Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help!

Unread postby theatergurl86 » March 25th, 2009, 7:21 pm

my computer is running at 100% even when nothing is open.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:01 PM, on 3/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [VundoFixTool] C:\Program Files\VundoFixTool\VundoFixTool.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [vepalireji] Rundll32.exe "C:\WINDOWS\system32\doriyubi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vepalireji] Rundll32.exe "C:\WINDOWS\system32\doriyubi.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\zudotumo.dll C:\WINDOWS\system32\tazodavi.dll hqcrhq.dll c:\windows\system32\tinuhagu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10012 bytes
theatergurl86
Active Member
 
Posts: 3
Joined: March 25th, 2009, 7:16 pm
Advertisement
Register to Remove

Re: Help!

Unread postby Wi[k]! » March 26th, 2009, 7:31 pm

Hello and welcome to the forums.

I am Wi[k]! and I will be helping you today. As I am an undergrad my posts must be checked by a teacher so there can be a delay. HijackThis logs can take time to analyze so be patient.

In the meantime create a uninstall list.

  • Start HijackThis.
  • Click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list...
  • Save the list to your desktop, or any other convenient place.

Post that in your next reply.
Last edited by Wi[k]! on April 3rd, 2009, 8:17 am, edited 2 times in total.
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: Help!

Unread postby theatergurl86 » March 26th, 2009, 10:43 pm

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AOL Toolbar 5.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Bonus Content - Bathroom Items March 2006
Bonus Content - Dining Room Items December 2005
Bonus Content - Landscape Beds
Bonus Content - Media Items
Bonus Content - Outdoor Items
Broadcom 440x 10/100 Integrated Controller
C-Major Audio
Conexant D110 MDC V.92 Modem
Google SketchUp 6
Google SketchUp 6
Google SketchUp 7
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 11
LimeWire 4.18.8
McAfee SecurityCenter
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
mSSO
MSXML 6.0 Parser
mWlsSafe
mWMI
mZConfig
Nanny Mania 2
QuickSet
QuickTime
SUPERAntiSpyware Free Edition
Vuze
Vuze Toolbar
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
WinZip 12.0
Yahoo! Toolbar
theatergurl86
Active Member
 
Posts: 3
Joined: March 25th, 2009, 7:16 pm

Re: Help!

Unread postby Wi[k]! » March 29th, 2009, 8:10 am

Hello,

I must draw your attention to the malwareremoval policy regarding P2P programs. In accordance to that policy you must uninstall all P2P programs if you'd like to receive my help.

Click on start > run > type in: appwiz.cpl and press enter.

Uninstall: LimeWire 4.18.8, Vuze, and Vuze Toolbar from that list.
--------------------------------------------------

Is there a particular reason you don't have any window's updates installed?

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.
--------------------------------------------------

Download ATF Cleaner to your Desktop.
    Double-click on ATF-Cleaner.exe to start the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    Note: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    Note: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
--------------------------------------------------

Download Malwarebytes' Anti-Malware.
  • Double-click on mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware, then click finish.
  • If an update is found, downloading will commence to install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Copy and paste the contents of that file in your next reply.

Note: The log can also be found in the Logs tab of Malwarebytes.
--------------------------------------------------

Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, turn it off please.
  • Double click DDS.scr to run it and wait for the scan to finish
  • When finished DDS.txt will open
  • A small while later, a prompt will open. Answer Yes
  • DDS will continue scanning
  • When done, Attach.txt will open
  • Post DDS.txt and attach Attach.txt

In your next reply:

A new HJT log and uninstall list
MGADiag report
MBAM report
DDS report
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: Help!

Unread postby theatergurl86 » March 29th, 2009, 3:12 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:04 PM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [vepalireji] Rundll32.exe "C:\WINDOWS\system32\doriyubi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vepalireji] Rundll32.exe "C:\WINDOWS\system32\doriyubi.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\zudotumo.dll C:\WINDOWS\system32\tazodavi.dll hqcrhq.dll c:\windows\system32\tinuhagu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
Malwarebytes' Anti-Malware 1.35
Database version: 1916
Windows 5.1.2600 Service Pack 2

3/29/2009 2:52:50 PM
mbam-log-2009-03-29 (14-52-50).txt

Scan type: Quick Scan
Objects scanned: 67961
Time elapsed: 20 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\VundoFixTool (Fake.VundoFixTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vundofixtool (Fake.VundoFixTool) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Rachael Bowen\Application Data\VundoFixTool (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachael Bowen\Application Data\VundoFixTool\Log (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachael Bowen\Application Data\VundoFixTool\Settings (Fake.VundoFixTool) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Rachael Bowen\Application Data\VundoFixTool\Log\2009 Mar 24 - 09_40_49 PM_468.log (Fake.VundoFixTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\VundoFixTool Scheduled Scan.job (Fake.VundoFixTool) -> Quarantined and deleted successfully.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Rachael Bowen at 15:03:49.64 on Sun 03/29/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.563 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Rachael Bowen\Local Settings\Temporary Internet Files\Content.IE5\WAGXS1IJ\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.aol.com/?src=customie7
mStart Page = hxxp://www.aol.com/?src=customie7
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\zudotumo.dll c:\windows\system32\tazodavi.dll hqcrhq.dll c:\windows\system32\tinuhagu.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\zudotumo.dll c:\windows\system32\tazodavi.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-9 213640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-28 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-28 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-28 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-28 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-28 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-28 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-28 40552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-28 34216]

=============== Created Last 30 ================

2009-03-29 14:30 <DIR> --d----- c:\docume~1\rachae~1\applic~1\Malwarebytes
2009-03-29 14:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-29 14:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-29 14:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-29 14:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 19:13 <DIR> --d----- c:\program files\Trend Micro
2009-03-24 21:44 <DIR> --d----- c:\windows\system32\appmgmt
2009-03-24 20:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-24 20:38 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-24 20:38 <DIR> --d----- c:\docume~1\rachae~1\applic~1\SUPERAntiSpyware.com
2009-03-24 20:34 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-20 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Gogii
2009-03-20 17:19 <DIR> --d----- c:\windows\Nanny Mania 2
2009-03-20 17:19 <DIR> --d----- c:\program files\Nanny Mania 2
2009-03-17 20:22 <DIR> --d----- c:\docume~1\rachae~1\applic~1\LimeWire
2009-03-17 20:20 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-17 20:20 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-12 18:16 <DIR> --d----- c:\documents and settings\rachael bowen\Saved Games
2009-03-12 18:07 <DIR> --d----- c:\windows\Dream Day Wedding - Married in Manhattan
2009-03-07 14:49 <DIR> --d----- c:\program files\MSXML 6.0
2009-03-07 14:47 <DIR> --dsh--- c:\windows\ftpcache
2009-03-04 22:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FarmFrenzy-PizzaParty
2009-03-04 22:44 <DIR> --d----- c:\windows\Farm Frenzy Pizza Party
2009-03-01 15:59 <DIR> --d----- c:\program files\Yahoo!
2009-03-01 14:58 <DIR> --d----- c:\program files\ART Inc
2009-03-01 13:16 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-01 13:16 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-01 13:15 <DIR> --d----- c:\program files\iPod
2009-03-01 13:14 <DIR> --d----- c:\program files\iTunes
2009-03-01 13:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-01 13:14 <DIR> --d----- c:\program files\Bonjour
2009-03-01 12:53 <DIR> --d----- c:\docume~1\rachae~1\applic~1\Home Designer Suite 8.0
2009-03-01 12:52 102,400 a------- c:\windows\system32\tsccvid.dll
2009-03-01 12:18 <DIR> --d----- c:\program files\Chief Architect Inc
2009-02-28 13:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-02-28 13:12 <DIR> --d----- c:\docume~1\rachae~1\applic~1\Azureus
2009-02-28 13:12 <DIR> --d----- c:\program files\AskSearch
2009-02-28 13:11 <DIR> --d----- c:\program files\common files\i4j_jres
2009-02-28 12:21 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-02-28 12:16 <DIR> --d-h--- c:\windows\$hf_mig$
2009-02-28 11:55 10,968 a------- c:\windows\system32\Config.MPF
2009-02-28 11:46 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-02-28 11:45 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-02-28 11:45 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-02-28 11:45 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-02-28 11:45 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-02-28 11:42 <DIR> --d----- c:\program files\common files\McAfee
2009-02-28 11:42 <DIR> --d----- c:\program files\McAfee.com
2009-02-28 11:41 <DIR> --d----- c:\program files\McAfee
2009-02-28 11:37 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-02-28 10:58 139,264 a------- c:\windows\system32\igfxres.dll
2009-02-28 10:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix
2009-02-28 10:48 <DIR> --d----- c:\program files\Citrix
2009-02-28 10:44 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-02-28 10:25 <DIR> --d----- c:\program files\CONEXANT
2009-02-28 10:25 1,033,728 a------- c:\windows\system32\drivers\HSF_DPV.SYS
2009-02-28 10:25 705,408 a------- c:\windows\system32\drivers\HSF_CNXT.sys
2009-02-28 10:25 208,384 a------- c:\windows\system32\drivers\HSFHWICH.sys
2009-02-28 10:25 129,405 a------- c:\windows\system32\drivers\del1028.cty
2009-02-28 10:25 86,016 a------- c:\windows\system32\mdmxsdk.dll
2009-02-28 10:25 42,858 a------- c:\windows\system32\hsfci014.dll
2009-02-28 10:25 13,059 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-02-28 10:17 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-02-28 10:16 <DIR> --d----- c:\docume~1\rachae~1\applic~1\Intel
2009-02-28 10:16 21,425 a------- c:\windows\system32\drivers\AegisP.sys
2009-02-28 10:15 2,732,032 a------- c:\windows\system32\Netw2r32.dll
2009-02-28 10:15 2,209,408 a------- c:\windows\system32\drivers\w29n51.sys
2009-02-28 10:15 557,056 a------- c:\windows\system32\Netw2c32.dll
2009-02-28 10:13 307,200 a------- c:\windows\system32\BMAPI.dll
2009-02-28 10:13 172,032 a------- c:\windows\system32\NicConfigSvc.cpl
2009-02-28 10:13 61,440 a------- c:\windows\system32\KPower.dll
2009-02-28 10:13 <DIR> --d----- c:\program files\Dell
2009-02-28 10:13 16,128 a------- c:\windows\system32\drivers\APPDRV.SYS
2009-02-28 10:11 273,168 a------- c:\windows\system32\drivers\STAC97.sys
2009-02-28 10:11 192,512 a------- c:\windows\system32\stac97co.dll
2009-02-28 10:11 <DIR> --d----- c:\program files\SigmaTel
2009-02-28 10:11 102,481 -----r-- c:\windows\system32\stac97.cpl
2009-02-28 10:02 <DIR> --d----- c:\program files\Broadcom
2009-02-28 10:02 <DIR> --d----- c:\windows\Downloaded Installations
2009-02-28 10:01 <DIR> --d----- C:\TEMP
2009-02-28 10:01 <DIR> --d----- C:\MSIbe59b.tmp
2009-02-28 09:40 376 a------- c:\windows\ODBC.INI
2009-02-28 09:40 17,920 a------- c:\windows\system32\mdimon.dll
2009-02-28 09:39 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-02-28 09:39 <DIR> --d----- c:\windows\SHELLNEW
2009-02-28 03:13 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-02-28 02:59 <DIR> --d----- c:\documents and settings\Rachael Bowen
2009-02-28 02:58 <DIR> --ds---- c:\windows\system32\Microsoft
2009-02-28 02:57 8,192 a------- c:\windows\REGLOCS.OLD
2009-02-28 02:55 358,400 ac------ c:\windows\system32\dllcache\snmpincl.dll
2009-02-28 02:54 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-02-28 02:53 2,134,528 ac------ c:\windows\system32\dllcache\smtpsnap.dll
2009-02-28 02:51 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-02-28 02:51 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-02-28 02:51 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-02-28 02:51 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-02-28 02:51 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-02-28 02:51 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-02-28 02:51 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-02-28 02:51 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-02-28 02:51 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-02-28 02:51 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-02-28 02:51 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-02-28 02:51 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-02-28 02:51 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-02-28 02:50 <DIR> --d----- c:\program files\common files\MSSoap
2009-02-28 02:48 <DIR> --d----- c:\program files\Online Services
2009-02-28 02:48 <DIR> --d----- c:\program files\Messenger
2009-02-28 02:48 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-02-28 02:47 <DIR> --d----- c:\program files\Windows NT
2009-02-27 21:38 <DIR> --d----- c:\program files\common files\ODBC
2009-02-27 21:38 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-02-27 21:37 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-02-28 03:10 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-28 02:49 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-01-15 02:17 392,040 a------- c:\windows\system32\SET283.tmp
2009-01-15 02:13 5,888,512 a------- c:\windows\system32\SET298.tmp
2009-01-15 02:07 385,024 a------- c:\windows\system32\SET279.tmp
2009-01-15 02:06 1,182,720 a------- c:\windows\system32\SET2A7.tmp
2009-01-15 02:06 1,467,392 a------- c:\windows\system32\SET28E.tmp
2009-01-15 02:06 236,544 a------- c:\windows\system32\SET2A9.tmp
2009-01-15 02:06 105,984 a------- c:\windows\system32\SET2A6.tmp
2009-01-15 02:05 911,872 a------- c:\windows\system32\SET2AC.tmp
2009-01-15 02:05 193,536 a------- c:\windows\system32\SET29D.tmp
2009-01-15 02:05 109,056 a------- c:\windows\system32\SET2A0.tmp
2009-01-15 02:05 43,008 a------- c:\windows\system32\SET292.tmp
2009-01-15 02:04 18,944 a------- c:\windows\system32\SET276.tmp
2009-01-15 02:04 25,600 a------- c:\windows\system32\SET291.tmp
2009-01-15 02:03 724,992 a------- c:\windows\system32\SET290.tmp
2009-01-15 02:03 228,352 a------- c:\windows\system32\SET27F.tmp
2009-01-15 02:03 125,952 a------- c:\windows\system32\SET27E.tmp
2009-01-15 02:03 420,352 a------- c:\windows\system32\SET2A8.tmp
2009-01-15 02:03 72,704 a------- c:\windows\system32\SET272.tmp
2009-01-15 02:03 172,544 a------- c:\windows\system32\SET27B.tmp
2009-01-15 02:03 163,840 a------- c:\windows\system32\SET280.tmp
2009-01-15 02:03 71,680 a------- c:\windows\system32\SET28A.tmp
2009-01-15 02:03 94,720 a------- c:\windows\system32\SET28F.tmp
2009-01-15 02:03 55,808 a------- c:\windows\system32\SET288.tmp
2009-01-15 02:03 128,512 a------- c:\windows\system32\SET273.tmp
2009-01-15 02:02 611,840 a------- c:\windows\system32\SET29F.tmp
2009-01-15 02:01 183,808 a------- c:\windows\system32\SET287.tmp
2009-01-15 02:01 34,304 a------- c:\windows\system32\SET28D.tmp
2009-01-15 02:01 348,160 a------- c:\windows\system32\SET277.tmp
2009-01-15 02:01 46,592 a------- c:\windows\system32\SET2A1.tmp
2009-01-15 02:01 216,064 a------- c:\windows\system32\SET278.tmp
2009-01-15 02:01 66,560 a------- c:\windows\system32\SET29A.tmp
2009-01-15 02:00 48,128 a------- c:\windows\system32\SET29B.tmp
2009-01-15 02:00 1,639,936 a------- c:\windows\system32\SET299.tmp
2009-01-15 02:00 45,568 a------- c:\windows\system32\SET296.tmp
2009-01-15 02:00 66,560 a------- c:\windows\system32\SET2A4.tmp
2009-01-15 01:50 156,160 a------- c:\windows\system32\SET29C.tmp
2009-01-15 01:39 57,667 a------- c:\windows\system32\SET28C.tmp

============= FINISH: 15:04:59.31 ===============




Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AOL Toolbar 5.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Bonus Content - Bathroom Items March 2006
Bonus Content - Dining Room Items December 2005
Bonus Content - Landscape Beds
Bonus Content - Media Items
Bonus Content - Outdoor Items
Broadcom 440x 10/100 Integrated Controller
C-Major Audio
Conexant D110 MDC V.92 Modem
Google SketchUp 6
Google SketchUp 6
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 11
Malwarebytes' Anti-Malware
McAfee SecurityCenter
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
mSSO
MSXML 6.0 Parser
mWlsSafe
mWMI
mZConfig
Nanny Mania 2
QuickSet
QuickTime
SUPERAntiSpyware Free Edition
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
WinZip 12.0
Yahoo! Toolbar
theatergurl86
Active Member
 
Posts: 3
Joined: March 25th, 2009, 7:16 pm

Re: Help!

Unread postby Wi[k]! » March 29th, 2009, 6:17 pm

Hello,

You did not run this tool as per my previous instructions. Please do so now.

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: Help!

Unread postby NonSuch » April 4th, 2009, 3:44 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware