[Requesting Help] Constant Popups "rightonadz/adssite"

lolwow · 12-30-2007, 07:23 PM

I keep gettin popads from adssite and rightonadz and also this popup that flashes really quickly and disappears i do not know what that is because it disappears before I have a chance to read what it is or it doesnt display it at all.
I've tried many things to try and get rid of them but nothing is working...
S/D Spybot
Avast
Clearing History
SD Fix

Heres main.txt
Deckard's System Scanner v20071014.68
Run by Ricardo on 2007-12-30 21:00:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
60: 2007-12-31 02:00:38 UTC - RP448 - Deckard's System Scanner Restore Point
59: 2007-12-30 23:46:51 UTC - RP447 - Removed MyWay Search Assistant
58: 2007-12-30 23:43:37 UTC - RP446 - Removed Java(TM) 6 Update 2
57: 2007-12-30 23:42:44 UTC - RP445 - Removed Java(TM) SE Runtime Environment 6 Update 1
56: 2007-12-30 23:41:36 UTC - RP444 - Removed J2SE Runtime Environment 5.0 Update 11

-- First Restore Point --
1: 2007-10-03 00:21:19 UTC - RP389 - Installed ijji Auto Installer

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-30 21:02:26
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ricardo\Local Settings\Temporary Internet Files\Content.IE5\MTZA96JC\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - (no file)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 12030 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 npkcrypt - c:\documents and settings\ricardo\desktop\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 kbdcap - c:\windows\system32\drivers\kbdcap.sys

S3 catchme - c:\docume~1\rogerio\locals~1\temp\catchme.sys (file missing)
S3 cheetah1 - c:\documents and settings\ricardo\desktop\cheetah engine 1.2\cheetah.sys (file missing)
S3 DISK_DRIVE32 - c:\documents and settings\ronaldo\my documents\hack\ms hacks\disk_1024.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 Dua1 - c:\documents and settings\rogerio\desktop\hacking tools\dual engine\dualengi.sys (file missing)
S3 dump_wmimmc - c:\documents and settings\ricardo\desktop\nexon\maplestory\gameguard\dump_wmimmc.sys (file missing)
S3 geebers12 - c:\documents and settings\ricardo\desktop\buffy .39\buffy engine 2.1\nvid888.sys (file missing)
S3 kaspersky1 - c:\documents and settings\ronaldo\desktop\uce\kaspersky%20uce\kaspersky.sys
S3 nocashio - c:\windows\system32\drivers\nocashio.sys
S3 npkcusb - c:\documents and settings\ricardo\desktop\nexon\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 puma1 - c:\documents and settings\rogerio\desktop\pumabyzé\puma.sys (file missing)
S3 sejt1 - c:\documents and settings\ricardo\desktop\akumaengine\sejt.sys (file missing)
S3 toBzM - c:\tobzm.sys (file missing)
S3 UCEDRIVER53 - c:\documents and settings\ricardo\my documents\hacks\uce\cetc.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 xp1 - f:\0.34\xp.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S3 zenx1 - c:\documents and settings\rogerio\desktop\folder\zenx.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S2 McDetect.exe (McAfee WSC Integration) - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
S2 McTskshd.exe (McAfee Task Scheduler) - c:\progra~1\mcafee.com\agent\mctskshd.exe (file missing)
S2 MpfService (McAfee Personal Firewall Service) - c:\progra~1\mcafee.com\person~1\mpfservice.exe (file missing)
S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe (file missing)
S3 mcupdmgr.exe (McAfee SecurityCenter Update Manager) - c:\progra~1\mcafee.com\agent\mcupdmgr.exe (file missing)
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-12-28 17:52:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-21 17:17:49 394 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-01-26 16:04:19 268 --a------ C:\WINDOWS\Tasks\McDefragTask.job

-- Files created between 2007-11-30 and 2007-12-30 -----------------------------

2007-12-30 18:55:58 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 18:55:56 0 d-------- C:\WINDOWS\LastGood
2007-12-29 11:31:39 0 d-------- C:\WINDOWS\ERUNT
2007-12-28 18:22:43 0 d-------- C:\Program Files\iPod
2007-12-28 18:22:19 0 d-------- C:\Program Files\iTunes
2007-12-28 18:20:03 0 d-------- C:\Program Files\QuickTime
2007-12-27 22:47:08 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-27 22:46:56 0 d-------- C:\Program Files\Dell Support Center
2007-12-27 22:46:52 0 d-------- C:\Program Files\Common Files\supportsoft
2007-12-27 17:00:00 110592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL <Not Verified; ENJsoft Corporation; SelfMusicVideo>
2007-12-27 09:53:38 64512 --a------ C:\WINDOWS\system32\gzmrt.dll
2007-12-24 15:10:35 0 d-------- C:\WatchNow
2007-12-21 20:37:03 0 d-------- C:\Documents and Settings\Mom\Application Data\ESET
2007-12-15 19:33:53 0 d-------- C:\Documents and Settings\Rogerio\Application Data\ESET
2007-12-14 22:41:30 0 d-------- C:\Documents and Settings\Ricardo\Application Data\ESET
2007-12-14 21:53:58 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-14 21:53:58 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-14 21:53:58 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-14 21:53:58 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-12-14 21:53:58 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-14 21:53:58 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-14 21:53:58 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-12-14 21:53:58 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-14 21:53:58 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-12-14 21:53:58 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-14 21:53:58 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-12-14 21:53:58 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-14 21:53:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-12-14 21:53:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-12-14 21:53:58 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-14 21:53:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-14 21:53:57 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-14 17:14:37 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-14 16:11:58 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-12-13 19:21:16 40737 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe

-- Find3M Report ---------------------------------------------------------------

2007-12-30 20:13:42 0 d-------- C:\Program Files\MSN Messenger
2007-12-30 20:10:27 0 d-------- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2007-12-30 18:43:53 0 d-------- C:\Program Files\Java
2007-12-30 14:44:57 0 d-------- C:\Program Files\Steam
2007-12-29 20:50:27 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-12-27 22:46:52 0 d-------- C:\Program Files\Common Files
2007-12-27 22:43:33 0 d--h----- C:\Documents and Settings\Ricardo\Application Data\Gtek
2007-12-25 20:38:39 25664 --a----c- C:\Documents and Settings\Ricardo\Application Data\GDIPFONTCACHEV1.DAT
2007-12-15 09:23:42 0 d-------- C:\Program Files\Google
2007-12-14 17:19:56 40960 -----n--- C:\WINDOWS\system32\MAMACExtract.dll <Not Verified; ???????; ??????? MAMACExtract>
2007-12-14 16:11:25 0 d-------- C:\Program Files\BitComet
2007-12-09 21:57:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-20 15:36:02 118784 --a------ C:\WINDOWS\system32\MaDRM.dll <Not Verified; (?)????; MaDRM ?? ?? ????? with PKI>
2007-11-09 19:11:44 0 d-------- C:\Program Files\LegacyGamers
2007-11-02 10:26:53 0 d-------- C:\Program Files\LimeWire
2007-10-30 20:58:50 0 d-------- C:\Program Files\MapleSEA

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F3E8BD-257A-4702-A2F5-DC02055B068C}]
27/12/2007 09:53 AM 64512 --a------ C:\WINDOWS\system32\gzmrt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/07/2005 12:09 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/07/2005 12:06 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/07/2005 12:10 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [23/02/2005 05:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 02:05 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 02:06 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20/03/2006 05:34 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/10/2007 04:39 PM]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [14/11/2007 03:05 PM]
"postSetupCheck"="C:\WINDOWS\system32\gzmrt.dll" [27/12/2007 09:53 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/12/2007 10:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/12/2007 12:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 12:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [26/08/2007 09:27 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [03/12/2007 01:21 PM]
"@"="" []
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 09:23 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [23/11/2004 03:51 PM 192512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - GTNDIS5
*Newly Created Service* - RKPAVPROC

-- End of Deckard's System Scanner: finished at 2007-12-30 21:03:11 ------------

Heres the Hijackthis.log
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 502.07 MiB / 119.19 MiB
Pagefile Memory (total/avail): 1226.82 MiB / 689.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1898.18 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 71.46 GiB total, 40.34 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380819AS - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 71.46 GiB - C:
\PARTITION2 - Unknown - 3 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ESET Personal firewall v3.0.566.0 (ESET, spol. s r. o.)
AV: ESET Smart Security 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\MapleSEA\\MapleStory.exe"="C:\\Program Files\\MapleSEA\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MapleSEA\\Patcher.exe"="C:\\Program Files\\MapleSEA\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ricardo\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D86S5391
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ricardo
LOGONSERVER=\\D86S5391
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ricardo\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ricardo\LOCALS~1\Temp
USERDOMAIN=D86S5391
USERNAME=Ricardo
USERPROFILE=C:\Documents and Settings\Ricardo
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Mom (admin)
Ricardo (admin)
Rogerio (admin)
Ronaldo (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
BitComet 0.97 --> C:\Program Files\BitComet\uninst.exe
Browser Optimizer Rightonadz --> C:\WINDOWS\system32\rightonadz-uninst.exe
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESET Smart Security --> MsiExec.exe /I{73DD62F9-7B11-4431-B38A-DFAD02FCB5F3}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
InstallShield 12 SP2 --> MsiExec.exe /I{98C325B5-87DE-4F55-8D99-C222DBB8C02E}
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Internet Explorer 7 Beta 2 --> "C:\WINDOWS\$NtUninstallie7beta2$\spuninst\spuninst.exe"
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire PRO 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G PCI Network Adapter with SpeedBooster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAE4A00B-D290-4B65-8287-B82A80FC0619}\setup.exe" -l0x9
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
MapleStory --> MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft GIF Animator --> C:\Program Files\Microsoft GIF Animator\setup\GifACME.exe
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Samsung Media Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\Setup.exe" -l0x9
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type1832 / Error
Event Submitted/Written: 12/30/2007 05:32:08 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 580248065.

Event Record #/Type1831 / Error
Event Submitted/Written: 12/30/2007 05:31:52 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20071.12718, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1830 / Error
Event Submitted/Written: 12/30/2007 04:40:04 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20071.12718, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1827 / Error
Event Submitted/Written: 12/30/2007 04:39:48 PM / 12/30/2007 04:39:49 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20071.12718, faulting module nsbrowseropt.dll, version 3.9.0.0, fault address 0x0001247e.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type1819 / Success
Event Submitted/Written: 12/30/2007 04:36:50 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type129368 / Error
Event Submitted/Written: 12/30/2007 06:47:02 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type129365 / Error
Event Submitted/Written: 12/30/2007 06:47:02 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type129362 / Error
Event Submitted/Written: 12/30/2007 06:47:02 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type129359 / Error
Event Submitted/Written: 12/30/2007 06:47:02 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type129356 / Error
Event Submitted/Written: 12/30/2007 06:47:02 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

-- End of Deckard's System Scanner: finished at 2007-12-30 21:03:11 ------------

lolwow · 01-02-2008, 08:06 PM

Bump.

lolwow · 01-03-2008, 02:13 PM

Bump.

tetonbob · 01-03-2008, 06:15 PM

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disconnect from the internet....pull the plug!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Browser Optimizer Rightonadz

Ignore any prompts to reboot.

---------------------------------------------------------------------------------------------
Double click on combofix.exe & follow the prompts. Type 1, then press Enter to start the fix.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
Re-establish an internet connection.
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

lolwow · 01-03-2008, 08:01 PM

Hi Tetonbob,
I deleted the "Browser Optimizer Rightonadz" in the computer.

Here is the ComboFix log:
ComboFix 08-01-04.1 - Ricardo 2008-01-03 21:44:42.1 - NTFSx86
Running from: C:\Documents and Settings\Ricardo\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
C:\Program Files\Common Files\svchostsys\Version.txt
C:\WINDOWS\system32\gzmrt.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2008-01-03 21:44 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 22:54 . 2007-12-31 22:54 <DIR> d-------- C:\Program Files\MyFree Codec
2007-12-30 21:17 . 2007-12-30 21:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 18:56 . 2007-12-30 19:14 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 18:56 . 2007-12-30 19:14 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-29 11:31 . 2007-12-29 11:31 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-28 18:23 . 2008-01-03 21:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-28 18:23 . 2007-12-28 18:23 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 18:22 . 2007-12-30 20:08 <DIR> d-------- C:\Program Files\iTunes
2007-12-28 18:22 . 2007-12-28 18:22 <DIR> d-------- C:\Program Files\iPod
2007-12-28 18:20 . 2007-12-28 18:20 <DIR> d-------- C:\Program Files\QuickTime
2007-12-27 22:47 . 2007-12-27 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-27 22:46 . 2007-12-27 22:47 <DIR> d-------- C:\Program Files\Dell Support Center
2007-12-27 22:46 . 2007-12-27 22:46 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2007-12-27 17:30 . 2007-12-27 17:30 65 --a------ C:\WINDOWS\FISHUI.INI
2007-12-27 17:00 . 2007-08-23 21:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2007-12-24 15:10 . 2007-12-24 15:10 <DIR> d-------- C:\WatchNow
2007-12-21 20:37 . 2007-12-21 20:37 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\ESET
2007-12-15 19:33 . 2007-12-15 19:33 <DIR> d-------- C:\Documents and Settings\Rogerio\Application Data\ESET
2007-12-14 22:41 . 2007-12-14 22:41 <DIR> d-------- C:\Documents and Settings\Ricardo\Application Data\ESET
2007-12-14 21:53 . 2005-12-28 14:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-12-14 17:14 . 2007-12-14 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-14 16:11 . 2007-12-14 16:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 01:51 --------- d-----w C:\Program Files\Steam
2007-12-31 23:51 --------- d-----w C:\Program Files\BitComet
2007-12-31 01:13 --------- d-----w C:\Program Files\MSN Messenger
2007-12-31 01:10 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2007-12-30 23:43 --------- d-----w C:\Program Files\Java
2007-12-30 01:50 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-12-28 03:43 --------- d--h--w C:\Documents and Settings\Ricardo\Application Data\Gtek
2007-12-26 01:38 25,664 -c--a-w C:\Documents and Settings\Ricardo\Application Data\GDIPFONTCACHEV1.DAT
2007-12-15 14:23 --------- d-----w C:\Program Files\Google
2007-12-15 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-14 22:19 40,960 ------w C:\WINDOWS\system32\MAMACExtract.dll
2007-12-10 02:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 18:59 25,664 -c--a-w C:\Documents and Settings\Rogerio\Application Data\GDIPFONTCACHEV1.DAT
2007-11-20 20:36 118,784 ----a-w C:\WINDOWS\system32\MaDRM.dll
2007-11-17 00:54 --------- d--h--w C:\Documents and Settings\Rogerio\Application Data\ijjigame
2007-11-17 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-11-14 20:06 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2007-11-14 20:06 50,696 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2007-11-14 20:06 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2007-11-14 20:04 27,656 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-11-14 20:03 33,800 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 02:19 --------- d-----w C:\Documents and Settings\Rogerio\Application Data\IGN_DLM
2007-11-10 00:11 --------- d-----w C:\Program Files\LegacyGamers
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-08-26 21:27 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 00:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 00:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 00:10 114688]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-10 16:39 185632]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-14 15:05 1410304]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 06:00 53760 C:\WINDOWS\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - GTNDIS5
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-21 22:17:49 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-28 22:52:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-01-26 21:04:19 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 21:48:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 21:48:33
ComboFix-quarantined-files.txt 2008-01-04 02:48:31
.
2007-12-12 04:26:49 --- E O F ---

Here is the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:00 PM, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 9022 bytes

tetonbob · 01-03-2008, 08:08 PM

I see two different AntiVirus solutions...which is the one you're currently favoring? Eset Smart Security? With Eset Smart Security, you should not need, or want, another Firewall or AV onboard.

Looks like parts of McAfee are still on the machine.

All '05, '06, and '07 McAfee products
Download the McAfee Removal Tool.

Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y.

Then post a new HijackThis log.

lolwow · 01-03-2008, 08:16 PM

Thank you so much Tetonbob, ive been wondering a long time how to get rid of mcafee off.

Heres the new hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:24 PM, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 8345 bytes

tetonbob · 01-03-2008, 08:22 PM

That looks much better.

We do have more work to do, but have the popups stopped for now?

lolwow · 01-03-2008, 08:24 PM

I believe so, what else do i need work on?

tetonbob · 01-03-2008, 08:27 PM

P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Java 2 Runtime Environment, SE v1.4.2_03

These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall previous version when you update, nor tell you that you should.

Leave Java(TM) 6 Update 3 alone, as it is the most recent.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

lolwow · 01-04-2008, 08:33 AM

Hi Tetonbob,

Heres the kaspersky scan:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, January 04, 2008 10:32:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/01/2008
Kaspersky Anti-Virus database records: 502461
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 75920
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:52:05

Infected Object Name / Virus Name / Last Action
C:\009cfac20a386f34c9\admparse.dll Object is locked skipped
C:\009cfac20a386f34c9\admparse.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\advpack.dll Object is locked skipped
C:\009cfac20a386f34c9\advpack.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\browseui.dll Object is locked skipped
C:\009cfac20a386f34c9\corpol.dll Object is locked skipped
C:\009cfac20a386f34c9\custsat.dll Object is locked skipped
C:\009cfac20a386f34c9\dxtmsft.dll Object is locked skipped
C:\009cfac20a386f34c9\dxtrans.dll Object is locked skipped
C:\009cfac20a386f34c9\extmgr.dll Object is locked skipped
C:\009cfac20a386f34c9\extmgr.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\feeddisc.wav Object is locked skipped
C:\009cfac20a386f34c9\hmmapi.dll Object is locked skipped
C:\009cfac20a386f34c9\hmmapi.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\html.iec Object is locked skipped
C:\009cfac20a386f34c9\html.iec.mui Object is locked skipped
C:\009cfac20a386f34c9\icardie.dll Object is locked skipped
C:\009cfac20a386f34c9\icardie.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\icrav03.rat Object is locked skipped
C:\009cfac20a386f34c9\ie4uinit.exe Object is locked skipped
C:\009cfac20a386f34c9\ie4uinit.exe.mui Object is locked skipped
C:\009cfac20a386f34c9\ieakeng.dll Object is locked skipped
C:\009cfac20a386f34c9\ieakeng.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\ieakmmc.chm Object is locked skipped
C:\009cfac20a386f34c9\ieaksie.dll Object is locked skipped
C:\009cfac20a386f34c9\ieaksie.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\ieakui.dll Object is locked skipped
C:\009cfac20a386f34c9\ieakui.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\ieapfltr.dat Object is locked skipped
C:\009cfac20a386f34c9\ieapfltr.dll Object is locked skipped
C:\009cfac20a386f34c9\iedkcs32.dll Object is locked skipped
C:\009cfac20a386f34c9\iedkcs32.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\iedw.exe Object is locked skipped
C:\009cfac20a386f34c9\iedw.exe.mui Object is locked skipped
C:\009cfac20a386f34c9\ieencode.dll Object is locked skipped
C:\009cfac20a386f34c9\ieeula.chm Object is locked skipped
C:\009cfac20a386f34c9\ieframe.dll Object is locked skipped
C:\009cfac20a386f34c9\ieframe.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\iepeers.dll Object is locked skipped
C:\009cfac20a386f34c9\iepeers.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\ieproxy.dll Object is locked skipped
C:\009cfac20a386f34c9\iernonce.dll Object is locked skipped
C:\009cfac20a386f34c9\iernonce.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\iertutil.dll Object is locked skipped
C:\009cfac20a386f34c9\iesetup.dll Object is locked skipped
C:\009cfac20a386f34c9\iesetup.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\iesupp.chm Object is locked skipped
C:\009cfac20a386f34c9\ieudinit.exe Object is locked skipped
C:\009cfac20a386f34c9\ieui.dll Object is locked skipped
C:\009cfac20a386f34c9\ieui.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\ieuinit.inf Object is locked skipped
C:\009cfac20a386f34c9\ieunatt.exe.mui Object is locked skipped
C:\009cfac20a386f34c9\iexplore.chm Object is locked skipped
C:\009cfac20a386f34c9\iexplore.exe Object is locked skipped
C:\009cfac20a386f34c9\iexplore.exe.mui Object is locked skipped
C:\009cfac20a386f34c9\imgutil.dll Object is locked skipped
C:\009cfac20a386f34c9\inetcorp.iem Object is locked skipped
C:\009cfac20a386f34c9\inetcpl.cpl Object is locked skipped
C:\009cfac20a386f34c9\inetcpl.cpl.mui Object is locked skipped
C:\009cfac20a386f34c9\inetres.adm Object is locked skipped
C:\009cfac20a386f34c9\inetset.iem Object is locked skipped
C:\009cfac20a386f34c9\infobar.wav Object is locked skipped
C:\009cfac20a386f34c9\inseng.dll Object is locked skipped
C:\009cfac20a386f34c9\inseng.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\install.ins Object is locked skipped
C:\009cfac20a386f34c9\jscript.dll Object is locked skipped
C:\009cfac20a386f34c9\jsproxy.dll Object is locked skipped
C:\009cfac20a386f34c9\licmgr10.dll Object is locked skipped
C:\009cfac20a386f34c9\licmgr10.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\msfeeds.dll Object is locked skipped
C:\009cfac20a386f34c9\msfeeds.mof Object is locked skipped
C:\009cfac20a386f34c9\msfeedsbs.dll Object is locked skipped
C:\009cfac20a386f34c9\msfeedsbs.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\msfeedsbs.mof Object is locked skipped
C:\009cfac20a386f34c9\msfeedssync.exe Object is locked skipped
C:\009cfac20a386f34c9\mshta.exe Object is locked skipped
C:\009cfac20a386f34c9\mshta.exe.mui Object is locked skipped
C:\009cfac20a386f34c9\mshtml.dll Object is locked skipped
C:\009cfac20a386f34c9\mshtml.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\mshtml.tlb Object is locked skipped
C:\009cfac20a386f34c9\mshtmled.dll Object is locked skipped
C:\009cfac20a386f34c9\mshtmled.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\mshtmler.dll Object is locked skipped
C:\009cfac20a386f34c9\mshtmler.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\msls31.dll Object is locked skipped
C:\009cfac20a386f34c9\msrating.dll Object is locked skipped
C:\009cfac20a386f34c9\msrating.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\mstime.dll Object is locked skipped
C:\009cfac20a386f34c9\navstart.wav Object is locked skipped
C:\009cfac20a386f34c9\occache.dll Object is locked skipped
C:\009cfac20a386f34c9\occache.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\occache.ini Object is locked skipped
C:\009cfac20a386f34c9\pngfilt.dll Object is locked skipped
C:\009cfac20a386f34c9\popupblk.wav Object is locked skipped
C:\009cfac20a386f34c9\shdocvw.dll Object is locked skipped
C:\009cfac20a386f34c9\shlwapi.dll Object is locked skipped
C:\009cfac20a386f34c9\spmsg.dll Object is locked skipped
C:\009cfac20a386f34c9\spuninst.exe Object is locked skipped
C:\009cfac20a386f34c9\spupdsvc.exe Object is locked skipped
C:\009cfac20a386f34c9\tdc.ocx Object is locked skipped
C:\009cfac20a386f34c9\ticrf.rat Object is locked skipped
C:\009cfac20a386f34c9\update\eula.rtf Object is locked skipped
C:\009cfac20a386f34c9\update\idndl.exe Object is locked skipped
C:\009cfac20a386f34c9\update\ie7.cat Object is locked skipped
C:\009cfac20a386f34c9\update\iecustom.dll Object is locked skipped
C:\009cfac20a386f34c9\update\iereseticons.exe Object is locked skipped
C:\009cfac20a386f34c9\update\iesetup.exe Object is locked skipped
C:\009cfac20a386f34c9\update\legitlibm.dll Object is locked skipped
C:\009cfac20a386f34c9\update\nlsdl.exe Object is locked skipped
C:\009cfac20a386f34c9\update\update.exe Object is locked skipped
C:\009cfac20a386f34c9\update\update.exe.manifest Object is locked skipped
C:\009cfac20a386f34c9\update\update.inf Object is locked skipped
C:\009cfac20a386f34c9\update\update.ver Object is locked skipped
C:\009cfac20a386f34c9\update\updspapi.dll Object is locked skipped
C:\009cfac20a386f34c9\update\xmllitesetup.exe Object is locked skipped
C:\009cfac20a386f34c9\url.dll Object is locked skipped
C:\009cfac20a386f34c9\urlmon.dll Object is locked skipped
C:\009cfac20a386f34c9\urlmon.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\vbscript.dll Object is locked skipped
C:\009cfac20a386f34c9\vgx.dll Object is locked skipped
C:\009cfac20a386f34c9\webcheck.dll Object is locked skipped
C:\009cfac20a386f34c9\webcheck.dll.mui Object is locked skipped
C:\009cfac20a386f34c9\webcheck.ini Object is locked skipped
C:\009cfac20a386f34c9\winfxdocobj.exe Object is locked skipped
C:\009cfac20a386f34c9\winfxdocobj.exe.mui Object is locked skipped
C:\009cfac20a386f34c9\wininet.dll Object is locked skipped
C:\009cfac20a386f34c9\wininet.dll.mui Object is locked skipped
C:\8a440925a9c8259ce52623\update\update.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\epfwlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\All Users\Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 - Carbon Leaf - Life Less Ordinary - Indian Summer_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 SupaSaturation (radio version).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 Windblown.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\02 OK Alone.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\03 Lost Angeles.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\05 Desert Train.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\05 Show Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\06 - Nickel Creek - This Side - This Side_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\06 I Just Drove By.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\07 Lighted Up.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\08 If Its Wrong 1.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\09 - Deanna Carter - Sunny Day - the story of my life_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\09 When We Are One.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\adam.hood.playsomethingweknow.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\ah.million.miles.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\ah.tuesday.night.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Big Sky190k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Carey Ott - Mother Madam_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Clark Country - Track 2.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - It Doesn't Get Any Better Than This.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - My Favorite Revolution.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - The Next Time You Go.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Freakhouse - Liars Inc. 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\gandalf_192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Get More with Jukebox Plus.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\GIRL.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Green.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\I Love Lovin U.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Jeff Black - Tin Lily_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacy.crowley.badass.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacycrowley.blood.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacycrowley.kindofperfect.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Lie To Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Long Long Time 192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Love Me Too Much190k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Marcy Playground - No Ones Boy 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Mas Rapido - Christopher Robin's Dead - 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Natural Fool (192k).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Not Hot To Trot.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\NuSensation_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\OceanDriveClubMix_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\omar_192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\OpusOne_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Orange Peels - Something In You - 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Rescue Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sister Vikki.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sorrow - 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sorry.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Steady As She Goes (192k).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Swell.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\The Greencards - Time - weather and water_193k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - Baby Blue.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - Can You Feel It Now.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - You Were Born For This.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Urbia.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - Indiana Sun.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - Jealousy (Will Get You).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - She's Dead.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped
C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ricardo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Application Data\Microsoft\Messenger\ricky360_rh@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Application Data\Microsoft\Messenger\ricky360_rh@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Application Data\Microsoft\Messenger\ricky360_rh@hotmail.com\SharingMetadata\Working\database_F4F0_E291_F0E2_597E\dfsr.db Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Application Data\Microsoft\Messenger\ricky360_rh@hotmail.com\SharingMetadata\Working\database_F4F0_E291_F0E2_597E\fsr.log Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Application Data\Microsoft\Messenger\ricky360_rh@hotmail.com\SharingMetadata\Working\database_F4F0_E291_F0E2_597E\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Application Data\Microsoft\Messenger\ricky360_rh@hotmail.com\SharingMetadata\Working\database_F4F0_E291_F0E2_597E\tmp.edb Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Application Data\Microsoft\Windows Live Contacts\ricky360_rh@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Application Data\Microsoft\Windows Live Contacts\ricky360_rh@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Application Data\SupportSoft\DellSupportCenter\Ricardo\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\History\History.IE5\MSHist012008010420080105\index.dat Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Temp\~DF23DF.tmp Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Temp\~DF2A5B.tmp Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Temp\~DFA355.tmp Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Temp\~DFA360.tmp Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Temp\~DFE000.tmp Object is locked skipped
C:\Documents and Settings\Ricardo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ricardo\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ricardo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped
C:\Documents and Settings\Rogerio\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped
C:\Documents and Settings\Rogerio\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ronaldo\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped
C:\Documents and Settings\Ronaldo\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\e856bdfddf1514d7c9\update\update.exe Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0756144F-DB28-4F68-8556-DBE71C5800C9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

tetonbob · 01-04-2008, 09:34 AM

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to

-> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
- Once updated you should see another prompt that the task was completed.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Do not install more than one AntiVirus program because they will conflict with each other.
FIREWALL
If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here

Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

lolwow · 01-04-2008, 06:03 PM

Hey Tetonbob, im jus wondering if i install all of these, wont it slow down starting up and loading stuff on the computer?

tetonbob · 01-04-2008, 06:52 PM

Hi lolwow -

Which ones are you concerned about? Not all applications use system resources; some simply place blocking protection in either the registry or in the hosts file.

I use all the utilities with titles in blue, plus ERUNT. I also make regular visits to Secunia's online software inspector.

If you're concerned with unnecessary startups, have a look at this:

http://www.malwarebytes.org/startuplite.php

This will display all unnecessary startup entries - Everything it displays there is not needed to start up with Windows.

The choice is up to you whether you need some to start up with Windows (in that case, select "No action" for them) - but you can always start them manually via start > all programs.

(Do not choose the "Remove" checkboxes, because this will delete it from the Registry - only select the "Remove" checkboxes if you are sure you don't want to enable them again in the future)

Does that help?

lolwow · 01-04-2008, 07:08 PM

for some reason everytime i open spywareguard and then spywareguard liveupdate and update it spywareguard says some sort of error after and closes.

tetonbob · 01-04-2008, 07:29 PM

SpywareGuard only needs to be updated once.

SpywareGuard is still effective against the older malware it was written for, and has virtually no effect on resources.

You can read more about it here, here and here

Quote:

The reason for less frequent updates with SpywareGuard is that much of its detection abilities are heuristics in nature. (Basically this means it doesn't need a specific signature for every spyware it catches, simply an overall pattern or approach-used, which it can identify and then trigger off of.) So, SpywareGuard works for many of the newer versions of the same spyware installers even without adding "signatures" for them.

Quote:

SpywareGuard is a resident scanner (similar in a way to how an anti-virus program works) which proactively scans files prior to them being executed; looking for spyware installation kits and such. It scans with both known signatures and some generic protection techniques to detect and prevent spyware installation. SG also includes capabilities to prevent browser hijacks and provides built-in download protection for Internet Explorer. Because of all of this, SpywareGuard does run in the background. In fact, there will be two processes related SG in your task manager.

SpywareBlaster is a preventative program. It sets flags in the registry to prevent the running of a specific list of bad spyware related ActiveX controls. This includes general spyware and malicious dialers. It also blocks a list of known spyware related cookies in IE6. SpywareBlaster should be run periodically, say once a week, to check for updates to its database. Other than that it doesn't need to be running to provide protection, so there are no processes run either at startup or in the background.

If you can tell me the exact error message, I'll be better able to help you track down the cause.

lolwow · 01-04-2008, 08:02 PM

it says runtime error 429
active x component cant create object

tetonbob · 01-04-2008, 08:39 PM

Hi -

Seems odd that a modern system should get that error, but the solution is posted here:

http://www.wilderssecurity.com/showthread.php?t=12089

lolwow · 01-04-2008, 08:52 PM

Ok thank you very much for all ur help Tetonbob my issue has been resolved no more popups

tetonbob · 01-04-2008, 08:59 PM

You're quite welcome for the help.

Happy Computing, and Safe Surfing to you!

01-02-2008, 08:06 PM	#2 (permalink)
lolwow Registered User Join Date: Dec 2007 Posts: 11 OS: XP	Re: [Requesting Help] Constant Popups "rightonadz/adssite" Bump.

01-03-2008, 02:13 PM	#3 (permalink)
lolwow Registered User Join Date: Dec 2007 Posts: 11 OS: XP	Re: [Requesting Help] Constant Popups "rightonadz/adssite" Bump.

01-03-2008, 06:15 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,594 OS: 2000 Pro; XP Pro; XP Home	Re: [Requesting Help] Constant Popups "rightonadz/adssite" Hello, and Welcome to TSF. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. References for the risk of these programs are here, here and here. I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. --------------------------------------------------------------------------------------------- Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Place combofix.exe on your Desktop Disconnect from the internet....pull the plug! Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: Browser Optimizer Rightonadz Ignore any prompts to reboot. --------------------------------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. Type 1, then press Enter to start the fix. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this. Re-establish an internet connection. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

01-03-2008, 08:01 PM	#5 (permalink)
lolwow Registered User Join Date: Dec 2007 Posts: 11 OS: XP	Re: [Requesting Help] Constant Popups "rightonadz/adssite" Hi Tetonbob, I deleted the "Browser Optimizer Rightonadz" in the computer. Here is the ComboFix log: ComboFix 08-01-04.1 - Ricardo 2008-01-03 21:44:42.1 - NTFSx86 Running from: C:\Documents and Settings\Ricardo\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Common Files\simtest C:\Program Files\Common Files\svchostsys C:\Program Files\Common Files\svchostsys\Version.txt C:\WINDOWS\system32\gzmrt.dll . ((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))) . 2008-01-03 21:44 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-12-31 22:54 . 2007-12-31 22:54 <DIR> d-------- C:\Program Files\MyFree Codec 2007-12-30 21:17 . 2007-12-30 21:17 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-30 18:56 . 2007-12-30 19:14 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-30 18:56 . 2007-12-30 19:14 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-29 11:31 . 2007-12-29 11:31 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-28 18:23 . 2008-01-03 21:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-28 18:23 . 2007-12-28 18:23 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-28 18:22 . 2007-12-30 20:08 <DIR> d-------- C:\Program Files\iTunes 2007-12-28 18:22 . 2007-12-28 18:22 <DIR> d-------- C:\Program Files\iPod 2007-12-28 18:20 . 2007-12-28 18:20 <DIR> d-------- C:\Program Files\QuickTime 2007-12-27 22:47 . 2007-12-27 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft 2007-12-27 22:46 . 2007-12-27 22:47 <DIR> d-------- C:\Program Files\Dell Support Center 2007-12-27 22:46 . 2007-12-27 22:46 <DIR> d-------- C:\Program Files\Common Files\supportsoft 2007-12-27 17:30 . 2007-12-27 17:30 65 --a------ C:\WINDOWS\FISHUI.INI 2007-12-27 17:00 . 2007-08-23 21:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL 2007-12-24 15:10 . 2007-12-24 15:10 <DIR> d-------- C:\WatchNow 2007-12-21 20:37 . 2007-12-21 20:37 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\ESET 2007-12-15 19:33 . 2007-12-15 19:33 <DIR> d-------- C:\Documents and Settings\Rogerio\Application Data\ESET 2007-12-14 22:41 . 2007-12-14 22:41 <DIR> d-------- C:\Documents and Settings\Ricardo\Application Data\ESET 2007-12-14 21:53 . 2005-12-28 14:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver 2007-12-14 17:14 . 2007-12-14 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2007-12-14 16:11 . 2007-12-14 16:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-04 01:51 --------- d-----w C:\Program Files\Steam 2007-12-31 23:51 --------- d-----w C:\Program Files\BitComet 2007-12-31 01:13 --------- d-----w C:\Program Files\MSN Messenger 2007-12-31 01:10 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster 2007-12-30 23:43 --------- d-----w C:\Program Files\Java 2007-12-30 01:50 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2007-12-28 03:43 --------- d--h--w C:\Documents and Settings\Ricardo\Application Data\Gtek 2007-12-26 01:38 25,664 -c--a-w C:\Documents and Settings\Ricardo\Application Data\GDIPFONTCACHEV1.DAT 2007-12-15 14:23 --------- d-----w C:\Program Files\Google 2007-12-15 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-14 22:19 40,960 ------w C:\WINDOWS\system32\MAMACExtract.dll 2007-12-10 02:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-09 18:59 25,664 -c--a-w C:\Documents and Settings\Rogerio\Application Data\GDIPFONTCACHEV1.DAT 2007-11-20 20:36 118,784 ----a-w C:\WINDOWS\system32\MaDRM.dll 2007-11-17 00:54 --------- d--h--w C:\Documents and Settings\Rogerio\Application Data\ijjigame 2007-11-17 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame 2007-11-14 20:06 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys 2007-11-14 20:06 50,696 ----a-w C:\WINDOWS\system32\drivers\epfw.sys 2007-11-14 20:06 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys 2007-11-14 20:04 27,656 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2007-11-14 20:03 33,800 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-12 02:19 --------- d-----w C:\Documents and Settings\Rogerio\Application Data\IGN_DLM 2007-11-10 00:11 --------- d-----w C:\Program Files\LegacyGamers 2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-08-26 21:27 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 00:09 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 00:06 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 00:10 114688] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-10 16:39 185632] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-14 15:05 1410304] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-04 06:00 53760 C:\WINDOWS\system32\narrator.exe] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 15:51 192512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler "SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp Newly Created Service - GTNDIS5 Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-12-21 22:17:49 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2007-12-28 22:52:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-01-26 21:04:19 C:\WINDOWS\Tasks\McDefragTask.job" - C:\WINDOWS\system32\defrag.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-03 21:48:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-03 21:48:33 ComboFix-quarantined-files.txt 2008-01-04 02:48:31 . 2007-12-12 04:26:49 --- E O F --- Here is the Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:01:00 PM, on 03/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing) O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -- End of file - 9022 bytes

01-03-2008, 08:08 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,594 OS: 2000 Pro; XP Pro; XP Home	Re: [Requesting Help] Constant Popups "rightonadz/adssite" I see two different AntiVirus solutions...which is the one you're currently favoring? Eset Smart Security? With Eset Smart Security, you should not need, or want, another Firewall or AV onboard. Looks like parts of McAfee are still on the machine. All '05, '06, and '07 McAfee products Download the McAfee Removal Tool. Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y. Then post a new HijackThis log. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

01-03-2008, 08:16 PM	#7 (permalink)
lolwow Registered User Join Date: Dec 2007 Posts: 11 OS: XP	Re: [Requesting Help] Constant Popups "rightonadz/adssite" Thank you so much Tetonbob, ive been wondering a long time how to get rid of mcafee off. Heres the new hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:15:24 PM, on 03/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe -- End of file - 8345 bytes

01-03-2008, 08:22 PM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,594 OS: 2000 Pro; XP Pro; XP Home	Re: [Requesting Help] Constant Popups "rightonadz/adssite" That looks much better. We do have more work to do, but have the popups stopped for now? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

01-03-2008, 08:24 PM	#9 (permalink)
lolwow Registered User Join Date: Dec 2007 Posts: 11 OS: XP	Re: [Requesting Help] Constant Popups "rightonadz/adssite" I believe so, what else do i need work on?

01-03-2008, 08:27 PM	#10 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,594 OS: 2000 Pro; XP Pro; XP Home	Re: [Requesting Help] Constant Popups "rightonadz/adssite" P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. References for the risk of these programs are here, here and here. I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. --------------------------------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: Java 2 Runtime Environment, SE v1.4.2_03 These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall previous version when you update, nor tell you that you should. Leave Java(TM) 6 Update 3 alone, as it is the most recent. --------------------------------------------------------------------------------------------- Please run this online scan to help look for remnants. Establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner http://www.kaspersky.com/kos/eng/par...avwebscan.html Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

01-04-2008, 09:34 AM	#12 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,594 OS: 2000 Pro; XP Pro; XP Home	Re: [Requesting Help] Constant Popups "rightonadz/adssite" Your logs appear clean.You should be good to go. We still have a few items to address. Go to -> Run -> copy/paste in the following single line command & click OK combofix /u This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs: Microsoft Windows Update - http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here. MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. Once updated you should see another prompt that the task was completed. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. Do not install more than one AntiVirus program because they will conflict with each other. FIREWALL If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here Do not install more than one firewall program because they will conflict with each other. Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer Here are some additional utilities that will further enhance your safety. http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

01-04-2008, 06:03 PM	#13 (permalink)
lolwow Registered User Join Date: Dec 2007 Posts: 11 OS: XP	Re: [Requesting Help] Constant Popups "rightonadz/adssite" Hey Tetonbob, im jus wondering if i install all of these, wont it slow down starting up and loading stuff on the computer?

01-04-2008, 06:52 PM	#14 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,594 OS: 2000 Pro; XP Pro; XP Home	Re: [Requesting Help] Constant Popups "rightonadz/adssite" Hi lolwow - Which ones are you concerned about? Not all applications use system resources; some simply place blocking protection in either the registry or in the hosts file. I use all the utilities with titles in blue, plus ERUNT. I also make regular visits to Secunia's online software inspector. If you're concerned with unnecessary startups, have a look at this: http://www.malwarebytes.org/startuplite.php This will display all unnecessary startup entries - Everything it displays there is not needed to start up with Windows. The choice is up to you whether you need some to start up with Windows (in that case, select "No action" for them) - but you can always start them manually via start > all programs. (Do not choose the "Remove" checkboxes, because this will delete it from the Registry - only select the "Remove" checkboxes if you are sure you don't want to enable them again in the future) Does that help? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

01-04-2008, 07:08 PM	#15 (permalink)
lolwow Registered User Join Date: Dec 2007 Posts: 11 OS: XP	Re: [Requesting Help] Constant Popups "rightonadz/adssite" for some reason everytime i open spywareguard and then spywareguard liveupdate and update it spywareguard says some sort of error after and closes.

01-04-2008, 08:02 PM	#17 (permalink)
lolwow Registered User Join Date: Dec 2007 Posts: 11 OS: XP	Re: [Requesting Help] Constant Popups "rightonadz/adssite" it says runtime error 429 active x component cant create object

01-04-2008, 08:39 PM	#18 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,594 OS: 2000 Pro; XP Pro; XP Home	Re: [Requesting Help] Constant Popups "rightonadz/adssite" Hi - Seems odd that a modern system should get that error, but the solution is posted here: http://www.wilderssecurity.com/showthread.php?t=12089 __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

01-04-2008, 08:52 PM	#19 (permalink)
lolwow Registered User Join Date: Dec 2007 Posts: 11 OS: XP	Re: [Requesting Help] Constant Popups "rightonadz/adssite" Ok thank you very much for all ur help Tetonbob my issue has been resolved no more popups

01-04-2008, 08:59 PM	#20 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,594 OS: 2000 Pro; XP Pro; XP Home	Re: [Requesting Help] Constant Popups "rightonadz/adssite" You're quite welcome for the help. Happy Computing, and Safe Surfing to you! __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009