 2009-04-02 13:42 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009040220090403\index.dat
2009-04-02 12:35 . 2004-08-11 22:14 87263 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-02 12:20 . 2004-08-11 22:00 250048 --sha-r C:\ntldr
2009-03-31 12:31 . 2009-03-31 12:31 -------- d-----w c:\program files\Windows Defender
2009-03-31 12:13 . 2009-03-27 14:17 320752 ----a-w c:\windows\system32\arclib.dll
2009-03-30 18:39 . 2008-12-04 15:23 -------- d-----w c:\documents and settings\Green\Application Data\U3
2009-03-30 13:01 . 2009-03-27 14:18 -------- d-----w c:\program files\McAfee
2009-03-27 18:28 . 2009-03-27 18:28 245760 --sha-w c:\windows\system32\config\systemprofile\IETldCache\index.dat
2009-03-27 16:26 . 2006-07-06 14:44 -------- d-----w c:\documents and settings\All Users\Application Data\Retrospect
2009-03-27 15:00 . 2008-10-06 17:36 -------- d-----w c:\program files\CA
2009-03-27 14:56 . 2006-12-14 15:28 -------- d-----w c:\documents and settings\All Users\Application Data\CA
2009-03-27 14:20 . 2009-03-27 14:19 -------- d-----w c:\program files\Common Files\McAfee
2009-03-27 14:19 . 2009-03-27 14:19 -------- d-----w c:\program files\McAfee.com
2009-03-27 14:17 . 2009-03-27 14:17 32240 ----a-w c:\windows\system32\drivers\vetmonnt.sys
2009-03-27 14:17 . 2009-03-27 14:17 26352 ----a-w c:\windows\system32\drivers\vet-filt.sys
2009-03-27 14:17 . 2009-03-27 14:17 21488 ----a-w c:\windows\system32\drivers\vetfddnt.sys
2009-03-27 14:17 . 2009-03-27 14:17 21104 ----a-w c:\windows\system32\drivers\vet-rec.sys
2009-03-27 14:17 . 2009-03-27 14:17 99568 ----a-w c:\windows\system32\isafeif.dll
2009-03-27 14:17 . 2009-03-27 14:17 83256 ----a-w c:\windows\system32\vetredir.dll
2009-03-27 14:17 . 2009-03-27 14:17 218424 ----a-w c:\windows\system32\isafserv.dll
2009-03-27 14:17 . 2009-03-27 14:17 144696 ----a-w c:\windows\system32\isafe.exe
2009-03-27 14:17 . 2009-03-27 14:17 107760 ----a-w c:\windows\system32\isafinst.exe
2009-03-27 14:00 . 2006-09-01 17:17 -------- d-----w c:\program files\Yahoo!
2009-03-27 12:08 . 2009-03-27 12:08 -------- d-----w c:\program files\Photo Story 3 for Windows
2009-03-26 20:15 . 2008-12-17 13:52 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-26 19:52 . 2009-02-16 18:51 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-26 19:35 . 2009-03-26 19:35 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-15 17:01 . 2009-03-15 16:46 -------- d-----w c:\documents and settings\Guest\Application Data\CallingID
2009-03-15 16:46 . 2009-03-15 16:46 -------- d-----w c:\documents and settings\Guest\Application Data\Yahoo!
2009-03-13 14:46 . 2009-03-13 14:46 -------- d-----w c:\program files\Trend Micro
2009-03-13 14:22 . 2009-03-13 14:22 -------- d-----w c:\program files\Enigma Software Group
2009-03-11 03:18 . 2006-04-10 18:00 934792 ----a-w c:\windows\system32\dllcache\WgaTray.exe
2009-03-11 03:18 . 2006-04-10 18:00 239496 ------w c:\windows\system32\dllcache\wgaLogon.dll
2009-03-08 19:09 . 2009-03-08 19:09 638816 ------w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 19:09 . 2009-03-08 19:09 391536 ------w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 09:41 . 2006-05-19 15:08 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 09:34 . 2006-05-10 05:23 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 09:34 . 2004-08-11 22:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2006-05-10 05:23 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 09:34 . 2009-03-08 09:34 236544 ------w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 09:34 . 2009-03-08 09:34 43008 ------w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 09:34 . 2004-08-11 22:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:34 . 2009-03-08 09:34 105984 ------w c:\windows\system32\dllcache\url.dll
2009-03-08 09:34 . 2009-03-08 09:34 109568 ------w c:\windows\system32\dllcache\occache.dll
2009-03-08 09:34 . 2006-05-10 05:23 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 09:33 . 2006-09-18 14:15 759296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 09:33 . 2009-03-08 09:33 18944 ------w c:\windows\system32\dllcache\corpol.dll
2009-03-08 09:33 . 2004-08-11 22:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2006-05-10 05:22 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 09:33 . 2006-05-18 05:24 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 09:33 . 2009-03-08 09:33 229376 ------w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 09:33 . 2007-12-18 14:40 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 09:33 . 2004-08-11 22:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:33 . 2009-03-08 09:33 125952 ------w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 09:32 . 2009-03-08 09:32 72704 ------w c:\windows\system32\dllcache\admparse.dll
2009-03-08 09:32 . 2004-08-11 22:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2009-03-08 09:32 173056 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 09:32 . 2009-03-08 09:32 163840 ------w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 09:32 . 2009-03-08 09:32 71680 ------w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 09:32 . 2009-03-08 09:32 55808 ------w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 09:32 . 2004-08-11 22:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:32 . 2009-03-08 09:32 128512 ------w c:\windows\system32\dllcache\advpack.dll
2009-03-08 09:32 . 2006-05-10 05:22 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 09:32 . 2006-05-10 05:23 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 09:31 . 2006-05-10 05:22 183808 ----a-w c:\windows\system32\dllcache\iepeers.dll
2009-03-08 09:31 . 2006-05-10 05:22 348160 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
2009-03-08 09:31 . 2009-03-08 09:31 34816 ------w c:\windows\system32\dllcache\imgutil.dll
2009-03-08 09:31 . 2006-05-10 05:22 216064 ----a-w c:\windows\system32\dllcache\dxtrans.dll
2009-03-08 09:31 . 2004-08-11 22:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2006-05-10 05:23 46592 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2009-03-08 09:31 . 2006-05-10 05:23 66560 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2009-03-08 09:31 . 2009-03-08 09:31 48128 ------w c:\windows\system32\dllcache\mshtmler.dll
2009-03-08 09:31 . 2004-08-11 22:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2009-03-08 09:31 45568 ------w c:\windows\system32\dllcache\mshta.exe
2009-03-08 09:31 . 2004-08-11 22:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:24 . 2009-03-08 09:24 68608 ------w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 09:22 . 2009-03-08 09:22 156160 ------w c:\windows\system32\dllcache\msls31.dll
2009-03-08 09:22 . 2004-08-11 22:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-02 17:15 . 2008-08-15 12:37 -------- d-----w c:\program files\Mozilla Thunderbird
2009-02-09 11:13 . 2008-10-15 15:33 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-11 22:00 1846784 ----a-w c:\windows\system32\win32k.sys
2008-01-23 22:49 . 2008-01-23 22:49 128 ----a-w c:\documents and settings\Green\Local Settings\Application Data\fusioncache.dat
2006-10-11 08:2008-04-18 18:57 04:58 . c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:2008-04-18 18:57 04:59 . c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:2008-04-18 18:57 05:03 . c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:2008-04-18 18:57 05:03 . c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:2008-04-18 18:57 04:58 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-09 286720]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 663552]
"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 446464]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-07 337216]

c:\documents and settings\Green\Start Menu\Programs\Startup\
FreeClip.lnk - c:\program files\FreeClip\FreeClip.exe [2007-11-27 695808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2006-06-29 25214]
Free WebSite Tools.lnk - c:\program files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2006-06-07 372224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\pvsw\\bin\\w3dbsmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-13 14336]
S2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [2006-05-10 8192]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 MvUsbA;Micro-Vu USB Driver;c:\windows\system32\DRIVERS\MvUsbA.sys [2005-09-12 26880]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{056c916a-c2d1-11dd-8ff4-0014222ed610}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f507f455-c139-11dd-8ff2-0014222ed610}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RssReader - c:\program files\RssReader\RssReader.exe
HKLM-Run-PJAIALKT - c:\windows\PJAIALKT.exe
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKLM-Run-wimawevuyo - c:\windows\system32\rivenape.dll
MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... com/web&q={searchTerms}&l=zu&o=sb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm265YYUS
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 06:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\msi.dll

- - - - - - - > 'explorer.exe'(2408)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\pvsw\bin\w3dbsmgr.exe
c:\program files\Dantz\Retrospect 7.0\retrorun.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-04-14 6:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-14 11:54

Pre-Run: 49,752,035,328 bytes free
Post-Run: 50,675,650,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

383 --- E O F --- 2009-04-13 20:00




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:09 AM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FreeClip\FreeClip.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FreeClip.lnk = C:\Program Files\FreeClip\FreeClip.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm265YYUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
O23 - Service: Retrospect Helper - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\rthlpsvc.exe

--
End of file - 10953 bytes
frankcs38
Active Member
 
Posts: 13
Joined: April 10th, 2009, 8:20 am

Re: Pop ups, slow cpu, NEWBIE

Unread postby MikeSwim07 » April 16th, 2009, 5:54 pm

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm265YYUS

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

HostsXpert

    Please download HostXpert.

  • Unzip HostsXpert.zip
  • Double click on HostsXpert.exe to launch the programme.
  • Check to see if top button on left hand side says Make Writable ?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Then click on "Restore ms Hosts file" to restore your Hosts file to its default condidtion..
  • Click on Make Read Only to secure it against further infection.
  • Close program when complete.

Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
File::
c:\windows\system32\sezerabo.exe
c:\windows\system32\wezisuve.exe
c:\windows\system32\zepulabe.exe
c:\documents and settings\Green\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
c:\windows\system32\arclib.dll
c:\windows\system32\drivers\vetmonnt.sys
c:\windows\system32\drivers\vet-filt.sys
c:\windows\system32\drivers\vetfddnt.sys
c:\windows\system32\drivers\vet-rec.sys
c:\windows\system32\isafeif.dll
c:\windows\system32\vetredir.dll
c:\windows\system32\isafserv.dll
c:\windows\system32\isafe.exe
c:\windows\system32\isafinst.exe
Folder::
c:\program files\CA
c:\documents and settings\All Users\Application Data\CA
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6D,73,76,31,5F,30,00,00


Driver::
CaCCProvSP


Save it to your desktop as CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post the ComboFix log and a new Hijackthis log on your next reply.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Pop ups, slow cpu, NEWBIE

Unread postby frankcs38 » April 17th, 2009, 9:52 am

Michael,

I removed O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm265YYUS

Ran HostsXpert button did not say "Make Writeable"

When I drag CFscript to ComboFix it opens but does nothing else but sit there with a blinkinking cursor
frankcs38
Active Member
 
Posts: 13
Joined: April 10th, 2009, 8:20 am

Re: Pop ups, slow cpu, NEWBIE

Unread postby frankcs38 » April 17th, 2009, 10:54 am

Michael,

Got it to work Mcafee may have been running turned it off and restarted

Here is Combofix report.......

ComboFix 09-04-17.05 - Green 04/17/2009 9:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.159 [GMT -5:00]
Running from: c:\documents and settings\Green\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Green\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\documents and settings\Green\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
c:\windows\system32\arclib.dll
c:\windows\system32\drivers\vet-filt.sys
c:\windows\system32\drivers\vet-rec.sys
c:\windows\system32\drivers\vetfddnt.sys
c:\windows\system32\drivers\vetmonnt.sys
c:\windows\system32\isafe.exe
c:\windows\system32\isafeif.dll
c:\windows\system32\isafinst.exe
c:\windows\system32\isafserv.dll
c:\windows\system32\sezerabo.exe
c:\windows\system32\vetredir.dll
c:\windows\system32\wezisuve.exe
c:\windows\system32\zepulabe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\CA
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\OnDemandScannerLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\RealTimeScannerLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\arc2B9.tmp
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6372.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6373.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6374.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6375.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6376.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6377.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6378.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6379.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6380.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6381.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6382.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6383.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6384.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6385.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6386.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6387.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6388.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6389.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6390.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6391.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6392.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6393.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6394.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6395.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6396.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6397.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6398.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6399.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6400.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6401.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6402.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6403.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6404.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6405.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6406.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6407.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6408.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6409.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6410.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6411.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6412.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6413.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6414.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6415.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6416.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6417.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6418.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6419.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6420.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6421.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6422.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6423.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6424.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6425.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\av.signatures.patch-6426.zip
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdat\vet.dat
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avdatcauLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\aveng\vete.dll
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\aveng\veteboot.sys
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\aveng\vetefile.sys
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avengcauLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avinstcauLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\avproduct\setupLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vet2B8.tmp
c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\ccTrayLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\ccupdateLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\ccupdatevLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\ccproduct\setupLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\CCube\tmp\ccupdate\setupLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\feedLog.txt
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\FIREWALL_FAQ
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\FIREWALL_PRODUCT_ALERT
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPAM_FAQ
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPAM_PRODUCT_ALERT
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPYWARE_HELP_1
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPYWARE_HELP_2
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPYWARE_NEWLY_DISC
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPYWARE_PRODUCT_ALERT
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\SPYWARE_TOP_5
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\VIRUS_HELP_1
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\VIRUS_HELP_2
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\VIRUS_NEWLY_DISC
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\VIRUS_PRODUCT_ALERT
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\FeedStore\VIRUS_TOP_5
c:\documents and settings\All Users\Application Data\CA\Consumer\ISS\tmp\issproduct\setupLog.txt
c:\documents and settings\Green\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
c:\program files\CA
c:\program files\CA\CA Internet Security Suite\caavissplugin.dll
c:\program files\CA\CA Internet Security Suite\caissaspam.dll
c:\program files\CA\CA Internet Security Suite\caissaspy.dll
c:\program files\CA\CA Internet Security Suite\caissav.dll
c:\program files\CA\CA Internet Security Suite\caissdm.dll
c:\program files\CA\CA Internet Security Suite\caissfw.dll
c:\program files\CA\CA Internet Security Suite\caissimages.dll
c:\program files\CA\CA Internet Security Suite\caisspc.dll
c:\program files\CA\CA Internet Security Suite\caissproduct.dll
c:\program files\CA\CA Internet Security Suite\caissresource.dll
c:\program files\CA\CA Internet Security Suite\caisssafelinks.dll
c:\program files\CA\CA Internet Security Suite\caisstutorial.exe
c:\program files\CA\CA Internet Security Suite\calic.dll
c:\program files\CA\CA Internet Security Suite\casecuritycenter.exe
c:\program files\CA\CA Internet Security Suite\catutor.exe
c:\program files\CA\CA Internet Security Suite\caunst.exe
c:\program files\CA\CA Internet Security Suite\ccdynamiccontent.dll
c:\program files\CA\CA Internet Security Suite\ccguifrm.dll
c:\program files\CA\CA Internet Security Suite\ccguifrmres.dll
c:\program files\CA\CA Internet Security Suite\ccissimg.dll
c:\program files\CA\CA Internet Security Suite\ccissprd.dll
c:\program files\CA\CA Internet Security Suite\ccissres.dll
c:\program files\CA\CA Internet Security Suite\ccpriv.dll
c:\program files\CA\CA Internet Security Suite\ccprovep.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe
c:\program files\CA\CA Internet Security Suite\cctray\cctrayavplugin.dll
c:\program files\CA\CA Internet Security Suite\cctray\cctrayissplugin.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\cauconfig.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\CAUConnect.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\CAUConnect.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\caumessage.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\caupackage.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\CAUpdate.dat
c:\program files\CA\CA Internet Security Suite\ccupdate\caupdate.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe
c:\program files\CA\CA Internet Security Suite\ccupdate\ccupgrade.exe
c:\program files\CA\CA Internet Security Suite\ccupdate\ccUpgradeRes.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\install\CaAvInstallCCI.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\msvcp71.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\msvcr71.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvArcLibCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvArcLibCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvDatCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvDatCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvEngCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvEngCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvISafeCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvISafeCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvProductCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvProductCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvResourceCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvResourceCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvRtDrvCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaAvRtDrvCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCProductCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCProductCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCResourceCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCResourceCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCUpdateCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCUpdateCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCUSdkCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaCCUSdkCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaIssProductCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaIssProductCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaIssResourceCAU.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\plugins\CaIssResourceCAU.dll.sig
c:\program files\CA\CA Internet Security Suite\ccupdate\xerces-c_2_6.dll
c:\program files\CA\CA Internet Security Suite\ccupdate\xsec_1_1_0.dll
c:\program files\CA\CA Internet Security Suite\ccupdif.dll
c:\program files\CA\CA Internet Security Suite\eiss.dll
c:\program files\CA\CA Internet Security Suite\ezavlic.dll
c:\program files\CA\CA Internet Security Suite\help\195677.html
c:\program files\CA\CA Internet Security Suite\help\199049.html
c:\program files\CA\CA Internet Security Suite\help\199050.html
c:\program files\CA\CA Internet Security Suite\help\3558.html
c:\program files\CA\CA Internet Security Suite\help\362395.png
c:\program files\CA\CA Internet Security Suite\help\362410.png
c:\program files\CA\CA Internet Security Suite\help\362439.html
c:\program files\CA\CA Internet Security Suite\help\3911.png
c:\program files\CA\CA Internet Security Suite\help\4081.html
c:\program files\CA\CA Internet Security Suite\help\4104.html
c:\program files\CA\CA Internet Security Suite\help\4106.html
c:\program files\CA\CA Internet Security Suite\help\4114.png
c:\program files\CA\CA Internet Security Suite\help\573.png
c:\program files\CA\CA Internet Security Suite\help\574.png
c:\program files\CA\CA Internet Security Suite\help\636.gif
c:\program files\CA\CA Internet Security Suite\help\access_antispam_toolbar.html
c:\program files\CA\CA Internet Security Suite\help\automatic_update_options.html
c:\program files\CA\CA Internet Security Suite\help\back_up_your_data.html
c:\program files\CA\CA Internet Security Suite\help\block.gif
c:\program files\CA\CA Internet Security Suite\help\caiss_secure_now_spam.html
c:\program files\CA\CA Internet Security Suite\help\castyles.css
c:\program files\CA\CA Internet Security Suite\help\cbook.gif
c:\program files\CA\CA Internet Security Suite\help\change_administrator_credentials.html
c:\program files\CA\CA Internet Security Suite\help\collapse_all.png
c:\program files\CA\CA Internet Security Suite\help\configure_proxy_settings_automatically.html
c:\program files\CA\CA Internet Security Suite\help\contact_online_consumer_technical_support.html
c:\program files\CA\CA Internet Security Suite\help\contact_technical_support.html
c:\program files\CA\CA Internet Security Suite\help\dhtml_search.htm
c:\program files\CA\CA Internet Security Suite\help\dhtml_search.js
c:\program files\CA\CA Internet Security Suite\help\dhtml_toc.css
c:\program files\CA\CA Internet Security Suite\help\dhtml_toc.js
c:\program files\CA\CA Internet Security Suite\help\diamond.gif
c:\program files\CA\CA Internet Security Suite\help\dna_secure_now.html
c:\program files\CA\CA Internet Security Suite\help\do_not_update_automatically.html
c:\program files\CA\CA Internet Security Suite\help\docsstylesheet.css
c:\program files\CA\CA Internet Security Suite\help\EnableorDisableCAAnti-Spam.html
c:\program files\CA\CA Internet Security Suite\help\EnableorDisableWebsiteInspector.html
c:\program files\CA\CA Internet Security Suite\help\enter_proxy_server_information_manually.html
c:\program files\CA\CA Internet Security Suite\help\expand_all.png
c:\program files\CA\CA Internet Security Suite\help\f_secure_now.html
c:\program files\CA\CA Internet Security Suite\help\help.png
c:\program files\CA\CA Internet Security Suite\help\help_menu.html
c:\program files\CA\CA Internet Security Suite\help\help_open.png
c:\program files\CA\CA Internet Security Suite\help\horz1.gif
c:\program files\CA\CA Internet Security Suite\help\horz2.gif
c:\program files\CA\CA Internet Security Suite\help\hyphen.gif
c:\program files\CA\CA Internet Security Suite\help\index.htm
c:\program files\CA\CA Internet Security Suite\help\indexpage.htm
c:\program files\CA\CA Internet Security Suite\help\install_component_products.html
c:\program files\CA\CA Internet Security Suite\help\install_updates_automatically.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_ca_antispam.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_ca_antispyware.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_ca_antivirus.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_ca_parental_controls.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_ca_personal_firewall.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_ca_security_center.html
c:\program files\CA\CA Internet Security Suite\help\introduction_to_DNA.html
c:\program files\CA\CA Internet Security Suite\help\IntroductiontoCAWebsiteInspector.html
c:\program files\CA\CA Internet Security Suite\help\legal_notice.html
c:\program files\CA\CA Internet Security Suite\help\log_in_as_a_different_user.html
c:\program files\CA\CA Internet Security Suite\help\minus.gif
c:\program files\CA\CA Internet Security Suite\help\obook.gif
c:\program files\CA\CA Internet Security Suite\help\open_Advanced_Settings_for_anti_virus.html
c:\program files\CA\CA Internet Security Suite\help\open_advanced_settings_for_antispyware.html
c:\program files\CA\CA Internet Security Suite\help\open_advanced_settings_for_personal_firewall.html
c:\program files\CA\CA Internet Security Suite\help\open_advanced_settings_pc.html
c:\program files\CA\CA Internet Security Suite\help\open_parent.js
c:\program files\CA\CA Internet Security Suite\help\plus.gif
c:\program files\CA\CA Internet Security Suite\help\portal_tab_selected_center.png
c:\program files\CA\CA Internet Security Suite\help\portal_tab_selected_left.png
c:\program files\CA\CA Internet Security Suite\help\portal_tab_selected_right.png
c:\program files\CA\CA Internet Security Suite\help\portal_tab_unselected_center.png
c:\program files\CA\CA Internet Security Suite\help\portal_tab_unselected_left.png
c:\program files\CA\CA Internet Security Suite\help\portal_tab_unselected_right.png
c:\program files\CA\CA Internet Security Suite\help\proxy_settings_configuration2.html
c:\program files\CA\CA Internet Security Suite\help\renew_product_licenses.html
c:\program files\CA\CA Internet Security Suite\help\require_proxy_authentication.html
c:\program files\CA\CA Internet Security Suite\help\reset_administrator_password.html
c:\program files\CA\CA Internet Security Suite\help\restore_files_settings.html
c:\program files\CA\CA Internet Security Suite\help\s_secure_now.html
c:\program files\CA\CA Internet Security Suite\help\scan_my_computer_for_spyware.html
c:\program files\CA\CA Internet Security Suite\help\scan_my_computer_for_viruses.html
c:\program files\CA\CA Internet Security Suite\help\schedule_automatic_updates.html
c:\program files\CA\CA Internet Security Suite\help\secure_now.html
c:\program files\CA\CA Internet Security Suite\help\secure_now_pc.html
c:\program files\CA\CA Internet Security Suite\help\SecureNowwi.html
c:\program files\CA\CA Internet Security Suite\help\snooze_antivirus_protection.html
c:\program files\CA\CA Internet Security Suite\help\space.gif
c:\program files\CA\CA Internet Security Suite\help\space1x1.png
c:\program files\CA\CA Internet Security Suite\help\specify_not_to_connect_through_a_proxy_server.html
c:\program files\CA\CA Internet Security Suite\help\stop_internet_access.html
c:\program files\CA\CA Internet Security Suite\help\stylesheet.css
c:\program files\CA\CA Internet Security Suite\help\system_tray_icon_tasks.html
c:\program files\CA\CA Internet Security Suite\help\tab_index.htm
c:\program files\CA\CA Internet Security Suite\help\tab_search.htm
c:\program files\CA\CA Internet Security Suite\help\tab_toc.htm
c:\program files\CA\CA Internet Security Suite\help\toc.htm
c:\program files\CA\CA Internet Security Suite\help\topic.gif
c:\program files\CA\CA Internet Security Suite\help\update_menu2.html
c:\program files\CA\CA Internet Security Suite\help\UpdateYourCASecuritySoftwareManually.html
c:\program files\CA\CA Internet Security Suite\help\view_statistics.html
c:\program files\CA\CA Internet Security Suite\help\view_the_tutorial.html
c:\program files\CA\CA Internet Security Suite\help\view_the_tutorial_help.html
c:\program files\CA\CA Internet Security Suite\license.dll
c:\program files\CA\CA Internet Security Suite\license.txt
c:\program files\CA\CA Internet Security Suite\licreg.exe
c:\program files\CA\CA Internet Security Suite\tutorial\1_1_Intro.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_2_SC.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_3_AV.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_4_PP.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_5_FW.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_6_ASp.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_7_PC.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_8_WI.txt
c:\program files\CA\CA Internet Security Suite\tutorial\1_9_DNA.txt
c:\program files\CA\CA Internet Security Suite\tutorial\ASp01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\ASp02.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\ASp03.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\AV01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\AV02.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\DNA01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\FW01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\FW02.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\FW03.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\FW04.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\FW05.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\FW06.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\noImage.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\PC01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\PC02.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\PP01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\PP02.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\SC01.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\SC02.jpg
c:\program files\CA\CA Internet Security Suite\tutorial\WI01.jpg
c:\windows\system32\arclib.dll
c:\windows\system32\drivers\vet-filt.sys
c:\windows\system32\drivers\vet-rec.sys
c:\windows\system32\drivers\vetfddnt.sys
c:\windows\system32\drivers\vetmonnt.sys
c:\windows\system32\isafe.exe
c:\windows\system32\isafeif.dll
c:\windows\system32\isafinst.exe
c:\windows\system32\isafserv.dll
c:\windows\system32\sezerabo.exe
c:\windows\system32\vetredir.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CACCPROVSP
-------\Service_CaCCProvSP


((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-17 14:37 . 2009-04-17 14:37 -------- d-----w C:\32788R22FWJFW
2009-04-15 12:00 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 12:00 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 12:00 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 12:00 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 12:00 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 12:00 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 12:00 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 12:00 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 12:00 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 12:00 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 11:56 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 11:56 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 11:56 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 15:40 . 2009-04-17 12:31 -------- d-----w c:\documents and settings\Green\Application Data\WinPatrol
2009-04-02 12:28 . 2009-04-02 12:28 -------- d-----w c:\windows\system32\scripting
2009-04-02 12:28 . 2009-04-02 12:28 -------- d-----w c:\windows\l2schemas
2009-04-02 12:28 . 2009-04-02 12:28 -------- d-----w c:\windows\system32\en
2009-04-02 12:28 . 2009-04-02 12:28 -------- d-----w c:\windows\system32\bits
2009-04-02 12:24 . 2009-04-02 12:29 -------- d-----w c:\windows\ServicePackFiles
2009-03-27 18:28 . 2009-03-27 18:28 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-03-27 14:41 . 2009-03-27 14:41 -------- d-sh--w c:\documents and settings\Green\IECompatCache
2009-03-27 14:39 . 2009-03-27 14:39 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-03-27 14:39 . 2009-04-09 14:31 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-03-27 14:28 . 2009-04-17 14:43 10027 ----a-w c:\windows\system32\Config.MPF
2009-03-27 14:27 . 2009-03-27 14:27 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-03-27 14:20 . 2007-11-22 11:44 33832 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-27 14:20 . 2007-12-02 17:51 40488 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-27 14:20 . 2007-11-22 11:44 79304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-27 14:20 . 2007-11-22 11:44 35240 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-27 14:20 . 2007-11-22 11:44 201320 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-27 14:20 . 2007-07-13 11:20 113952 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-03-27 13:49 . 2009-03-27 14:28 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-27 13:36 . 2009-03-27 13:36 -------- d-sh--w c:\documents and settings\Green\PrivacIE
2009-03-27 13:01 . 2009-03-27 13:01 -------- d-sh--w c:\documents and settings\Green\IETldCache
2009-03-27 12:53 . 2009-03-27 12:53 -------- d-----w c:\windows\ie8updates
2009-03-27 12:49 . 2009-03-27 12:50 -------- dc-h--w c:\windows\ie8
2009-03-26 20:17 . 2008-10-16 19:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-03-26 20:17 . 2008-10-16 19:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-03-26 18:39 . 2008-10-16 19:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-03-26 12:13 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 14:37 . 2009-04-17 14:37 1095 ----a-w C:\Bug.txt
2009-04-17 13:12 . 2009-03-27 14:18 -------- d-----w c:\program files\McAfee
2009-04-16 14:19 . 2009-04-16 14:19 25870 ----a-w C:\HijackPatrol.log
2009-04-15 20:36 . 2008-12-17 13:52 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-14 12:08 . 2008-10-06 17:33 871952 ----a-w C:\caisslog.txt
2009-04-13 12:29 . 2008-06-30 14:23 -------- d-----w c:\program files\TomTom HOME 2
2009-04-10 15:39 . 2009-04-10 15:39 -------- d-----w c:\program files\BillP Studios
2009-04-02 12:35 . 2004-08-11 22:14 87263 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-02 12:20 . 2004-08-11 22:00 250048 --sha-r C:\ntldr
2009-03-31 12:31 . 2009-03-31 12:31 -------- d-----w c:\program files\Windows Defender
2009-03-30 18:39 . 2008-12-04 15:23 -------- d-----w c:\documents and settings\Green\Application Data\U3
2009-03-27 16:26 . 2006-07-06 14:44 -------- d-----w c:\documents and settings\All Users\Application Data\Retrospect
2009-03-27 14:20 . 2009-03-27 14:19 -------- d-----w c:\program files\Common Files\McAfee
2009-03-27 14:19 . 2009-03-27 14:19 -------- d-----w c:\program files\McAfee.com
2009-03-27 14:00 . 2006-09-01 17:17 -------- d-----w c:\program files\Yahoo!
2009-03-27 12:08 . 2009-03-27 12:08 -------- d-----w c:\program files\Photo Story 3 for Windows
2009-03-26 19:52 . 2009-02-16 18:51 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-26 19:35 . 2009-03-26 19:35 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-15 17:01 . 2009-03-15 16:46 -------- d-----w c:\documents and settings\Guest\Application Data\CallingID
2009-03-15 16:46 . 2009-03-15 16:46 -------- d-----w c:\documents and settings\Guest\Application Data\Yahoo!
2009-03-13 14:46 . 2009-03-13 14:46 -------- d-----w c:\program files\Trend Micro
2009-03-13 14:22 . 2009-03-13 14:22 -------- d-----w c:\program files\Enigma Software Group
2009-03-11 03:18 . 2006-04-10 18:00 934792 ----a-w c:\windows\system32\dllcache\WgaTray.exe
2009-03-11 03:18 . 2006-04-10 18:00 239496 ------w c:\windows\system32\dllcache\wgaLogon.dll
2009-03-08 19:09 . 2009-03-08 19:09 638816 ------w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 19:09 . 2009-03-08 19:09 391536 ------w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 09:41 . 2006-05-19 15:08 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 09:34 . 2006-05-10 05:23 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 09:34 . 2004-08-11 22:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2006-05-10 05:23 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 09:34 . 2009-03-08 09:34 236544 ------w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 09:34 . 2009-03-08 09:34 43008 ------w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 09:34 . 2004-08-11 22:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:34 . 2009-03-08 09:34 105984 ------w c:\windows\system32\dllcache\url.dll
2009-03-08 09:34 . 2009-03-08 09:34 109568 ------w c:\windows\system32\dllcache\occache.dll
2009-03-08 09:34 . 2006-05-10 05:23 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 09:33 . 2006-09-18 14:15 759296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 09:33 . 2009-03-08 09:33 18944 ------w c:\windows\system32\dllcache\corpol.dll
2009-03-08 09:33 . 2004-08-11 22:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2006-05-10 05:22 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 09:33 . 2006-05-18 05:24 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 09:33 . 2009-03-08 09:33 229376 ------w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 09:33 . 2007-12-18 14:40 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 09:33 . 2004-08-11 22:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:33 . 2009-03-08 09:33 125952 ------w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 09:32 . 2009-03-08 09:32 72704 ------w c:\windows\system32\dllcache\admparse.dll
2009-03-08 09:32 . 2004-08-11 22:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2009-03-08 09:32 173056 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 09:32 . 2009-03-08 09:32 163840 ------w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 09:32 . 2009-03-08 09:32 71680 ------w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 09:32 . 2009-03-08 09:32 55808 ------w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 09:32 . 2004-08-11 22:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:32 . 2009-03-08 09:32 128512 ------w c:\windows\system32\dllcache\advpack.dll
2009-03-08 09:32 . 2006-05-10 05:22 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 09:32 . 2006-05-10 05:23 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 09:31 . 2006-05-10 05:22 183808 ----a-w c:\windows\system32\dllcache\iepeers.dll
2009-03-08 09:31 . 2006-05-10 05:22 348160 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
2009-03-08 09:31 . 2009-03-08 09:31 34816 ------w c:\windows\system32\dllcache\imgutil.dll
2009-03-08 09:31 . 2006-05-10 05:22 216064 ----a-w c:\windows\system32\dllcache\dxtrans.dll
2009-03-08 09:31 . 2004-08-11 22:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2006-05-10 05:23 46592 ----a-w c:\windows\system32\dllcache\pngfilt.dll
2009-03-08 09:31 . 2006-05-10 05:23 66560 ----a-w c:\windows\system32\dllcache\mshtmled.dll
2009-03-08 09:31 . 2009-03-08 09:31 48128 ------w c:\windows\system32\dllcache\mshtmler.dll
2009-03-08 09:31 . 2004-08-11 22:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2009-03-08 09:31 45568 ------w c:\windows\system32\dllcache\mshta.exe
2009-03-08 09:31 . 2004-08-11 22:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:24 . 2009-03-08 09:24 68608 ------w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 09:22 . 2009-03-08 09:22 156160 ------w c:\windows\system32\dllcache\msls31.dll
2009-03-08 09:22 . 2004-08-11 22:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-11 22:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-02 17:15 . 2008-08-15 12:37 -------- d-----w c:\program files\Mozilla Thunderbird
2009-02-09 12:10 . 2004-08-11 22:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-11 22:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-11 22:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-11 22:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-15 15:33 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-11 22:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 00:02 . 2008-10-15 15:33 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-11 22:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-15 15:33 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 15:33 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2004-08-11 22:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-11 22:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-10-15 15:33 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2004-08-04 03:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-11 22:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-01-23 22:49 . 2008-01-23 22:49 128 ----a-w c:\documents and settings\Green\Local Settings\Application Data\fusioncache.dat
2006-10-11 08:2008-04-18 18:57 04:58 . c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:2008-04-18 18:57 04:59 . c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:2008-04-18 18:57 05:03 . c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:2008-04-18 18:57 05:03 . c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:2008-04-18 18:57 04:58 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-14_ 6.53.25.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-11 22:00 . 2009-04-02 13:47 55046 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2009-04-16 11:55 55046 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:11 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-11 22:11 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-11 22:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
- 2004-08-11 22:11 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2007-10-16 18:35 . 2009-04-17 14:19 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-04-14 11:55 . 2009-04-17 12:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-10-25 15:14 . 2009-04-17 12:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-10-25 15:14 . 2009-04-13 19:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-10-25 15:14 . 2009-04-13 19:34 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-10-25 15:14 . 2009-04-17 12:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-17 14:02 . 2009-04-15 20:36 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
- 2004-08-11 22:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-08-11 22:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
+ 2004-08-11 22:11 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-11 22:11 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-11 22:11 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-11 22:00 . 2009-04-16 11:55 386148 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2009-04-02 13:47 386148 c:\windows\system32\perfh009.dat
- 2004-08-11 22:11 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2004-08-11 22:11 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2004-08-11 22:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2004-08-11 22:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2008-12-17 14:02 . 2009-03-26 20:12 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-17 14:02 . 2009-03-26 20:12 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
- 2004-08-11 22:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2004-08-11 22:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
- 2008-12-17 14:02 . 2009-03-26 20:12 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-17 14:02 . 2009-04-15 20:36 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-15 15:33 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 15:33 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 15:33 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 15:33 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 15:33 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 15:33 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-15 15:33 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-02-02 23:07 . 2009-02-02 23:07 1914440 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2009-04-15 20:37 . 2009-04-06 12:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-09 286720]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 663552]
"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-07 337216]

c:\documents and settings\Green\Start Menu\Programs\Startup\
FreeClip.lnk - c:\program files\FreeClip\FreeClip.exe [2007-11-27 695808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2006-6-29 25214]
Free WebSite Tools.lnk - c:\program files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2006-6-7 372224]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\pvsw\\bin\\w3dbsmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 14336]
S2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [2006-05-10 8192]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S3 MvUsbA;Micro-Vu USB Driver;c:\windows\system32\DRIVERS\MvUsbA.sys [2005-09-12 26880]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{056c916a-c2d1-11dd-8ff4-0014222ed610}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f507f455-c139-11dd-8ff2-0014222ed610}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redi ... com/web&q={searchTerms}&l=zu&o=sb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 09:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3684)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\pvsw\bin\w3dbsmgr.exe
c:\program files\Dantz\Retrospect 7.0\retrorun.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-04-17 9:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-17 14:48
ComboFix2.txt 2009-04-14 11:54

Pre-Run: 50,195,398,656 bytes free
Post-Run: 50,212,319,232 bytes free

678 --- E O F --- 2009-04-15 20:38
frankcs38
Active Member
 
Posts: 13
Joined: April 10th, 2009, 8:20 am

Re: Pop ups, slow cpu, NEWBIE

Unread postby frankcs38 » April 17th, 2009, 10:55 am

Here is Hijack this Report.......




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:13 AM, on 4/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FreeClip\FreeClip.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FreeClip.lnk = C:\Program Files\FreeClip\FreeClip.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
O23 - Service: Retrospect Helper - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\rthlpsvc.exe

--
End of file - 10673 bytes
frankcs38
Active Member
 
Posts: 13
Joined: April 10th, 2009, 8:20 am

Re: Pop ups, slow cpu, NEWBIE

Unread postby MikeSwim07 » April 18th, 2009, 9:32 am

You should download and install the newest version of the free Adobe Reader for reading pdf files, due to vulnerabilities in earlier versions of Reader and Acrobat.
All versions numbered lower than 9.1 are vulnerable.
  • Go here and click on AdbeRdr910_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

If you prefer a simple reader, without plug-ins, that is smaller and faster, take a look at the free Foxit Reader here : http://www.foxitsoftware.com/downloads/
I would recommend the older Foxit version 2.3 only, without the toolbar. Foxit version 3.0 has the undesirable ASK toolbar.

You can keep your full version of Adobe Acrobat 7, but you should use it for editing and creation of pdf's only, NOT for opening pdf's on the net.
You can still call Adobe Acrobat 7 from Start, All Programs

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware

  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked Except for the objects located in C:\System Volume Information, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
  • If you ever want to buy Malwarebyte's Anti-Malware Pro, which has real-time protection, please buy it from this link. This site will get some payment, which will help with the server costs.

Please post the Malwarebyte's Anti-Malware log and a new Hijackthis log. How is everything running now?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Pop ups, slow cpu, NEWBIE

Unread postby frankcs38 » April 20th, 2009, 9:14 am

Michael,
CPU is working better Pop ups are definitly gone and seems a little faster







Malwarebytes' Anti-Malware 1.36
Database version: 2013
Windows 5.1.2600 Service Pack 3

4/20/2009 8:12:29 AM
mbam-log-2009-04-20 (08-12-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 150657
Time elapsed: 42 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 100
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sezerabo.exe.vir (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160792.DLL (Adware.MyWeb.FunWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160809.DLL (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160793.EXE (Adware.MyWeb.FunWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160798.DLL (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160799.DLL (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160800.EXE (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160801.DLL (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160803.DLL (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160804.DLL (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160805.DLL (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160806.EXE (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160807.EXE (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160808.EXE (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160810.EXE (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160811.DLL (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160812.DLL (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160813.DLL (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP945\A0160821.DLL (Adware.MyWeb) -> Not selected for removal.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP950\A0162116.exe (Trojan.Vundo.V) -> Not selected for removal.
frankcs38
Active Member
 
Posts: 13
Joined: April 10th, 2009, 8:20 am

Re: Pop ups, slow cpu, NEWBIE

Unread postby frankcs38 » April 20th, 2009, 9:23 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:07 AM, on 4/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FreeClip\FreeClip.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FreeClip.lnk = C:\Program Files\FreeClip\FreeClip.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
O23 - Service: Retrospect Helper - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\rthlpsvc.exe

--
End of file - 10944 bytes
frankcs38
Active Member
 
Posts: 13
Joined: April 10th, 2009, 8:20 am

Re: Pop ups, slow cpu, NEWBIE

Unread postby MikeSwim07 » April 20th, 2009, 9:03 pm

Hello,

Did you install Adobe Reader 9.1?

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Update Java and Remove Old Versions

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.


Then download and install Java SE Runtime Environment (JRE) 6 Update 13 following the instructions below:
  • Go to Java SE Runtime Environment (JRE) 6 Update 13 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u13-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Please post a new Hijackthis log, a new Uninstall List, the Kaspersky log and please also answer my question regarding Adobe Reader 9.1
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: Pop ups, slow cpu, NEWBIE

Unread postby frankcs38 » April 21st, 2009, 2:24 pm

Michael,

Yes I installed Adobe reader 9.1


...............................................................................................................................

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:34 PM, on 4/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FreeClip\FreeClip.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FreeClip.lnk = C:\Program Files\FreeClip\FreeClip.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsup ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
O23 - Service: Retrospect Helper - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\rthlpsvc.exe

--
End of file - 9372 bytes



...............................................................................................................................
frankcs38
Active Member
 
Posts: 13
Joined: April 10th, 2009, 8:20 am

Re: Pop ups, slow cpu, NEWBIE

Unread postby frankcs38 » April 21st, 2009, 2:24 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 7.0.9 Standard
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Apple Software Update
Broadcom Advanced Control Suite
CA Internet Security Suite
CoffeeCup Free FTP
Critical Update for Windows Media Player 11 (KB959772)
FAS for Peachtree by Sage
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Img2CAD 7.0
Intel(R) Graphics Media Accelerator Driver
InventoryBuilder 2.1
IrfanView (remove only)
Java(TM) 6 Update 13
Java(TM) 6 Update 7
M8 Free Multi Clipboard
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Theme Nunavut
Microsoft WinUsb 1.0
Mozilla Firefox (2.0)
Mozilla Thunderbird (2.0.0.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
OpenOffice.org Installer 1.0
Peachtree Complete Accounting 2007
PeachTree Signature Ready Forms
Peak InfoSystems Inventory Keeper 5.0.7
Pervasive Software PSQL v9.1 Client
Pervasive System Analyzer v9.1
Philips Device Manager
Photo Story 3 for Windows
PowerDVD 5.5
QuickTime
Retrospect 7.0
Sage Software Integration Services
SBC Yahoo! Applications
ScreenPrint32 v3.5
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Stamps.com
StompSoft Registry Repair 2005
TomTom HOME
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC_MergeModuleToMSI
Windows Defender
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol 2009
Yahoo! Browser Services
frankcs38
Active Member
 
Posts: 13
Joined: April 10th, 2009, 8:20 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 612 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware