Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Problems - Can't View Hidden Files, Can't Access Registry


  • Please log in to reply
8 replies to this topic

#1 thepedalontheright

thepedalontheright

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 15 July 2008 - 04:46 PM

I think I have a registry virus. I can't view my hidden folders (not files) - the option does not show up on the control panel as instructed in XP help.
I also cannot access the registry edit - it says my administrator (me) has disallowed access. I also have a program that I cannot uninstall.

My Mcafee scan doesn't show anything. My Adaware scan just shows tracking cookies to delete - both scans have been done today prior to the dss download.

I read some of the other posts - and have followed those instructions. Here is the dss info.

Thanks in advance
David



Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-15 16:43:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
54: 2008-07-15 21:43:47 UTC - RP165 - Deckard's System Scanner Restore Point
53: 2008-07-15 20:53:39 UTC - RP164 - Installed Ad-Aware
52: 2008-07-15 20:52:44 UTC - RP163 - Removed Ad-Aware 2007
51: 2008-07-15 14:29:28 UTC - RP162 - System Checkpoint
50: 2008-07-13 12:53:34 UTC - RP161 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-03-25 13:48:00 UTC - RP112 - Printer Driver Amyuni PDF Converter 157 Installed


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:26 PM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\Desktop\MismaSXS_ELIMINAR VIRUS\MismaSXS\MismaSXS.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\System\ZVolume Pro\ZVolume.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/redirects/support.asp?affid=105
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AntiVirus] C:\Documents and Settings\Owner\Desktop\MismaSXS_ELIMINAR VIRUS\MismaSXS\MismaSXS.exe /SCAN
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ZVolume] C:\Program Files\Common Files\System\ZVolume Pro\ZVolume.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D3F505F-FD8E-4482-A2CE-CD8BD4DC055B}: NameServer = 192.168.1.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D3F505F-FD8E-4482-A2CE-CD8BD4DC055B}: NameServer = 192.168.1.105
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11034 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 LxrJD31d - c:\windows\system32\drivers\lxrjd31d.sys
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>

S3 JL2004A (JL2004A Photo Viewer) - c:\windows\system32\drivers\pv_wdm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 LxrJD31s (Lexar JD31) - lxrjd31s.exe
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-27 18:00:17 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-05-15 09:03:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-15 09:50:08 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-09-01 01:00:05 332 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-06-15 and 2008-07-15 -----------------------------

2008-07-15 16:45:17 0 d-------- C:\Program Files\Trend Micro
2008-07-15 15:52:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-15 13:38:39 0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-15 08:59:01 0 d-------- C:\Program Files\Picasa2
2008-06-29 09:39:56 0 dr-h----- C:\Documents and Settings\Owner\Recent


-- Find3M Report ---------------------------------------------------------------

2008-07-15 16:27:58 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-15 15:53:41 0 d-------- C:\Program Files\Lavasoft
2008-07-15 15:52:58 0 d-------- C:\Program Files\Common Files
2008-07-15 14:21:59 0 d-------- C:\Program Files\Eraser
2008-06-30 15:46:22 0 d-------- C:\Program Files\SiteAdvisor
2008-06-27 18:00:01 0 d-------- C:\Program Files\Norton Security Scan
2008-06-22 08:23:16 0 d-------- C:\Program Files\McAfee
2008-06-21 19:21:43 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-01 08:26:36 0 d-------- C:\Program Files\MySpace
2008-05-18 08:16:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-02 22:28:23 155648 --a------ C:\WINDOWS\system32\stuninstall.exe <Not Verified; -; Uninstall>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 04:44 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 04:41 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 04:45 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/18/2006 06:04 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/18/2006 05:58 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 04:30 PM C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [02/20/2007 12:29 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 11:48 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [05/02/2007 06:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/22/2007 10:35 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/13/2007 01:05 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [09/06/2007 03:53 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"AntiVirus"="C:\Documents and Settings\Owner\Desktop\MismaSXS_ELIMINAR VIRUS\MismaSXS\MismaSXS.exe" [10/26/2006 02:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 02:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [08/28/2006 09:57 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 07:03 PM]
"ZVolume"="C:\Program Files\Common Files\System\ZVolume Pro\ZVolume.exe" [04/14/2003 06:14 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/22/2007 11:13:49 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=2 (0x2)
"DisableRegistryTools"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0974e728-517f-11dc-ad84-0019b97366b2}]
Auto\command- handydriver.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL handydriver.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{550f9d2d-5251-11dc-ad87-0019b97366b2}]
AutoRun\command- E:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c6d6538-5f23-11dc-adb2-0019b97366b2}]
Auto\command- handydriver.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL handydriver.exe

*Newly Created Service* - AAWSERVICE



-- End of Deckard's System Scanner: finished at 2008-07-15 16:46:32 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™ Duo CPU T2350 @ 1.86GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 2038.37 MiB / 1350.75 MiB
Pagefile Memory (total/avail): 3931.29 MiB / 3373.9 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.84 MiB

C: is Fixed (NTFS) - 143.11 GiB total, 112.07 GiB free.
D: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - FUJITSU MHW2160BH - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 143.11 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 2047.35 MiB
\PARTITION3 - Unknown - 3.91 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAVIDSDELL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\DAVIDSDELL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=DAVIDSDELL
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
David (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Bicycle Card Games 1.0 Demo --> "C:\Program Files\Microsoft Games\Bicycle Card Games 1.0 Demo\UNINSTAL.EXE" /runtemp /addremove
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
JD Secure 3.1 --> C:\WINDOWS\System32\JDSecure31.exe /u
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_b05697e\Setup.exe /APR-REMOVE
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Maxtor Manager --> "C:\Program Files\InstallShield Installation Information\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager --> MsiExec.exe /I{B8281D46-D846-4BB9-BC84-F1115A7BF820}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
MediaDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Money Plus --> "C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries --> MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 7 --> MsiExec.exe /X{26D3E377-1DCA-4043-9410-B4A9BACF1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg --> MsiExec.exe /I{56AB063D-1450-4BDE-9F0D-E9C693429C51}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
Operation World 2001 --> C:\Program Files\GMI\OW2001\Unwise32.exe
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
Photo Viewer 2.3 --> "C:\Program Files\Photo Viewer\uninstall.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
QBFC 2.1 --> MsiExec.exe /X{8681C2EB-BFEE-432F-AD8F-A2F13E33D3F1}
QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Uninstall Photo Viewer --> "C:\Program Files\JL2004C\unins000.exe"
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
ZVolume Pro --> "C:\Program Files\Common Files\System\ZVolume Pro\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type6332 / Error
Event Submitted/Written: 07/15/2008 07:56:14 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 452615105.

Event Record #/Type6330 / Error
Event Submitted/Written: 07/15/2008 07:56:10 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6253 / Error
Event Submitted/Written: 06/24/2008 07:36:27 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application acrord32.exe, version 7.0.8.218, faulting module unknown, version 0.0.0.0, fault address 0x24002bcb.
Processing media-specific event for [acrord32.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32619 / Warning
Event Submitted/Written: 07/15/2008 02:22:53 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{61D47E7E-F732-476B-80CF-822A72AE08C4}.

Event Record #/Type32612 / Warning
Event Submitted/Written: 07/15/2008 02:22:45 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001B77128ED6. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type32604 / Error
Event Submitted/Written: 07/15/2008 02:13:02 PM
Event ID/Source: 111 / Removable Storage Service
Event Description:
RSM could not load media in drive Drive 0 of library USB Flash Memory USB Device.

Event Record #/Type32603 / Error
Event Submitted/Written: 07/15/2008 02:13:00 PM
Event ID/Source: 111 / Removable Storage Service
Event Description:
RSM could not load media in drive Drive 0 of library USB Flash Memory USB Device.

Event Record #/Type32602 / Error
Event Submitted/Written: 07/15/2008 01:57:06 PM
Event ID/Source: 111 / Removable Storage Service
Event Description:
RSM could not load media in drive Drive 0 of library USB Flash Memory USB Device.



-- End of Deckard's System Scanner: finished at 2008-07-15 16:46:32 ------------

Edited by thepedalontheright, 15 July 2008 - 08:33 PM.


BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 21 July 2008 - 02:37 PM

thepedalontheright

Sorry for the delay.

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#3 thepedalontheright

thepedalontheright
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 22 July 2008 - 10:17 AM

THANKS

here's the log

ComboFix 08-07-21.2 - Owner 2008-07-22 9:58:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1410 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

2008-07-22 09:53 . 2008-07-22 09:54 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-21 09:43 . 2008-07-21 09:43 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-07-16 07:52 . 2008-07-16 07:52 <DIR> d-------- C:\Documents and Settings\david\Application Data\Malwarebytes
2008-07-16 07:50 . 2008-07-16 09:06 <DIR> d-------- C:\Documents and Settings\david\Application Data\SiteAdvisor
2008-07-16 07:49 . 2007-08-22 11:09 <DIR> d-------- C:\Documents and Settings\david\Application Data\Intel
2008-07-16 07:49 . 2007-08-22 11:12 <DIR> d-------- C:\Documents and Settings\david\Application Data\InstallShield
2008-07-16 07:49 . 2007-08-22 11:21 <DIR> d--h----- C:\Documents and Settings\david\Application Data\Gtek
2008-07-16 07:49 . 2008-07-22 08:57 <DIR> d-------- C:\Documents and Settings\david
2008-07-15 18:50 . 2008-07-22 09:56 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-15 17:46 . 2008-07-15 21:34 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-15 17:01 . 2008-07-15 17:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 17:01 . 2008-07-15 17:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-15 17:01 . 2008-07-15 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-15 17:01 . 2008-07-07 17:42 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-15 17:01 . 2008-07-07 17:42 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 16:45 . 2008-07-15 16:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-15 15:52 . 2008-07-15 15:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-15 15:47 . 2008-07-15 15:47 <DIR> d-------- C:\Deckard
2008-07-15 13:38 . 2008-07-15 17:46 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-15 08:59 . 2008-07-15 08:59 <DIR> d-------- C:\Program Files\Picasa2
2008-07-15 08:59 . 2006-10-04 21:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-15 08:59 . 2006-10-04 21:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-12 15:21 . 2008-07-12 15:21 6,144 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 14:30 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-16 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-15 23:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-07-15 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-15 20:53 --------- d-----w C:\Program Files\Lavasoft
2008-07-15 19:21 --------- d-----w C:\Program Files\Eraser
2008-06-30 20:46 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-22 13:23 --------- d-----w C:\Program Files\McAfee
2008-06-22 00:21 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 13:26 --------- d-----w C:\Program Files\MySpace
2008-05-16 16:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-03 03:28 155,648 ----a-w C:\WINDOWS\system32\stuninstall.exe
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 21:57 395776]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"ZVolume"="C:\Program Files\Common Files\System\ZVolume Pro\ZVolume.exe" [2003-04-14 18:14 141824]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 16:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 16:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 16:45 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58 696320]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29 1191936]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48 761947]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 18:16 184320]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 22:35 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-13 13:05 36640]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-22 11:13:49 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 13:24]
S3 JL2004A;JL2004A Photo Viewer;C:\WINDOWS\system32\Drivers\pv_wdm.sys [2007-02-13 18:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0974e728-517f-11dc-ad84-0019b97366b2}]
\Shell\Auto\command - handydriver.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL handydriver.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{550f9d2d-5251-11dc-ad87-0019b97366b2}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c6d6538-5f23-11dc-adb2-0019b97366b2}]
\Shell\Auto\command - handydriver.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL handydriver.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-07-17 14:03:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-15 14:50:08 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-09-01 06:00:05 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-07-16 23:00:27 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AntiVirus - C:\Documents and Settings\Owner\Desktop\MismaSXS_ELIMINAR VIRUS\MismaSXS\MismaSXS.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/redirects/support.asp?affid=105
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{1D3F505F-FD8E-4482-A2CE-CD8BD4DC055B}: NameServer = 192.168.1.105

O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf
C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 09:59:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-22 10:00:36
ComboFix-quarantined-files.txt 2008-07-22 15:00:29

Pre-Run: 119,942,930,432 bytes free
Post-Run: 119,943,303,168 bytes free

174 --- E O F --- 2008-07-13 12:55:01

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 22 July 2008 - 11:00 AM

thepedalontheright

1. Open NotePad (not wordpad). Copy and paste the following into Notepad


Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0974e728-517f-11dc-ad84-0019b97366b2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c6d6538-5f23-11dc-adb2-0019b97366b2}]


Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
2. Rerun Hijackthis and post a fresh Hijackthis log as well

And in your reply give me an update on how things are working at this point
Posted Image
Microsoft MVP - Windows Security

#5 thepedalontheright

thepedalontheright
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 22 July 2008 - 12:38 PM

Things seem to be better - not sure totally - I can access registry now. The only problem that was different was that when I have clicked on my Firefox desktop icon - it opens internet explorer - but I guess that is an easy fix - uninstall and then reinstall firefox.

Here is the new Combo log followed by the Hijack This log

Really appreciate your help - I have had this feeling that things haven't been quite right with my computer.

___

ComboFix 08-07-21.2 - Owner 2008-07-22 12:36:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1496 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.

2008-07-21 09:43 . 2008-07-21 09:43 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-07-16 07:52 . 2008-07-16 07:52 <DIR> d-------- C:\Documents and Settings\david\Application Data\Malwarebytes
2008-07-16 07:50 . 2008-07-16 09:06 <DIR> d-------- C:\Documents and Settings\david\Application Data\SiteAdvisor
2008-07-16 07:49 . 2007-08-22 11:09 <DIR> d-------- C:\Documents and Settings\david\Application Data\Intel
2008-07-16 07:49 . 2007-08-22 11:12 <DIR> d-------- C:\Documents and Settings\david\Application Data\InstallShield
2008-07-16 07:49 . 2007-08-22 11:21 <DIR> d--h----- C:\Documents and Settings\david\Application Data\Gtek
2008-07-16 07:49 . 2008-07-22 08:57 <DIR> d-------- C:\Documents and Settings\david
2008-07-15 18:50 . 2008-07-22 09:56 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-07-15 17:46 . 2008-07-15 21:34 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-15 17:01 . 2008-07-15 17:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 17:01 . 2008-07-15 17:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-15 17:01 . 2008-07-15 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-15 17:01 . 2008-07-07 17:42 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-15 17:01 . 2008-07-07 17:42 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 16:45 . 2008-07-15 16:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-15 15:52 . 2008-07-15 15:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-15 15:47 . 2008-07-15 15:47 <DIR> d-------- C:\Deckard
2008-07-15 13:38 . 2008-07-15 17:46 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-15 08:59 . 2008-07-15 08:59 <DIR> d-------- C:\Program Files\Picasa2
2008-07-15 08:59 . 2006-10-04 21:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-15 08:59 . 2006-10-04 21:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-12 15:21 . 2008-07-12 15:21 6,144 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 16:09 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-16 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-15 23:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-07-15 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-15 20:53 --------- d-----w C:\Program Files\Lavasoft
2008-07-15 19:21 --------- d-----w C:\Program Files\Eraser
2008-06-30 20:46 --------- d-----w C:\Program Files\SiteAdvisor
2008-06-22 13:23 --------- d-----w C:\Program Files\McAfee
2008-06-22 00:21 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 13:26 --------- d-----w C:\Program Files\MySpace
2008-05-16 16:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-03 03:28 155,648 ----a-w C:\WINDOWS\system32\stuninstall.exe
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-22_10.00.08.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-22 11:42:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-22 17:33:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-22 11:42:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-22 17:33:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-22 11:42:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-22 17:33:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 21:57 395776]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"ZVolume"="C:\Program Files\Common Files\System\ZVolume Pro\ZVolume.exe" [2003-04-14 18:14 141824]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 16:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 16:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 16:45 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58 696320]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29 1191936]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48 761947]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 18:16 184320]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-22 22:35 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-13 13:05 36640]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-22 11:13:49 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 13:24]
S3 JL2004A;JL2004A Photo Viewer;C:\WINDOWS\system32\Drivers\pv_wdm.sys [2007-02-13 18:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{550f9d2d-5251-11dc-ad87-0019b97366b2}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-17 14:03:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-15 14:50:08 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-09-01 06:00:05 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-07-16 23:00:27 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 12:38:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
Completion time: 2008-07-22 12:40:00
ComboFix-quarantined-files.txt 2008-07-22 17:39:55
ComboFix2.txt 2008-07-22 15:00:37

Pre-Run: 119,932,153,856 bytes free
Post-Run: 119,926,214,656 bytes free

162 --- E O F --- 2008-07-13 12:55:01



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:30 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/redirects/support.asp?affid=105
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ZVolume] C:\Program Files\Common Files\System\ZVolume Pro\ZVolume.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D3F505F-FD8E-4482-A2CE-CD8BD4DC055B}: NameServer = 192.168.1.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D3F505F-FD8E-4482-A2CE-CD8BD4DC055B}: NameServer = 192.168.1.105
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10629 bytes

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 22 July 2008 - 01:56 PM

thepedalontheright

You are most welcome.

Let's take one more look.

Please perform an Ewido Online Malware Scan
  • When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
  • Click on Start Scan.
  • after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread
  • If any infections are found, (After you save the logfile), Click on Remove Infections.

Posted Image
Microsoft MVP - Windows Security

#7 thepedalontheright

thepedalontheright
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 22 July 2008 - 04:10 PM

Ok, here are the results of that scan (Ewido) - that took a while, huh?

Few questions before you move to someone else's issues - I run McAfee, and adaware and CCleaner regularly-
should I change my habits or replace one of those with some other software. (IE malware bytes anti malware) ?

can I uninstall combofix and hijack this? can I reinstall firefox?

Thanks again :thumbsup: ,


__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\Owner\Cookies\owner@ssl-hints.netflame[1].txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: :mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Webtrendslive
Path: :mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: :mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.238:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.251:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.252:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.254:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: :mozilla.257:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.247realmedia
Path: :mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.264:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: :mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Burstbeacon
Path: :mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.294:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.295:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.296:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.297:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.298:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.299:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.300:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.301:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.302:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.304:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.349:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.350:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.353:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.357:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.396:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.402:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.425:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.435:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.436:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Liveperson
Path: :mozilla.438:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.448:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.466:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.477:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.479:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.514:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.518:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.519:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.520:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.521:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.522:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.523:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.524:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.541:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.542:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.543:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.544:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.571:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.572:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.591:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.592:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.593:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.594:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.595:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.596:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.597:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.613:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.614:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.615:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.616:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.617:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.618:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.619:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.620:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.621:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.622:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Onestat
Path: :mozilla.631:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Onestat
Path: :mozilla.632:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: :mozilla.667:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: :mozilla.668:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.684:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.700:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.711:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.712:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.767:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.768:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.769:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Googleadservices
Path: :mozilla.803:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s25vv1j7.default\cookies.txt
Risk: Medium

Name: Worm.VB.qr
Path: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP165\A0044093.exe
Risk: High

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 22 July 2008 - 04:30 PM

thepedalontheright

Few questions before you move to someone else's issues - I run McAfee, and adaware and CCleaner regularly-
should I change my habits or replace one of those with some other software. (IE malware bytes anti malware) ?

You need to keep one AntiVirus Program ->> Which would be McAfee
AdAware and CCleaner are both fine to keep
You can keep MBAM to do occasional scans.

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:
Disable and Enable System RestoreLets create a clean System Restore point
the instructions are here
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:Download the latest version of
Java Runtime Environment (JRE) 6.u6.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.
Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basisTo a disc or a USB key, not your Hardrive
You may want to read this article"So how did I get infected in the first place" by Tony Klein

surf safe

Edited by bamajim, 23 July 2008 - 07:39 AM.

Posted Image
Microsoft MVP - Windows Security

#9 thepedalontheright

thepedalontheright
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 22 July 2008 - 04:55 PM

thanks again!

D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users