# Koobface virus



## BarTuck (Apr 10, 2006)

Hi....I hv McAfee free w/ATT. I got a virus from a facebook entry called W32/koobface.worm.gen.f
When McAfee identified it, they just say "do nothing-rescan aft restart". Done that twice...computer still bringing up porn and is very, very slow. You were great help last time! Help!


----------



## jpshortstuff (Oct 19, 2007)

Hi,

Let's see if we can get rid of that Koobface for you.

Please download *GooredFix* from one of the locations below and *save it to your Desktop*
*Download Mirror #1*
*Download Mirror #2*

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select *Run As Administrator* (Vista).
When prompted to run the scan, click *Yes*.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Please download *Malwarebytes' Anti-Malware* to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click *Finish*.
If an update is found, it will download and install the latest version.
Once the program has loaded, select *Perform full scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
When completed, a log will open in Notepad. Please save it to a convenient location.
The log can also be found here:
C:\Documents and Settings\_Username_\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*log-date.txt*
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\*log-date.txt*
Post that log back here.

Please download *DDS* and save it to your desktop.

Disable any script blocking protection
Double click *dds.scr* to run the tool. 
When done two logs should open:
*DDS.txt*
*Attach.txt*


Save both reports to your desktop.
---------------------------------------------------
_*Post*_ the contents of the *DDS.txt* report in your next reply
*Attach* the _*Attach.txt*_ report to your post by scrolling down to the *Attachments* area and then clicking *Browse*. Browse to where you saved the file, and click *Open* and then click *UPLOAD*.


----------



## BarTuck (Apr 10, 2006)

GooredFix by jpshortstuff (12.07.09)
Log created at 10:34 on 23/09/2009 (Dell)
Firefox version [Unable to determine]
Thought I had removed Firefox but this came up..................:

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [02:27 26/11/2007]
"[email protected]"="C:\Program Files\PayPal\PayPal Plug-In" [19:06 15/12/2007]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [00:54 10/03/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [21:04 22/09/2009]

-=E.O.F=-


----------



## jpshortstuff (Oct 19, 2007)

Apologies, I gave you the wrong link for GooredFix, I meant to give you this one, which is the latest:
http://jpshortstuff.247fixes.com/beta/GooredFix.exe


----------



## BarTuck (Apr 10, 2006)

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

9/23/2009 11:04:29 AM
mbam-log-2009-09-23 (11-04-02).txt

Scan type: Quick Scan
Objects scanned: 94348
Time elapsed: 18 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\(default) (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.mfc\(default) (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.crt\(default) (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Documents and Settings\Dell\Application Data\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Dell\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Dell\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> No action taken.
C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> No action taken.

Files Infected:
C:\Documents and Settings\Dell\Application Data\RegistrySmart\Log\2007 Sep 26 - 11_06_33 AM_046.log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Dell\Application Data\RegistrySmart\Log\2007 Sep 26 - 11_06_38 AM_343.log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Dell\Application Data\RegistrySmart\Registry Backups\2007-09-26_11-14-47.reg (Rogue.RegistrySmart) -> No action taken.
C:\WINDOWS\mmsmark2.dat (KoobFace.Trace) -> No action taken.
C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart) -> No action taken.


----------



## BarTuck (Apr 10, 2006)

GooredFix by jpshortstuff (23.09.09.2)
Log created at 10:47 on 23/09/2009 (Dell)
Firefox version [Unable to determine]

========== GooredScan ==========

Removing service: "fioo32" -> Successful (reboot)
Removing service: "fio32" -> Successful (reboot)
Removing registry item: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pp" -> Success!
Deleting file: "C:\WINDOWS\bk23567.dat" -> Success!
Deleting file: "C:\WINDOWS\pp12.exe" -> Success!
Deleting file: "C:\WINDOWS\010112010146116101.xe" -> Success!
Deleting file: "C:\WINDOWS\0101120101465050.xe" -> Success!
Deleting file: "C:\WINDOWS\0101120101465354.xe" -> Success!
Deleting file: "C:\WINDOWS\fdgg34353edfgdfdf" -> Success!
Deleting file: "C:\WINDOWS\system32\fio32.dll" -> Failed [32] -> Delete on reboot
Deleting file: "C:\WINDOWS\system32\drivers\fio32.sys" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [02:27 26/11/2007]
"[email protected]"="C:\Program Files\PayPal\PayPal Plug-In" [19:06 15/12/2007]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [00:54 10/03/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [21:04 22/09/2009]

========== Reboot ==========

Deleting "C:\WINDOWS\system32\fio32.dll" -> Failed [1026]

-=E.O.F=-


----------



## jpshortstuff (Oct 19, 2007)

Hi,

Did you click *Remove Selected* when MalwareBytes' found those items?

Just the DDS log that I'm waiting for now. The newer version of GooredFix got rid of a good chunk of Koobface.


----------



## BarTuck (Apr 10, 2006)

DDS (Ver_09-07-30.01) - NTFSx86 
Run by Dell at 11:29:13.20 on Wed 09/23/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.100 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: agcore.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: agcore.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: egreetings Toolbar: {9df9b682-9c18-4a01-bac3-a265ca7cd866} - mscoree.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.1b\AOL.EXE" -b
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HostManager] c:\program files\common files\aol\1204351165\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SySmstray] c:\windows\mstre22.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm265YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v50/luxor/luxor.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-09-23 10:39 --d-----	c:\docume~1\dell\applic~1\Malwarebytes
2009-09-23 10:39	38,224	a-------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 10:39	19,160	a-------	c:\windows\system32\drivers\mbam.sys
2009-09-23 10:39 --d-----	c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-23 10:39 --d-----	c:\program files\Malwarebytes' Anti-Malware
2009-09-22 16:10	3,853	a-------	c:\windows\system32\Config.MPF
2009-09-22 16:01	79,816	a-------	c:\windows\system32\drivers\mfeavfk.sys
2009-09-22 16:01	40,552	a-------	c:\windows\system32\drivers\mfesmfk.sys
2009-09-22 16:01	35,272	a-------	c:\windows\system32\drivers\mfebopk.sys
2009-09-22 16:01	120,136	a-------	c:\windows\system32\drivers\Mpfp.sys
2009-09-22 16:01 --d-----	c:\program files\common files\McAfee
2009-09-22 16:01 --d-----	c:\program files\McAfee.com
2009-09-22 16:01 --d-----	c:\program files\McAfee
2009-09-22 15:55	34,248	a-------	c:\windows\system32\drivers\mferkdk.sys
2009-09-22 01:02	952	a-------	c:\windows\system32\drivers\kgpcpy.cfg
2009-09-22 00:52 --d-----	c:\docume~1\alluse~1\applic~1\SITEguard
2009-09-22 00:51 --d-----	c:\program files\common files\iS3
2009-09-22 00:51 --d-----	c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-09-21 19:31	1	----h---	c:\windows\mmsmark2.dat
2009-09-21 01:46 --d-----	c:\program files\iPod
2009-09-21 01:45 --d-----	c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-21 01:43 --d-----	c:\program files\Bonjour
2009-09-05 01:54	94,208	a-------	c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54	69,632	a-------	c:\windows\system32\QuickTime.qts
2009-08-28 15:22 --d-----	c:\program files\EG Toolbar
2009-08-28 15:22 --d-----	c:\program files\AGI

==================== Find3M ====================

2009-08-03 00:36	2,932	a-------	c:\windows\system32\d3d9caps.dat
2008-08-04 20:11	32,768	a--sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080805\index.dat

============= FINISH: 11:36:35.25 ===============


----------



## BarTuck (Apr 10, 2006)

Oh My! That was a lot. Hope I did 'em right! Thanks for what you're gonna do.
Oh...and in the middle of doing all this and fighting the porn popups, I got a post restart message from McAfee saying I had no viruses!! )


----------



## BarTuck (Apr 10, 2006)

Oh just saw your note...I did not remove the malware results. I may can get back to it if I should need to though.


----------



## BarTuck (Apr 10, 2006)

Do I?


----------



## jpshortstuff (Oct 19, 2007)

Hi,

Yes, please have MalwareBytes' remove everything it finds (you may need to scan again).

Looking better. After having MalwareBytes' remove everything it finds, please run DDS again and post its log so we can see what is left.

Please also tell me if this file exists on your system:
*C:\WINDOWS\system32\fio32.dll*

Thanks.


----------



## BarTuck (Apr 10, 2006)

I see that all the time when I long on or off...but a search does not find it.....and I'm kinda a dummy....


----------



## jpshortstuff (Oct 19, 2007)

Hi,

OK, let's try this. We need to run a batch file.
Copy the contents of the Code Box below to Notepad.
Name the file as *del.bat*
Change the Save as Type to *All Files*
and Save it on your *Desktop*


```
@echo off
echo Deleting files...>log.txt
for %%g in (
"C:\WINDOWS\system32\fio32.dll"
) do (
if exist %%g (
attrib -h -s %%g
del /Q %%g
if exist %%g (
echo Unable to delete %%g >>log.txt
)else echo %%g deleted successfully>>log.txt
) else echo %%g not found >>log.txt
)
start notepad log.txt
del /Q %0
```
Then *double-click* on the *del.bat* file. A log will open, please post the contents of that log in your next reply.

Do this in addition to the MalwareBytes' scan and DDS log.


----------



## BarTuck (Apr 10, 2006)

I am about to restart but here is the result...:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

9/23/2009 12:51:57 PM
mbam-log-2009-09-23 (12-51-57).txt

Scan type: Quick Scan
Objects scanned: 94216
Time elapsed: 18 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.mfc\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.crt\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Dell\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Dell\Application Data\RegistrySmart\Log\2007 Sep 26 - 11_06_33 AM_046.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Application Data\RegistrySmart\Log\2007 Sep 26 - 11_06_38 AM_343.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Application Data\RegistrySmart\Registry Backups\2007-09-26_11-14-47.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart) -> Quarantined and deleted successfully.


----------



## jpshortstuff (Oct 19, 2007)

That looks pretty good. I'll probably be gone by the time you have restarted and get those other logs, but as soon as I come back I will review the DDS log and the log from the above batch file.


----------



## BarTuck (Apr 10, 2006)

Not sure how to do what you just told me......I'm a dummy remember...I dunno how to just get to notepad besides control c


----------



## BarTuck (Apr 10, 2006)

I hv word pad...does that matter,,,,,


----------



## jpshortstuff (Oct 19, 2007)

Hi,

OK, to open notepad, click *Start* >> *Run*. Type *notepad* into the box and then hit *OK*. That should open a notepad window for you.

Alternatively, click *Start* >> *All Programs* >> *Accessories* >> *notepad*.

Either way is fine.


----------



## BarTuck (Apr 10, 2006)

Done. thnks. When I did it thru accessories I got Word Pad not notepad...but thru Run I got notepad. How does it run?


----------



## jpshortstuff (Oct 19, 2007)

Hi,

I make this a little easier. I've saved the required file and uploaded it for you. Simply *click here*, and save that file (BarTruck.bat) to your Desktop. Double-click the file to run it, and it should produce a log for you. Please post that log in your next reply.

Please also run DDS again, and post the DDS.txt log it provides.

Let me know how your computer is running at the moment.


----------



## BarTuck (Apr 10, 2006)

One last thing....I am no longer getting misc interuptions but when I signed back on the last time I did get agn the message that I may have a virus...and fix it now or later.....to which I said later as I hv every time it popped in.....and I have a picture and message sitting in my lower right corner on the desktop which says:
"YOu may be a victim of software counterfitting. This copy of windows does not pass the geuuine windows validation"..... and my back drop is totally black. I used to hv a soothing picture.

(Hv I told u lately that I luv u?!!)


----------



## BarTuck (Apr 10, 2006)

Just saw your last post here is the result it didn't let me save it b4 it ran....:
Deleting files...
"C:\WINDOWS\system32\fio32.dll" not found


----------



## BarTuck (Apr 10, 2006)

At the moment it is doing good running much faster but still not as fast as it was prior to all of this. I am very grateful. Getting ready to tk 22 people by air and land on a trip. Really nd computer at this moment!


----------



## BarTuck (Apr 10, 2006)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2005 10:24:05 AM
System Uptime: 9/23/2009 12:59:59 PM (4 hours ago)

Motherboard: Intel Corporation | | D845PT 
Processor: Intel(R) Pentium(R) 4 CPU 1.70GHz | J1E1 | 1694/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 50 GiB total, 27.896 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable
S: is FIXED (NTFS) - 25 GiB total, 24.475 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP563: 6/25/2009 10:19:10 AM - System Checkpoint
RP564: 6/26/2009 10:55:49 AM - System Checkpoint
RP565: 6/27/2009 11:17:58 AM - System Checkpoint
RP566: 6/28/2009 12:17:58 PM - System Checkpoint
RP567: 6/29/2009 1:17:58 PM - System Checkpoint
RP568: 6/30/2009 1:59:33 PM - System Checkpoint
RP569: 7/1/2009 2:18:03 PM - System Checkpoint
RP570: 7/2/2009 3:34:27 PM - System Checkpoint
RP571: 7/3/2009 3:47:00 PM - System Checkpoint
RP572: 7/6/2009 12:39:42 AM - Removed Bonjour
RP573: 7/6/2009 12:43:37 AM - Removed Google Toolbar for Firefox
RP574: 7/6/2009 12:44:56 AM - Removed Safari
RP575: 7/7/2009 5:21:10 PM - System Checkpoint
RP576: 7/10/2009 1:32:27 AM - System Checkpoint
RP577: 7/11/2009 1:49:53 AM - System Checkpoint
RP578: 7/12/2009 2:16:59 AM - System Checkpoint
RP579: 7/13/2009 2:29:26 AM - System Checkpoint
RP580: 7/14/2009 3:29:28 AM - System Checkpoint
RP581: 7/15/2009 5:09:27 AM - System Checkpoint
RP582: 7/16/2009 5:29:26 AM - System Checkpoint
RP583: 7/17/2009 6:29:27 AM - System Checkpoint
RP584: 7/18/2009 8:01:44 AM - System Checkpoint
RP585: 7/19/2009 8:28:45 AM - System Checkpoint
RP586: 7/20/2009 9:41:53 AM - System Checkpoint
RP587: 7/21/2009 11:06:42 AM - System Checkpoint
RP588: 7/22/2009 11:28:45 AM - System Checkpoint
RP589: 7/23/2009 1:50:36 PM - System Checkpoint
RP590: 7/24/2009 2:04:45 PM - System Checkpoint
RP591: 7/25/2009 4:42:07 PM - System Checkpoint
RP592: 7/26/2009 5:53:02 PM - System Checkpoint
RP593: 7/27/2009 7:03:25 PM - System Checkpoint
RP594: 7/28/2009 7:27:32 PM - System Checkpoint
RP595: 7/29/2009 8:27:31 PM - System Checkpoint
RP596: 7/30/2009 10:22:16 PM - System Checkpoint
RP597: 7/31/2009 10:27:33 PM - System Checkpoint
RP598: 8/2/2009 12:27:07 AM - System Checkpoint
RP599: 8/3/2009 2:26:08 AM - System Checkpoint
RP600: 8/4/2009 3:13:34 AM - System Checkpoint
RP601: 8/5/2009 3:26:04 AM - System Checkpoint
RP602: 8/6/2009 4:26:05 AM - System Checkpoint
RP603: 8/7/2009 5:38:04 AM - System Checkpoint
RP604: 8/8/2009 6:26:04 AM - System Checkpoint
RP605: 8/9/2009 7:25:12 AM - System Checkpoint
RP606: 8/10/2009 8:25:07 AM - System Checkpoint
RP607: 8/11/2009 9:25:07 AM - System Checkpoint
RP608: 8/12/2009 11:23:54 AM - System Checkpoint
RP609: 8/13/2009 1:45:25 PM - System Checkpoint
RP610: 8/14/2009 2:09:34 PM - System Checkpoint
RP611: 8/15/2009 8:15:15 PM - System Checkpoint
RP612: 8/16/2009 9:07:38 PM - System Checkpoint
RP613: 8/18/2009 3:31:33 AM - System Checkpoint
RP614: 8/19/2009 3:38:34 AM - System Checkpoint
RP615: 8/20/2009 4:06:53 AM - System Checkpoint
RP616: 8/21/2009 4:44:25 AM - System Checkpoint
RP617: 8/22/2009 5:44:25 AM - System Checkpoint
RP618: 8/23/2009 6:44:25 AM - System Checkpoint
RP619: 8/24/2009 7:57:25 AM - System Checkpoint
RP620: 8/25/2009 8:44:25 AM - System Checkpoint
RP621: 8/26/2009 9:43:25 AM - System Checkpoint
RP622: 8/27/2009 11:22:29 AM - System Checkpoint
RP623: 8/28/2009 5:21:24 PM - System Checkpoint
RP624: 8/29/2009 5:31:19 PM - System Checkpoint
RP625: 8/30/2009 6:31:17 PM - System Checkpoint
RP626: 9/1/2009 2:25:03 AM - System Checkpoint
RP627: 9/2/2009 2:31:20 AM - System Checkpoint
RP628: 9/3/2009 3:43:49 AM - System Checkpoint
RP629: 9/4/2009 6:53:39 AM - System Checkpoint
RP630: 9/5/2009 7:31:19 AM - System Checkpoint
RP631: 9/6/2009 8:31:20 AM - System Checkpoint
RP632: 9/7/2009 9:31:20 AM - System Checkpoint
RP633: 9/8/2009 12:46:34 PM - System Checkpoint
RP634: 9/9/2009 1:55:58 PM - System Checkpoint
RP635: 9/10/2009 4:14:59 PM - System Checkpoint
RP636: 9/11/2009 6:00:46 PM - System Checkpoint
RP637: 9/12/2009 8:33:16 PM - System Checkpoint
RP638: 9/13/2009 9:31:20 PM - System Checkpoint
RP639: 9/15/2009 1:39:21 AM - System Checkpoint
RP640: 9/16/2009 2:31:20 AM - System Checkpoint
RP641: 9/17/2009 3:45:22 AM - System Checkpoint
RP642: 9/18/2009 5:37:20 AM - System Checkpoint
RP643: 9/19/2009 6:31:22 AM - System Checkpoint
RP644: 9/20/2009 7:31:23 AM - System Checkpoint
RP645: 9/21/2009 8:30:21 AM - System Checkpoint
RP646: 9/21/2009 10:46:57 PM - Installed Kaspersky Internet Security 2010.
RP647: 9/22/2009 12:51:26 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP648: 9/22/2009 2:51:12 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP649: 9/22/2009 3:03:57 AM - Removed Kaspersky Internet Security 2010.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9.1.3
AiO_Scan
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Pictures Tools (version 10.6.0.6)
AOL Toolbar 
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Internet Mail
Bonjour
Compatibility Pack for the 2007 Office system
DAEMON Tools
Download Updater (AOL LLC)
eGreetings.com Toolbar
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Deskjet 3840
HP PrecisionScan Pro 3.0
HP Update
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Last.fm 1.5.4.24567
LimeWire 4.18.8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Premium 2006 DVD
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero 6 Ultra Edition
PayPal Plug-In
PowerDVD
QFolder
QuickTime
RealPlayer
Rhapsody Player Engine
Safari
Scan
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Sibelius Scorch (ActiveX Only)
Software Update for Web Folders
Solero Music Viewer 8.0.22.326
Uninstall AOL Emergency Connect Utility 1.0
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VC 9.0 Runtime
Viewpoint Media Player
Winamp
Window Washer 5
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XP Royale Theme
Yahoo! Search Protection

==== Event Viewer Messages From Past Week ========

9/22/2009 4:12:26 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/22/2009 4:05:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
9/22/2009 3:31:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor
9/22/2009 3:31:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/22/2009 2:50:36 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
9/22/2009 1:01:59 AM, error: Service Control Manager [7022] - The fioo32 service hung on starting.

==== End Of File ===========================


----------



## jpshortstuff (Oct 19, 2007)

Hi,

Please post the other DDS log as well.

Thanks.


----------



## BarTuck (Apr 10, 2006)

DDS (Ver_09-07-30.01) - NTFSx86 
Run by Dell at 16:42:28.06 on Wed 09/23/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.206 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AGI\core\3.0\AGCoreService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1204351165\ee\AOLSoftware.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.1b\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 9.1b\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dell\Local Settings\Temporary Internet Files\Content.IE5\R9PCGCWF\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: agcore.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: agcore.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: egreetings Toolbar: {9df9b682-9c18-4a01-bac3-a265ca7cd866} - mscoree.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.1b\AOL.EXE" -b
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HostManager] c:\program files\common files\aol\1204351165\ee\AOLSoftware.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v50/luxor/luxor.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2007-2-11 17792]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214024]
R2 AGCoreService;AG Core Services;c:\program files\agi\core\3.0\AGCoreService.exe [2009-8-28 40960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-22 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-22 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-22 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-22 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-22 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-22 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-22 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-22 34248]

=============== Created Last 30 ================

2009-09-23 10:39 --d-----	c:\docume~1\dell\applic~1\Malwarebytes
2009-09-23 10:39	38,224	a-------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-23 10:39	19,160	a-------	c:\windows\system32\drivers\mbam.sys
2009-09-23 10:39 --d-----	c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-23 10:39 --d-----	c:\program files\Malwarebytes' Anti-Malware
2009-09-22 16:10	4,979	a-------	c:\windows\system32\Config.MPF
2009-09-22 16:01	79,816	a-------	c:\windows\system32\drivers\mfeavfk.sys
2009-09-22 16:01	40,552	a-------	c:\windows\system32\drivers\mfesmfk.sys
2009-09-22 16:01	35,272	a-------	c:\windows\system32\drivers\mfebopk.sys
2009-09-22 16:01	120,136	a-------	c:\windows\system32\drivers\Mpfp.sys
2009-09-22 16:01 --d-----	c:\program files\common files\McAfee
2009-09-22 16:01 --d-----	c:\program files\McAfee.com
2009-09-22 16:01 --d-----	c:\program files\McAfee
2009-09-22 15:55	34,248	a-------	c:\windows\system32\drivers\mferkdk.sys
2009-09-22 01:02	952	a-------	c:\windows\system32\drivers\kgpcpy.cfg
2009-09-22 00:52 --d-----	c:\docume~1\alluse~1\applic~1\SITEguard
2009-09-22 00:51 --d-----	c:\program files\common files\iS3
2009-09-22 00:51 --d-----	c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-09-21 01:46 --d-----	c:\program files\iPod
2009-09-21 01:45 --d-----	c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-21 01:43 --d-----	c:\program files\Bonjour
2009-09-05 01:54	94,208	a-------	c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54	69,632	a-------	c:\windows\system32\QuickTime.qts
2009-08-28 15:22 --d-----	c:\program files\EG Toolbar
2009-08-28 15:22 --d-----	c:\program files\AGI

==================== Find3M ====================

2009-08-03 00:36	2,932	a-------	c:\windows\system32\d3d9caps.dat
2008-08-04 20:11	32,768	a--sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080805\index.dat

============= FINISH: 16:43:47.78 ===============


----------



## jpshortstuff (Oct 19, 2007)

Hi,

Click *Start* >> *Control Panel* >> *Add/Remove Programs*. There are two programs here that I recommend you Remove.

*Java(TM) 6 Update 7* -> This is an old version of Java. You already have a later version of Java, so you don't need to keep this one. You can click *Remove* by this entry to uninstall it.

*LimeWire 4.18.8* -> Limewire is a great way to get yourself infected, and is very often that cause an viruses and Malware getting onto computers. I recommend you remove this one, for your own good.

OK, let's try and remove that black background you mentioned. Click *Start* >> *Control Panel*. Double click on *Display* (or *Display Properties*) and click on the *Desktop* tab. Click on *Customize Desktop* and click the *Web* tab.
For every item in the *Web Pages* box (_except_ the "My Current Homepage" entry), uncheck it, and delete it.
Also, have a look at the *Lock Desktop Items* checkbox and make sure it is unchecked.
Click *OK* and *OK* again until you have exited the display properties.

You may need to choose your previous background picture again, if the Malware has removed it.

Let me know what the remaining problems are, and we can work through them.


----------



## BarTuck (Apr 10, 2006)

YOu are so wonderful!

I got another pop in...it's the same message that is still on my desktop, "You may be a victim of software copying. This copy of windows did not pass genuine validation." The pop in asks if I want to get to the bottom of it....(I forget the actual words)...now or later.

My computer was very fast earlier...right now very slow....but that is not abnormal really...it just hasn't been quite this slow in a while.

I don't want to appear picky....but since you've been so gracious......
ty


----------



## jpshortstuff (Oct 19, 2007)

Hi,

The following program will clean up your Temp files and other undeeded junk on the computer, which may improve performance.

Please download *ATF Cleaner* by *Atribune*.
*Download - ATF Cleaner»*
Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.

(If you use *FireFox* or the *Opera* browser
To keep saved passwords, click *No* at the prompt.)

It's normal after running *ATF cleaner* that the PC will be slower to boot the first time or two.

To be honest, that message you are getting in your System tray sounds like a legit Microsoft Message. You do have *Windows Genuine Advantage Notifications installed, it sounds like they are just trying to verify that your Windows installation is genuine. What happens if you work with it ("get to the bottom of it")?*


----------



## BarTuck (Apr 10, 2006)

Been out all day......
I hv never tried it ... I thought it was a fake message like the others I was getting. But, I will if you think it safe. My desktop was back to black when I signed on, so I need to do something. Will let you know what happens ....hopefully! lol Thnx agn!


----------



## jpshortstuff (Oct 19, 2007)

Yep, let me know


----------

