Constant Warnings - The operation has been cancelled due to restrictions in effect...

Miniia · 06-08-2008, 08:30 PM

Ok so i went through the 5 steps before posting a log. And I got to access a lot of things i wasn't able to. However. There are still a few problems.

The main thing that I've noticed is the frequent pop up errors/warnings that say, "The operation has been cancelled due to restrictions in effect on this computer. Please contact your administrator." This occurs when I try to check the calendar on the bottom right. Also, I can't access my control panel. I found, on another site, (before finding this one) a way to make the control panel appear in the start menu again. However, when i access it and try to click on the icons, the error comes again. Now, when i check for the control panel, it is not in the start menu. Please help, thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:20 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\WinAvXX.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\WINDOWS\system32\15171C1A1D1E20.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\MapEDC\MapEDC.exe
C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe
C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe
C:\Program Files\Svconr\Svconr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662E901F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E6C5813C477ACE
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [797B807E81828483] 15171C1A1D1E20.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [0cc87caf] rundll32.exe "C:\WINDOWS\system32\igcaipaa.dll",b
O4 - HKLM\..\Run: [BM0ffb4f33] Rundll32.exe "C:\WINDOWS\system32\mgbposaq.dll",s
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [] (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [kernel] C:\Program Files\kernel\kernel.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [SpeedRunner] C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [SfKg6wIP] C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [WinTouch] C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe (User '?')
O4 - Global Startup: autorun.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab
O20 - Winlogon Notify: awtqpqo - awtqpqo.dll (file missing)
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing)
O20 - Winlogon Notify: mljighh - mljighh.dll (file missing)
O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll (file missing)
O20 - Winlogon Notify: nnnoonk - nnnoonk.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: rqrsrsp - rqrsrsp.dll (file missing)
O20 - Winlogon Notify: vtutspn - vtutspn.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 13157 bytes

**Angelfire777** · 06-11-2008, 08:50 PM

Hi, welcome to tsf!

if you still need assistance, please post a fresh hijackthis log

Miniia · 06-14-2008, 12:33 PM

A new problem has developed. I can no longer access the internet. The only page that will open succuessfully is Google.com. However, even if I input something to search. The page will never load successfully, not even partially. Here is the fresh hijackthis log. Please help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:19 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\Explorer.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\mrofinu572.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\WINDOWS\system32\15171C1A1D1E20.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\MapEDC\MapEDC.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe
C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe
C:\Program Files\Svconr\Svconr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662E901F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E6C5813C477ACE
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [797B807E81828483] 15171C1A1D1E20.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [0cc87caf] rundll32.exe "C:\WINDOWS\system32\igcaipaa.dll",b
O4 - HKLM\..\Run: [BM0ffb4f33] Rundll32.exe "C:\WINDOWS\system32\mgbposaq.dll",s
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [0cc87caf] rundll32.exe "C:\WINDOWS\system32\igcaipaa.dll",b
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [] (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [kernel] C:\Program Files\kernel\kernel.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [SpeedRunner] C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [SfKg6wIP] C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [WinTouch] C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe (User '?')
O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [0cc87caf] rundll32.exe "C:\WINDOWS\system32\igcaipaa.dll",b (User '?')
O4 - S-1-5-21-487496076-1944916564-1425980510-1006 Startup: system.exe (User '?')
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab
O20 - Winlogon Notify: awtqpqo - awtqpqo.dll (file missing)
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing)
O20 - Winlogon Notify: mljighh - mljighh.dll (file missing)
O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll (file missing)
O20 - Winlogon Notify: nnnoonk - nnnoonk.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: rqrsrsp - rqrsrsp.dll (file missing)
O20 - Winlogon Notify: vtutspn - vtutspn.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 13197 bytes

**Angelfire777** · 06-14-2008, 01:18 PM

Hi,

Please visit this webpage for download links, and instructions for running combofixl:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
______

HJT Uninstall list

Open HijackThis > Click "Misc Tools Section"
Click "Open Uninstall Manager".
Click "Save List".
Save it to your Desktop.
Copy the contents of the file to your next reply.

Miniia · 06-18-2008, 08:15 PM

My computer won't let me access that site. (Even though it lets me use this one [the forum]......?)

**Angelfire777** · 06-18-2008, 08:24 PM

delete this file:

C:\windows\system32\drivers\etc\hosts

then open hijackthis > open misc tools section > open hosts file manager.

it will ask if you want to restore the default microsoft hosts file, answer yes then retry the steps posted in my previous post. make sure you don't forget to post the hijackthis uninstall list.

Miniia · 06-19-2008, 10:44 AM

I still can't access the site.

**Angelfire777** · 06-19-2008, 01:15 PM

Download combofix.exe

Save it to your desktop.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Download the file & save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Drag the setup package onto ComboFix.exe and drop it.
Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
At the next prompt, click 'Yes' to continue with the combofix scan.
When the tool is finished, it will produce a report for you.

Please post the contents of C:\Combofix.txt along with a fresh hijackthis log and the uninstall list.

Miniia · 06-19-2008, 03:16 PM

I can't go to this site: http://support.microsoft.com/kb/310994. And I don't know which one is appropriate for me, because i can't access the properties of "My Computer". When i right-click it, that warning thing comes back up again

However, i did manage to download combofix.exe.

**Angelfire777** · 06-19-2008, 04:06 PM

click start > run > copy and paste

dxdiag

beside "operating system:" it will tell you if you have a pro or a home version.

this is the link for home: http://www.microsoft.com/downloads/d...displaylang=en

and this one is for pro: http://www.microsoft.com/downloads/d...displaylang=en

Miniia · 06-21-2008, 02:56 PM

I could not produce a Combofix.txt because it said that there was no printer.exe in the system32 folder. I'm not sure what that means. However, here are the hijackthis log and the uninstall list.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:59 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\15171C1A1D1E20.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [797B807E81828483] 15171C1A1D1E20.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab
O20 - Winlogon Notify: awtqpqo - awtqpqo.dll (file missing)
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing)
O20 - Winlogon Notify: mljighh - mljighh.dll (file missing)
O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll (file missing)
O20 - Winlogon Notify: nnnoonk - nnnoonk.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: rqrsrsp - rqrsrsp.dll (file missing)
O20 - Winlogon Notify: vtutspn - vtutspn.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 9397 bytes

-----UNINSTALL LIST

Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Adssite Games Collection
AIM 6.0
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Athan Basic 3.0
Banctec Service Agreement
BitTorrent 5.0.7
Bookkeeper
Browser Optimizer Rightonadz
Burger Island (remove only)
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support
Dell Support 5.0.0 (766)
Desktop Doctor
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decoder Pak for Windows XP
Easy DVD Clone
Easy DVD-Video Copy
ESPNMotion
Form Fill (Windows Live Toolbar)
FRED
GemMaster Mystic
GMAT Diagnostic
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
GTK+ 2.6.7-2 runtime environment
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HyperLoad - Two Minute Drill
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2005-03-23
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
JD Secure 3.1
LimeWire 4.9.30
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
Memories Disc Creator 2.0
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync 4.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
MKSAP for Students 3 (1.0)
Modem Helper
Move Networks Player for Internet Explorer
Movielink Manager
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Musicmatch® Jukebox
My Way Search Assistant
NetWaiting
NetZeroInstallers
OneCare Advisor (Windows Live Toolbar)
Otto
Panda ActiveScan 2.0
Popup Blocker (Windows Live Toolbar)
PowerDVD 5.3
QuickTime
QuickTime for Windows (32-bit)
RealPlayer
Rhapsody Player Engine
Search Assistant Adssite
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
ShareNow
Smart Menus (Windows Live Toolbar)
Socialnetworking Helper Adssite
Sonic DLA
Sonic Encoders
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
SopCast 1.1.2
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy 1.4
SpywareBlaster 4.0
Step3 CCS
Symantec AntiVirus
System Requirements Lab
The Battle for Middle-earth (tm)
The Battle for Middle-earth (tm) II
The GIMP 2.2.7
The Sims 2
TI Connect 1.6
TI NoteFolio Creator
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VeohTV BETA
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
Yahoo! Browser Services
Yahoo! IE Search Suggest
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar

----
Hope this helps...

**Angelfire777** · 06-22-2008, 02:00 PM

That's odd..

Please delete your copy of combofix and download a new one.

After that, run the scan in safe mode.

You may want to print these instructions here or save them in notepad since you'll work offline.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

Please post C:\combofix.txt along with a new hijackthis log in your next reply.

Miniia · 06-23-2008, 12:54 PM

it still wont work it says that a recovery console has already been installed. The first time i scanned it, it worked, however it did not produce a log because it said the the printer.exe file in system32 folder was not functioning properly.

Miniia · 06-23-2008, 12:55 PM

Might there be a way to uninstall the recovery console to download a new one to produce a combofix.txt log

**Angelfire777** · 06-23-2008, 01:06 PM

Simply double click combofix.exe in normal mode and see if it will run till completion. If not, try running it in safe mode. Do not attempt to install recovery console anymore.

Miniia · 06-23-2008, 01:15 PM

I did both. It still doesn't work....

Miniia · 06-23-2008, 01:16 PM

oh wait...so I don't drag the thingy (windows update) to it...ok ill try that...

Miniia · 06-23-2008, 01:23 PM

ok there we go now it's working!! will post again once completed...(btw im on another computer...so don't worry me having this browser open)

Miniia · 06-23-2008, 02:13 PM

Ok Here we go...Finally:

Combofix:

ComboFix 08-06-20.4 - Family 2008-06-23 15:01:04.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.305 [GMT -5:00]
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\check_LSA7.txt
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\system.exe
C:\Documents and Settings\All Users\Application Data\Starware325
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\newssearchicon.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\newssearchicon_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\newssearchiconxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\newssearchiconxp_over.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware325\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware325\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware325\contexts\travel.xml
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\Chaudhry\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Family\Application Data\macromedia\Flash Player\#SharedObjects\UV6ZWHXF\www.broadcaster.com
C:\Documents and Settings\Family\Application Data\macromedia\Flash Player\#SharedObjects\UV6ZWHXF\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Family\Application Data\macromedia\Flash Player\#SharedObjects\UV6ZWHXF\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Family\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Family\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Family\Application Data\SpeedRunner
C:\Documents and Settings\Family\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Family\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\Family\Application Data\urlredir.cfg
C:\Documents and Settings\Family\Application Data\WinTouch
C:\Documents and Settings\Family\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Family\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\CPV.stt
C:\Program Files\Adssite Games Collection
C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adssite Games Collection\BobAndBill.exe
C:\Program Files\Adssite Games Collection\CrazyBlocks.exe
C:\Program Files\Adssite Games Collection\Lines.exe
C:\Program Files\Adssite Games Collection\uninstall.exe
C:\Program Files\Adssite Games Collection\VideoPool.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\MapEDC
C:\Program Files\MapEDC\IDE.stt
C:\Program Files\MapEDC\MapEDC.exe
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\Program Files\NoDNS
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\poolsv
C:\Program Files\poolsv\svhost.exe
C:\Program Files\poolsv\wr-1-0000077.exe
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\Program Files\Svconr
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInstall.exe
C:\Program Files\web buying
C:\Program Files\winupdates
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\script.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\Words\Words.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\abW9
C:\Temp\bkR11
C:\temp\brr
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\b122.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\b154.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\b157.exe
C:\WINDOWS\BM0ffb4f33.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mrofinu77.exe
C:\WINDOWS\mrofinu77.exe.tmp
C:\WINDOWS\pskt.ini
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\system\msvbvm60.dll
C:\WINDOWS\system32\aapiacgi.ini
C:\WINDOWS\system32\absmbuyh.dll
C:\WINDOWS\system32\adjvrmio.ini
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\agecfksy.dll
C:\WINDOWS\SYSTEM32\ajywgwol.ini
C:\WINDOWS\SYSTEM32\alacigiu.ini
C:\WINDOWS\system32\ammitqwm.ini
C:\WINDOWS\system32\aorbhyds.dll
C:\WINDOWS\system32\aqsgexvs.ini
C:\WINDOWS\system32\arbeiore.ini
C:\WINDOWS\SYSTEM32\arhgtksy.ini
C:\WINDOWS\system32\asyyryht.ini
C:\WINDOWS\system32\aurwfvul.ini
C:\WINDOWS\system32\avtnrncx.dll
C:\WINDOWS\system32\awimwebx.ini
C:\WINDOWS\system32\awlcifjj.dll
C:\WINDOWS\system32\awtsspn.dll
C:\WINDOWS\system32\awxwroro.ini
C:\WINDOWS\system32\aynsrots.ini
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\b10FdUe
C:\WINDOWS\system32\bbslasvr.ini
C:\WINDOWS\system32\bdwcjeud.dll
C:\WINDOWS\system32\beroqdqo.ini
C:\WINDOWS\system32\bevgrwmm.ini
C:\WINDOWS\system32\bfwxvqoi.ini
C:\WINDOWS\system32\bgfkgtsk.dll
C:\WINDOWS\system32\bgpkrcrc.ini
C:\WINDOWS\system32\biysxdyt.ini
C:\WINDOWS\system32\bjodntsx.dll
C:\WINDOWS\system32\blftoggv.dll
C:\WINDOWS\system32\bmnibvlo.ini
C:\WINDOWS\system32\bnetikbf.dll
C:\WINDOWS\system32\bnxisbhn.dll
C:\WINDOWS\system32\bpkrtotw.ini
C:\WINDOWS\system32\brppbwrr.ini
C:\WINDOWS\system32\bsnnwtyt.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\btlriqft.ini
C:\WINDOWS\system32\bwjpdtua.ini
C:\WINDOWS\system32\bxkgrqsd.dll
C:\WINDOWS\system32\byaewkuo.ini
C:\WINDOWS\system32\byxxvww.dll
C:\WINDOWS\system32\ccvphexq.ini
C:\WINDOWS\system32\cdcmwcdg.ini
C:\WINDOWS\system32\cftjgccj.dll
C:\WINDOWS\system32\cgecmpeg.ini
C:\WINDOWS\system32\cidrnwqn.dll
C:\WINDOWS\system32\cjiutxnk.ini
C:\WINDOWS\system32\ckxmkabq.ini
C:\WINDOWS\system32\cnqjcyrw.ini
C:\WINDOWS\system32\cotaihog.dll
C:\WINDOWS\system32\csgfbqec.ini
C:\WINDOWS\system32\csjiuing.ini
C:\WINDOWS\system32\csjlmxmq.dll
C:\WINDOWS\system32\ctgkesoq.ini
C:\WINDOWS\system32\ctxgjgxj.ini
C:\WINDOWS\system32\cutjgqmc.dll
C:\WINDOWS\system32\cxepqybb.ini
C:\WINDOWS\system32\cxmgqmid.dll
C:\WINDOWS\system32\daSgo02
C:\WINDOWS\system32\dcxyqbft.dll
C:\WINDOWS\system32\ddcbywt.dll
C:\WINDOWS\SYSTEM32\deghonan.ini
C:\WINDOWS\system32\dgaokfkx.ini
C:\WINDOWS\system32\dgjrmhml.ini
C:\WINDOWS\system32\djjskyyf.ini
C:\WINDOWS\system32\dmltmdtc.ini
C:\WINDOWS\system32\dmmlnryk.dll
C:\WINDOWS\system32\dmrcaorx.ini
C:\WINDOWS\system32\dnfflnlm.ini
C:\WINDOWS\system32\dogquwsv.ini
C:\WINDOWS\system32\dpbkfabx.ini
C:\WINDOWS\system32\dpqoiohj.dll
C:\WINDOWS\system32\dqmlopom.ini
C:\WINDOWS\system32\dsdairwq.dll
C:\WINDOWS\system32\dtvpumnt.ini
C:\WINDOWS\system32\dudfhofx.dll
C:\WINDOWS\system32\duejcwdb.ini
C:\WINDOWS\system32\duhqgsne.ini
C:\WINDOWS\SYSTEM32\duvfvagj.ini
C:\WINDOWS\SYSTEM32\dxjapvxj.ini
C:\WINDOWS\system32\dxlhgqrr.ini
C:\WINDOWS\system32\dysrpnha.ini
C:\WINDOWS\system32\earqrocy.ini
C:\WINDOWS\system32\eempdvap.dll
C:\WINDOWS\system32\efcdbxu.dll
C:\WINDOWS\system32\efcdede.dll
C:\WINDOWS\system32\eicbajlc.ini
C:\WINDOWS\system32\ekbvacjr.ini
C:\WINDOWS\system32\ekfjlfft.ini
C:\WINDOWS\system32\emdhwxym.dll
C:\WINDOWS\SYSTEM32\enfpamjf.ini
C:\WINDOWS\system32\erpwstai.ini
C:\WINDOWS\system32\etbmkdpu.dll
C:\WINDOWS\system32\ewlrqfkj.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
C:\WINDOWS\system32\fbayhtux.ini
C:\WINDOWS\system32\fbkitenb.ini
C:\WINDOWS\system32\fccdbxu.dll
C:\WINDOWS\system32\fccpimsd.dll
C:\WINDOWS\SYSTEM32\fglrlkds.ini
C:\WINDOWS\SYSTEM32\fhhgnkgi.ini
C:\WINDOWS\system32\fhlkqolh.ini
C:\WINDOWS\system32\fjgoyyxt.dll
C:\WINDOWS\system32\fjmapfne.dll
C:\WINDOWS\system32\fkeplluh.ini
C:\WINDOWS\system32\fkgwcydc.ini
C:\WINDOWS\system32\fnudujds.dll
C:\WINDOWS\system32\fplcwidw.dll
C:\WINDOWS\system32\fpvkmyee.ini
C:\WINDOWS\system32\fqitjuku.ini
C:\WINDOWS\system32\fqkekcxp.ini
C:\WINDOWS\system32\fwkexphx.dll
C:\WINDOWS\system32\fxcigwni.ini
C:\WINDOWS\system32\fyrpbaiu.dll
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\gatluxmq.ini
C:\WINDOWS\system32\gbnkliws.ini
C:\WINDOWS\system32\gcwcdhhm.ini
C:\WINDOWS\system32\gdlpvyae.ini
C:\WINDOWS\system32\gebyxur.dll
C:\WINDOWS\system32\gekuwpkg.ini
C:\WINDOWS\system32\gemmshum.exe
C:\WINDOWS\system32\genokcwa.ini
C:\WINDOWS\system32\gfegpgrh.ini
C:\WINDOWS\system32\golyunyi.dll
C:\WINDOWS\system32\gqquqhxm.ini
C:\WINDOWS\system32\gqwflror.dll
C:\WINDOWS\system32\grfwblfm.ini
C:\WINDOWS\system32\gufmdxip.ini
C:\WINDOWS\system32\gvkdpado.dll
C:\WINDOWS\system32\gxdvufjg.ini
C:\WINDOWS\system32\gyghkyrb.ini
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\haoehcbx.ini
C:\WINDOWS\system32\hbvvehvu.ini
C:\WINDOWS\system32\hdxhwrnc.ini
C:\WINDOWS\system32\heikxxtb.ini
C:\WINDOWS\system32\hggdaaw.dll
C:\WINDOWS\system32\hhdvqdcv.ini
C:\WINDOWS\SYSTEM32\hjjlm.bak1
C:\WINDOWS\SYSTEM32\hjjlm.bak2
C:\WINDOWS\SYSTEM32\hjjlm.ini
C:\WINDOWS\SYSTEM32\hjjlm.ini2
C:\WINDOWS\SYSTEM32\hjjlm.tmp
C:\WINDOWS\system32\hjwkposu.ini
C:\WINDOWS\system32\hjyhmplr.ini
C:\WINDOWS\system32\hkxhiagv.ini
C:\WINDOWS\system32\hljnrwch.ini
C:\WINDOWS\system32\hlncoyac.ini
C:\WINDOWS\system32\hosyuady.ini
C:\WINDOWS\system32\hptothgl.ini
C:\WINDOWS\system32\hqqomsud.ini
C:\WINDOWS\system32\htlibftc.dll
C:\WINDOWS\system32\hugjihlh.ini
C:\WINDOWS\system32\hwkqhdaa.ini
C:\WINDOWS\system32\hwndncna.dll
C:\WINDOWS\system32\hyklxvvk.ini
C:\WINDOWS\system32\hymgramv.ini
C:\WINDOWS\SYSTEM32\hyubmsba.ini
C:\WINDOWS\system32\iahudvld.ini
C:\WINDOWS\system32\iatswpre.dll
C:\WINDOWS\system32\iaxtuixv.dll
C:\WINDOWS\system32\icuksjwf.dll
C:\WINDOWS\system32\idancalb.dll
C:\WINDOWS\system32\idkcfrse.ini
C:\WINDOWS\system32\idrnurpr.ini
C:\WINDOWS\system32\iebrowserc.dll
C:\WINDOWS\system32\iedahqsr.ini
C:\WINDOWS\system32\iejyqvud.ini
C:\WINDOWS\system32\igcaipaa.dll
C:\WINDOWS\system32\igknghhf.dll
C:\WINDOWS\system32\igplwsvd.ini
C:\WINDOWS\SYSTEM32\ihhkj.bak1
C:\WINDOWS\SYSTEM32\ihhkj.bak2
C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\ijrodqmw.dll
C:\WINDOWS\system32\ijvsjtnx.dll
C:\WINDOWS\system32\innbuvri.ini
C:\WINDOWS\system32\intdqfth.ini
C:\WINDOWS\system32\iognxskq.ini
C:\WINDOWS\system32\iolabahx.dll
C:\WINDOWS\system32\ioyeejqx.dll
C:\WINDOWS\system32\iphgcktt.ini
C:\WINDOWS\system32\iqvfudhk.ini
C:\WINDOWS\system32\irkvqifn.ini
C:\WINDOWS\system32\iuctvkxl.dll
C:\WINDOWS\system32\iunmlnvm.ini
C:\WINDOWS\system32\iuosgjdq.dll
C:\WINDOWS\system32\ixtaedsw.ini
C:\WINDOWS\system32\jbqbakiu.ini
C:\WINDOWS\SYSTEM32\jccgjtfc.ini
C:\WINDOWS\system32\jcftljgl.ini
C:\WINDOWS\system32\jcsobryn.ini
C:\WINDOWS\system32\jflmjcxi.ini
C:\WINDOWS\SYSTEM32\jjficlwa.ini
C:\WINDOWS\system32\jkqgtfjl.ini
C:\WINDOWS\system32\jmbxpaqa.ini
C:\WINDOWS\system32\joswffal.dll
C:\WINDOWS\system32\jsfwlxig.ini
C:\WINDOWS\system32\jxdixatt.dll
C:\WINDOWS\system32\jxvpajxd.dll
C:\WINDOWS\SYSTEM32\jydmcteh.ini
C:\WINDOWS\system32\jyeygdox.dll
C:\WINDOWS\system32\kahayrkg.dll
C:\WINDOWS\system32\kaqlxxsn.dll
C:\WINDOWS\system32\kelbculx.ini
C:\WINDOWS\system32\kgepxkrn.ini
C:\WINDOWS\system32\kjodxtpn.ini
C:\WINDOWS\system32\kkvvkyjx.exe
C:\WINDOWS\system32\kmqfupem.ini
C:\WINDOWS\system32\kmyyxqpt.ini
C:\WINDOWS\system32\krufbdrm.ini
C:\WINDOWS\system32\kstgkfgb.ini
C:\WINDOWS\system32\ktwbyddk.ini
C:\WINDOWS\system32\kxonglqp.ini
C:\WINDOWS\system32\kyahdcoq.ini
C:\WINDOWS\system32\laffwsoj.ini
C:\WINDOWS\system32\ldpqnylr.ini
C:\WINDOWS\system32\lfdwygkf.dll
C:\WINDOWS\system32\lhimtxdq.dll
C:\WINDOWS\system32\ljjggdc.dll
C:\WINDOWS\system32\ljjghfd.dll
C:\WINDOWS\system32\lkqoolwj.dll
C:\WINDOWS\system32\lmdxvwhm.dll
C:\WINDOWS\system32\lmhgycer.ini
C:\WINDOWS\system32\lncpqnux.ini
C:\WINDOWS\system32\lowgwyja.dll
C:\WINDOWS\system32\lrxytvsu.ini
C:\WINDOWS\system32\lsqimooa.dll
C:\WINDOWS\system32\luvfwrua.dll
C:\WINDOWS\system32\lvdekjxl.ini
C:\WINDOWS\system32\lwbkxbej.ini
C:\WINDOWS\system32\lwbrwtuq.ini
C:\WINDOWS\system32\lxelwdne.ini
C:\WINDOWS\SYSTEM32\lxkvtcui.ini
C:\WINDOWS\system32\lxskwswa.dll
C:\WINDOWS\system32\lyfyjkkl.dll
C:\WINDOWS\SYSTEM32\lylnyqkn.ini
C:\WINDOWS\system32\mbljmdjx.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mflbwfrg.dll
C:\WINDOWS\system32\mgbposaq.dll
C:\WINDOWS\system32\mkhyfpax.dll
C:\WINDOWS\system32\mmurrqdg.dll
C:\WINDOWS\SYSTEM32\moxmmxfr.ini
C:\WINDOWS\system32\mpoifivg.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\mstvxpvt.ini
C:\WINDOWS\system32\msxxdrjc.ini
C:\WINDOWS\system32\mtefqapg.ini
C:\WINDOWS\system32\mwfxmgin.dll
C:\WINDOWS\system32\mwqtimma.dll
C:\WINDOWS\system32\mwsllsnm.dll
C:\WINDOWS\SYSTEM32\myxwhdme.ini
C:\WINDOWS\system32\nacpdmbx.ini
C:\WINDOWS\system32\namtcord.dll
C:\WINDOWS\system32\nanohged.dll
C:\WINDOWS\system32\ncneqgmc.ini
C:\WINDOWS\system32\nfqtoejh.ini
C:\WINDOWS\system32\nimwqthf.dll
C:\WINDOWS\system32\nincfmcg.ini
C:\WINDOWS\system32\njeqxbjv.dll
C:\WINDOWS\system32\nkqynlyl.dll
C:\WINDOWS\SYSTEM32\nlhrpluu.ini
C:\WINDOWS\system32\npavsepc.dll
C:\WINDOWS\system32\nrkxpegk.dll
C:\WINDOWS\system32\nruqgbih.ini
C:\WINDOWS\system32\nsrqhjnr.ini
C:\WINDOWS\system32\nsv46.dll
C:\WINDOWS\system32\nsxxlqak.ini
C:\WINDOWS\system32\ntmsramp.ini
C:\WINDOWS\system32\nvodpsiy.dll
C:\WINDOWS\system32\oaougomc.ini
C:\WINDOWS\system32\oasxwras.ini
C:\WINDOWS\SYSTEM32\odapdkvg.ini
C:\WINDOWS\system32\odhuctmh.ini
C:\WINDOWS\system32\oepnfggx.dll
C:\WINDOWS\system32\ofogamio.ini
C:\WINDOWS\system32\oimmfcfq.ini
C:\WINDOWS\system32\ojiawunj.ini
C:\WINDOWS\system32\ojlbitpj.dll
C:\WINDOWS\system32\ommpnojk.ini
C:\WINDOWS\SYSTEM32\onnmp.bak1
C:\WINDOWS\SYSTEM32\onnmp.bak2
C:\WINDOWS\SYSTEM32\onnmp.ini
C:\WINDOWS\SYSTEM32\onnmp.ini2
C:\WINDOWS\SYSTEM32\onnmp.tmp
C:\WINDOWS\system32\opjmdiig.ini
C:\WINDOWS\system32\opnkljj.dll
C:\WINDOWS\system32\opnmkig.dll
C:\WINDOWS\system32\osakkxva.ini
C:\WINDOWS\system32\osgebyho.dll
C:\WINDOWS\system32\osqhvdyt.ini
C:\WINDOWS\system32\ouiwtjvu.ini
C:\WINDOWS\system32\ouwnvqsa.ini
C:\WINDOWS\system32\ovdsmvdj.ini
C:\WINDOWS\system32\ovgymyjf.ini
C:\WINDOWS\system32\ovowxxrv.dll
C:\WINDOWS\system32\owpkwist.ini
C:\WINDOWS\system32\owpmffch.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pafpquvj.ini
C:\WINDOWS\system32\paqcfebt.ini
C:\WINDOWS\system32\pbjysvgw.ini
C:\WINDOWS\system32\pgycxrni.dll
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\SYSTEM32\prukclef.ini
C:\WINDOWS\system32\pskxjxul.ini
C:\WINDOWS\system32\psrwkbqr.dll
C:\WINDOWS\SYSTEM32\pstwa.bak1
C:\WINDOWS\SYSTEM32\pstwa.bak2
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\SYSTEM32\pstwa.ini2
C:\WINDOWS\SYSTEM32\pstwa.tmp
C:\WINDOWS\system32\ptbjgeds.dll
C:\WINDOWS\system32\pupguggh.ini
C:\WINDOWS\SYSTEM32\pvlqofou.ini
C:\WINDOWS\system32\pwysvtax.ini
C:\WINDOWS\system32\pxkqbqfx.ini
C:\WINDOWS\system32\pyujlcra.dll
C:\WINDOWS\system32\qbarmstj.ini
C:\WINDOWS\system32\qbdiaycs.ini
C:\WINDOWS\system32\qbxhbnei.ini
C:\WINDOWS\system32\qcedgxnn.ini
C:\WINDOWS\system32\qdjgsoui.ini
C:\WINDOWS\system32\qeaximbi.ini
C:\WINDOWS\system32\qhkavewl.ini
C:\WINDOWS\system32\qiqpvssw.dll
C:\WINDOWS\system32\qjpsksay.ini
C:\WINDOWS\system32\qjrenypf.ini
C:\WINDOWS\system32\qjuypbqx.ini
C:\WINDOWS\system32\qksxngoi.dll
C:\WINDOWS\system32\qlkisdmu.ini
C:\WINDOWS\system32\qllprunh.ini
C:\WINDOWS\system32\qmixtobp.ini
C:\WINDOWS\system32\qmlcalxx.ini
C:\WINDOWS\system32\qmvtrdxl.ini
C:\WINDOWS\system32\qmxmljsc.ini
C:\WINDOWS\system32\qommjij.dll
C:\WINDOWS\system32\qqdbfyat.ini
C:\WINDOWS\system32\qrixnxaw.ini
C:\WINDOWS\system32\qrywttfy.ini
C:\WINDOWS\system32\qtegbbto.ini
C:\WINDOWS\system32\qumnjsax.ini
C:\WINDOWS\system32\qvvuyhgi.ini
C:\WINDOWS\system32\qxigpfcv.dll
C:\WINDOWS\system32\raiyxacp.ini
C:\WINDOWS\system32\rbhtthrm.ini
C:\WINDOWS\system32\rcrnnlpk.ini
C:\WINDOWS\system32\reaxohpl.ini
C:\WINDOWS\system32\rfxmmxom.dll
C:\WINDOWS\system32\rgbsctar.dll
C:\WINDOWS\system32\rhfpqgyh.ini
C:\WINDOWS\system32\rightonadz-uninst.exe
C:\WINDOWS\system32\rjjcmrdw.dll
C:\WINDOWS\system32\rkcvbdwh.ini
C:\WINDOWS\system32\rlybyxyk.ini
C:\WINDOWS\system32\rMa02yy
C:\WINDOWS\system32\rnyckujk.ini
C:\WINDOWS\system32\rpmkqlqm.ini
C:\WINDOWS\system32\rpqartvr.ini
C:\WINDOWS\system32\rqeeulqo.ini
C:\WINDOWS\system32\rqrrpqr.dll
C:\WINDOWS\system32\rrfsjnwm.ini
C:\WINDOWS\system32\rvpkpanj.ini
C:\WINDOWS\system32\rvspeejo.ini
C:\WINDOWS\system32\rvuyafdr.ini
C:\WINDOWS\system32\rxibtccx.ini
C:\WINDOWS\system32\sarwxsao.dll
C:\WINDOWS\system32\scicsnqr.dll
C:\WINDOWS\system32\sdwoyyyb.ini
C:\WINDOWS\system32\sfkpivdy.dll
C:\WINDOWS\system32\sgolxklj.ini
C:\WINDOWS\system32\shfevflq.ini
C:\WINDOWS\system32\skfexste.dll
C:\WINDOWS\system32\skmkkhpd.dll
C:\WINDOWS\system32\snqohgtt.ini
C:\WINDOWS\system32\soagcxoj.ini
C:\WINDOWS\SYSTEM32\sosojuly.ini
C:\WINDOWS\system32\spraqacw.ini
C:\WINDOWS\system32\srhlphbo.dll
C:\WINDOWS\system32\ssakttcc.ini
C:\WINDOWS\system32\ssenlsir.ini
C:\WINDOWS\system32\suffdcft.ini
C:\WINDOWS\system32\suqijpaa.ini
C:\WINDOWS\system32\sursddyy.dll
C:\WINDOWS\system32\svexnpsk.ini
C:\WINDOWS\system32\swfqgxjc.ini
C:\WINDOWS\system32\swkalrja.ini
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T8
C:\WINDOWS\system32\tbgwcvmq.dll
C:\WINDOWS\system32\tcgdujwm.ini
C:\WINDOWS\system32\tdvdtqhw.ini
C:\WINDOWS\SYSTEM32\tfbqyxcd.ini
C:\WINDOWS\system32\tfvqxpiw.ini
C:\WINDOWS\system32\thgnjflc.ini
C:\WINDOWS\system32\thmkguos.ini
C:\WINDOWS\system32\tlqemxty.ini
C:\WINDOWS\system32\tpfrhxjp.dll
C:\WINDOWS\system32\trckhexr.ini
C:\WINDOWS\system32\tslgqxvh.exe
C:\WINDOWS\system32\tsvqciuw.ini
C:\WINDOWS\system32\tswbfndh.ini
C:\WINDOWS\system32\tutqgfnk.ini
C:\WINDOWS\SYSTEM32\twdfkqvx.ini
C:\WINDOWS\system32\twtsadur.dll
C:\WINDOWS\system32\txlagtvd.ini
C:\WINDOWS\SYSTEM32\txyyogjf.ini
C:\WINDOWS\system32\uaasekkn.ini
C:\WINDOWS\system32\uatlevnj.ini
C:\WINDOWS\system32\uawclntb.ini
C:\WINDOWS\system32\ubhbfsfo.dll
C:\WINDOWS\system32\ucojyrrp.dll
C:\WINDOWS\system32\uewljava.ini
C:\WINDOWS\system32\uffytsky.dll
C:\WINDOWS\system32\ufkcalod.exe
C:\WINDOWS\system32\uhtnxhpd.dll
C:\WINDOWS\system32\uigicala.dll
C:\WINDOWS\system32\umgsejak.ini
C:\WINDOWS\system32\umvmkxpu.ini
C:\WINDOWS\system32\unbtfqto.ini
C:\WINDOWS\SYSTEM32\updkmbte.ini
C:\WINDOWS\system32\upwurnmd.dll
C:\WINDOWS\system32\uqfgaate.dll
C:\WINDOWS\SYSTEM32\uttss.bak1
C:\WINDOWS\SYSTEM32\uttss.bak2
C:\WINDOWS\SYSTEM32\uttss.ini
C:\WINDOWS\SYSTEM32\uttss.ini2
C:\WINDOWS\SYSTEM32\uttss.tmp
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\SYSTEM32\utvwa.ini2
C:\WINDOWS\system32\uughysjh.dll
C:\WINDOWS\system32\uulprhln.dll
C:\WINDOWS\system32\uvpiyvxc.ini
C:\WINDOWS\system32\uxcoykdx.ini
C:\WINDOWS\system32\uykqwene.ini
C:\WINDOWS\system32\uykurawl.dll
C:\WINDOWS\system32\veujshat.ini
C:\WINDOWS\system32\vgaihxkh.dll
C:\WINDOWS\system32\vgblboiv.ini
C:\WINDOWS\system32\vggotflb.ini
C:\WINDOWS\system32\vislfxry.ini
C:\WINDOWS\system32\vjbxqejn.ini
C:\WINDOWS\system32\vlvhnnml.ini
C:\WINDOWS\system32\vmirrvsq.ini
C:\WINDOWS\system32\vnaapdjn.ini
C:\WINDOWS\system32\vnuwqmgd.ini
C:\WINDOWS\system32\vodanuse.ini
C:\WINDOWS\system32\vtbsfidj.dll
C:\WINDOWS\system32\vtedfvvf.ini
C:\WINDOWS\system32\vtutqom.dll
C:\WINDOWS\system32\vtutrpm.dll
C:\WINDOWS\system32\vusqjfxe.ini
C:\WINDOWS\system32\vwbuhwir.ini
C:\WINDOWS\system32\vxbjndvb.ini
C:\WINDOWS\system32\vxjoknwt.dll
C:\WINDOWS\system32\vygvjrns.ini
C:\WINDOWS\system32\vyshnjlf.ini
C:\WINDOWS\system32\wabhxllc.ini
C:\WINDOWS\system32\wavodqhk.ini
C:\WINDOWS\system32\wbqvuqst.ini
C:\WINDOWS\system32\wbsenaxy.dll
C:\WINDOWS\system32\wdbdiieo.ini
C:\WINDOWS\system32\wdnywyrr.ini
C:\WINDOWS\system32\wfqlarri.dll
C:\WINDOWS\system32\wfrlaaat.ini
C:\WINDOWS\system32\wgpvdtdy.ini
C:\WINDOWS\system32\win
C:\WINDOWS\system32\win\w71.exe
C:\WINDOWS\system32\WinAvXX.exe
C:\WINDOWS\system32\wjohgwra.dll
C:\WINDOWS\system32\wlrlwxim.ini
C:\WINDOWS\system32\wlutwypg.ini
C:\WINDOWS\system32\wmwjgglp.ini
C:\WINDOWS\system32\wngtidud.ini
C:\WINDOWS\system32\wnpdmedi.ini
C:\WINDOWS\system32\wokcaxsb.ini
C:\WINDOWS\system32\woulioxq.dll
C:\WINDOWS\system32\wqtbwsob.dll
C:\WINDOWS\system32\wrvvaodg.ini
C:\WINDOWS\system32\wvursrr.dll
C:\WINDOWS\system32\wvutrsr.dll
C:\WINDOWS\system32\wxtgjrur.ini
C:\WINDOWS\system32\xbqtwdpf.ini
C:\WINDOWS\system32\xdptxrwy.dll
C:\WINDOWS\system32\xermksuw.ini
C:\WINDOWS\system32\xfxxrefb.ini
C:\WINDOWS\SYSTEM32\xggfnpeo.ini
C:\WINDOWS\SYSTEM32\xhpxekwf.ini
C:\WINDOWS\system32\xhwistue.ini
C:\WINDOWS\system32\xhyjeylm.dll
C:\WINDOWS\system32\xitqqhmt.dll
C:\WINDOWS\system32\xjqtgpkg.ini
C:\WINDOWS\system32\xlbedpgj.ini
C:\WINDOWS\system32\xmmctwlr.dll
C:\WINDOWS\system32\xrnvjiqy.dll
C:\WINDOWS\SYSTEM32\xstndojb.ini
C:\WINDOWS\system32\xtaorabu.ini
C:\WINDOWS\system32\xueeeodx.ini
C:\WINDOWS\system32\xvqkfdwt.dll
C:\WINDOWS\system32\xwhgorrt.ini
C:\WINDOWS\system32\xxyaawv.dll
C:\WINDOWS\system32\xxyxwvu.dll
C:\WINDOWS\system32\Y1
C:\WINDOWS\system32\Y2
C:\WINDOWS\system32\yfqxgtqp.ini
C:\WINDOWS\system32\yhhvrtsp.ini
C:\WINDOWS\system32\ykfoxpgr.dll
C:\WINDOWS\system32\ykstyffu.ini
C:\WINDOWS\system32\ylujosos.dll
C:\WINDOWS\system32\ymmskxrr.dll
C:\WINDOWS\system32\yqiglgpi.ini
C:\WINDOWS\system32\yqijvnrx.ini
C:\WINDOWS\system32\yrkqxnrm.dll
C:\WINDOWS\system32\yrptvlid.ini
C:\WINDOWS\system32\ysapeekn.ini
C:\WINDOWS\system32\ysktghra.dll
C:\WINDOWS\system32\yudglohr.ini
C:\WINDOWS\system32\yumsmqqs.ini
C:\WINDOWS\system32\yvcicsgm.ini
C:\WINDOWS\SYSTEM32\ywrxtpdx.ini
C:\WINDOWS\system32\yxpqyykr.ini
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_core

((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.

2008-06-10 16:37 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\SYSTEM32\DRIVERS\bthport.sys
2008-06-10 16:37 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-08 20:48 . 2008-06-08 20:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 19:58 . 2008-06-12 14:55 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 19:57 . 2008-06-08 19:57 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-08 19:49 . 2008-06-08 19:49 <DIR> d-------- C:\Program Files\Panda Security
2008-06-08 14:20 . 2008-06-23 14:45 21,932 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
2008-06-08 13:08 . 2006-07-14 00:09 161,768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2008-06-08 13:08 . 2006-07-08 15:46 84,744 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-06-08 13:08 . 2006-07-14 00:10 37,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-06-08 13:08 . 2006-07-14 00:09 33,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-06-08 13:08 . 2006-07-14 00:09 31,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-06-08 13:07 . 2006-07-17 21:56 104,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-06-08 13:07 . 2006-07-27 16:45 1,808 --a------ C:\WINDOWS\SYSTEM32\subst.inf
2008-06-08 13:03 . 2008-06-08 13:08 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-06-08 13:02 . 2008-06-08 13:37 <DIR> d-------- C:\Program Files\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 01:57 --------- d-----w C:\Documents and Settings\Family\Application Data\Jasc Software Inc
2008-06-12 19:42 --------- d-----w C:\Program Files\Apple Software Update
2008-06-08 18:53 --------- d-----w C:\Program Files\Paltalk Messenger
2008-06-08 18:53 --------- d-----w C:\Documents and Settings\Family\Application Data\Paltalk
2008-06-08 18:05 --------- d-----w C:\Program Files\McAfee.com
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-04-20 02:52 10 ----a-w C:\Program Files\.autoreg
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2007-07-28 09:06 135 ----a-w C:\Program Files\Common Files\vilofs.html
2006-12-23 22:16 1,166 ----a-w C:\Documents and Settings\Incomplete\downloads.dat
2006-06-25 02:44 251 ----a-w C:\Program Files\wt3d.ini
2005-07-09 23:44 94,561 ----a-w C:\Program Files\GIMP-2.xcf
2005-06-09 18:36 54,216 ----a-w C:\Documents and Settings\Chaudhry\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"797B807E81828483"="15171C1A1D1E20.exe" [2007-12-14 07:40 120832 C:\WINDOWS\SYSTEM32\15171C1A1D1E20.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-24 15:11 185896]
"XeroxScannerDaemon"="C:\Program Files\Xerox\NWWia\XrxFTPLt.exe" [2001-08-17 23:37 27648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

C:\Documents and Settings\Chaudhry\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-09-14 15:12:17 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqpqo]
awtqpqo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsp]
C:\WINDOWS\system32\awtsp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljighh]
mljighh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjh]
C:\WINDOWS\system32\mljjh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoonk]
nnnoonk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnno]
C:\WINDOWS\system32\pmnno.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsrsp]
rqrsrsp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutspn]
vtutspn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Family^Start Menu^Programs^Startup^system.exe]
path=C:\Documents and Settings\Family\Start Menu\Programs\Startup\system.exe
backup=C:\WINDOWS\pss\system.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0cc87caf]
C:\WINDOWS\system32\yrxflsiv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-10-04 13:42 48752 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2007-04-19 14:21 198184 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 02:05 122939 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-10-12 17:54 57344 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 05:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-26 16:13 1207080 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 10:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 10:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 15:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\izimi]
C:\Program Files\Izimi\IzimiFilePublisher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm]
--a------ 2007-05-23 21:36 124512 C:\Program Files\Movielink\MovielinkManager\Movielink User.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 14:03 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_1001_N109M1307]
C:\Documents and Settings\Family\Desktop\install_en.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 07:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShareNow]
--a------ 2007-10-31 11:28 4292608 C:\Program Files\ShareNow\ShareNow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 16:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 18:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-24 17:48 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2005-11-15 14:28 85744 C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
C:\WINDOWS\system32\WinAvXX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]
C:\WINDOWS\winshow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdater]
--a------ 2007-07-29 13:20 62967 C:\Program Files\WinUpdater\update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 09:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"UMWdf"=2 (0x2)
"TrkWks"=2 (0x2)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"sprtsvc_ddoctorv2"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SavRoam"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"ose"=3 (0x3)
"MSIServer"=3 (0x3)
"Movielink Core Service"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"LxrJD31s"=2 (0x2)
"iPod Service"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"Fax"=2 (0x2)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"DefWatch"=2 (0x2)
"CiSvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"w32time"=2 (0x2)
"VSS"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"NtLmSsp"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"MHN"=3 (0x3)
"ImapiService"=3 (0x3)
"HidServ"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"CryptSvc"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"BITS"=2 (0x2)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"LmHosts"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Family\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e1f0ad7-f4d0-11db-93d6-001111cacf90}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7336ac1-298d-11dc-944f-001111cacf90}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-06-12 19:33:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-30 09:05:42 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-08 18

21 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\DEFRAG.EXE
"2008-06-08 18

20 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 15:02:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Completion time: 2008-06-23 15:04:49
ComboFix-quarantined-files.txt 2008-06-23 20:04:27

Pre-Run: 14,892,531,712 bytes free
Post-Run: 14,873,219,072 bytes free

965 --- E O F --- 2008-06-21 20:10:00

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:52 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\15171C1A1D1E20.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [797B807E81828483] 15171C1A1D1E20.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab
O20 - Winlogon Notify: awtqpqo - awtqpqo.dll (file missing)
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing)
O20 - Winlogon Notify: mljighh - mljighh.dll (file missing)
O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll (file missing)
O20 - Winlogon Notify: nnnoonk - nnnoonk.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: rqrsrsp - rqrsrsp.dll (file missing)
O20 - Winlogon Notify: vtutspn - vtutspn.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 9287 bytes

**Angelfire777** · 06-23-2008, 03:13 PM

Hi,

Did you disable a lot of services using msconfig?

*Uninstall the items in bold if found:

Note: Some of them may tell you that they may have been uninstall already, just ok them.

Adssite Games Collection
Search Assistant Adssite
Socialnetworking Helper Adssite
Browser Optimizer Rightonadz
My Way Search Assistant

LiveUpdate 2.6 (Symantec Corporation)
Symantec AntiVirus
These two are probably leftovers from a norton installation. You can remove them.

*A few optionals that I would recommend be uninstalled.

1.) I see you have P2P software ( BitTorrent 5.0.7, LimeWire 4.9.30 ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here, and here.

2.) I see you have Viewpoint installed...
Viewpoint related software are considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now.

Viewpoint
Viewpoint Manager
Viewpoint Media Player

*Click Start > Control Panel > Add or Remove Programs and uninstall the items I listed in bold if found.

*If you decide to uninstall them, also delete these Folders if they still exist:

C:\Program Files\Bittorrent
C:\Program Files\Limewire
C:\Program Files\Viewpoint
_______

*Did you create the following html file? If not, please delete it.

C:\Program Files\Common Files\vilofs.html

*delete these folders:

C:\Program Files\Izimi
C:\Program Files\WinUpdater

*Did you turn automatic updates off?

*Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BA52B914-B692-46c4-B683-905236F6F655}"=-
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-

[-HKEY_CLASSES_ROOT\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}]

[-HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqpqo]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsp]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljighh]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjh]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoonk]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnno]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsrsp]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutspn]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Family^Start Menu^Programs^Startup^system.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0cc87caf]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\izimi]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdater]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this:

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
___________

Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

Click Start > Control Panel
Click Add/Remove Programs
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Then download Java Runtime Environment 6u6, and install it to your computer.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
- Applications and Applets
  Trace and Log Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

__________

*I would like you to scan a file for me.

Please go HERE. Copy and paste the following file path in to the box.

C:\WINDOWS\system32\15171C1A1D1E20.exe

Then click submit.

Please post the results to your next reply.

*Please do an online scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

On your next reply, please include a

Fresh HijackThis log.
kaspersky scan log
virustotal scan results
answers to my queries

06-08-2008, 08:30 PM	#1 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Constant Warnings - The operation has been cancelled due to restrictions in effect... Ok so i went through the 5 steps before posting a log. And I got to access a lot of things i wasn't able to. However. There are still a few problems. The main thing that I've noticed is the frequent pop up errors/warnings that say, "The operation has been cancelled due to restrictions in effect on this computer. Please contact your administrator." This occurs when I try to check the calendar on the bottom right. Also, I can't access my control panel. I found, on another site, (before finding this one) a way to make the control panel appear in the start menu again. However, when i access it and try to click on the icons, the error comes again. Now, when i check for the control panel, it is not in the start menu. Please help, thank you. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:29:20 PM, on 6/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mclogsrv.exe C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\McAfee\MSC\mctskshd.exe C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\mrofinu572.exe C:\WINDOWS\system32\WinAvXX.exe C:\Program Files\iTunes\iTunesHelper.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Xerox\NWWia\XrxFTPLt.exe C:\WINDOWS\system32\15171C1A1D1E20.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\JavaCore\JavaCore.exe C:\Program Files\NoDNS\NoDNS.exe C:\Program Files\MapEDC\MapEDC.exe C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe C:\Program Files\Svconr\Svconr.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662E901F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E6C5813C477ACE O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe O4 - HKLM\..\Run: [797B807E81828483] 15171C1A1D1E20.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [0cc87caf] rundll32.exe "C:\WINDOWS\system32\igcaipaa.dll",b O4 - HKLM\..\Run: [BM0ffb4f33] Rundll32.exe "C:\WINDOWS\system32\mgbposaq.dll",s O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [] (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [kernel] C:\Program Files\kernel\kernel.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [SpeedRunner] C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [SfKg6wIP] C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [WinTouch] C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe (User '?') O4 - Global Startup: autorun.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab O20 - Winlogon Notify: awtqpqo - awtqpqo.dll (file missing) O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing) O20 - Winlogon Notify: mljighh - mljighh.dll (file missing) O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll (file missing) O20 - Winlogon Notify: nnnoonk - nnnoonk.dll (file missing) O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing) O20 - Winlogon Notify: rqrsrsp - rqrsrsp.dll (file missing) O20 - Winlogon Notify: vtutspn - vtutspn.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 13157 bytes

06-11-2008, 08:50 PM	#2 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec Hi, welcome to tsf! if you still need assistance, please post a fresh hijackthis log __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-14-2008, 12:33 PM	#3 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec A new problem has developed. I can no longer access the internet. The only page that will open succuessfully is Google.com. However, even if I input something to search. The page will never load successfully, not even partially. Here is the fresh hijackthis log. Please help me. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:29:19 PM, on 6/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mclogsrv.exe C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe C:\WINDOWS\Explorer.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\WINDOWS\system32\printer.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\mrofinu572.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Xerox\NWWia\XrxFTPLt.exe C:\WINDOWS\system32\15171C1A1D1E20.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\JavaCore\JavaCore.exe C:\PROGRA~1\McAfee\MSC\mctskshd.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\NoDNS\NoDNS.exe C:\Program Files\MapEDC\MapEDC.exe C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe C:\Program Files\Svconr\Svconr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662E901F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E6C5813C477ACE O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe O4 - HKLM\..\Run: [797B807E81828483] 15171C1A1D1E20.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [0cc87caf] rundll32.exe "C:\WINDOWS\system32\igcaipaa.dll",b O4 - HKLM\..\Run: [BM0ffb4f33] Rundll32.exe "C:\WINDOWS\system32\mgbposaq.dll",s O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe O4 - HKCU\..\Run: [0cc87caf] rundll32.exe "C:\WINDOWS\system32\igcaipaa.dll",b O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [] (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [kernel] C:\Program Files\kernel\kernel.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [SpeedRunner] C:\Documents and Settings\Family\Application Data\SpeedRunner\SpeedRunner.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [SfKg6wIP] C:\Documents and Settings\Family\Application Data\Microsoft\Windows\qhrvpomu.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [WinTouch] C:\Documents and Settings\Family\Application Data\WinTouch\WinTouch.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe (User '?') O4 - HKUS\S-1-5-21-487496076-1944916564-1425980510-1006\..\Run: [0cc87caf] rundll32.exe "C:\WINDOWS\system32\igcaipaa.dll",b (User '?') O4 - S-1-5-21-487496076-1944916564-1425980510-1006 Startup: system.exe (User '?') O4 - Startup: system.exe O4 - Global Startup: autorun.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab O20 - Winlogon Notify: awtqpqo - awtqpqo.dll (file missing) O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing) O20 - Winlogon Notify: mljighh - mljighh.dll (file missing) O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll (file missing) O20 - Winlogon Notify: nnnoonk - nnnoonk.dll (file missing) O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing) O20 - Winlogon Notify: rqrsrsp - rqrsrsp.dll (file missing) O20 - Winlogon Notify: vtutspn - vtutspn.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 13197 bytes Last edited by Miniia; 06-14-2008 at 12:41 PM.

06-14-2008, 01:18 PM	#4 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec Hi, Please visit this webpage for download links, and instructions for running combofixl: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. ______ HJT Uninstall list Open HijackThis > Click "Misc Tools Section" Click "Open Uninstall Manager". Click "Save List". Save it to your Desktop. Copy the contents of the file to your next reply. __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-18-2008, 08:15 PM	#5 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec My computer won't let me access that site. (Even though it lets me use this one [the forum]......?)

06-18-2008, 08:24 PM	#6 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec delete this file: C:\windows\system32\drivers\etc\hosts then open hijackthis > open misc tools section > open hosts file manager. it will ask if you want to restore the default microsoft hosts file, answer yes then retry the steps posted in my previous post. make sure you don't forget to post the hijackthis uninstall list. __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-19-2008, 10:44 AM	#7 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec I still can't access the site.

06-19-2008, 01:15 PM	#8 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec Download combofix.exe Save it to your desktop. Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. At the next prompt, click 'Yes' to continue with the combofix scan. When the tool is finished, it will produce a report for you. Please post the contents of C:\Combofix.txt along with a fresh hijackthis log and the uninstall list. __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-19-2008, 03:16 PM	#9 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec I can't go to this site: http://support.microsoft.com/kb/310994. And I don't know which one is appropriate for me, because i can't access the properties of "My Computer". When i right-click it, that warning thing comes back up again However, i did manage to download combofix.exe.

06-19-2008, 04:06 PM	#10 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec click start > run > copy and paste dxdiag beside "operating system:" it will tell you if you have a pro or a home version. this is the link for home: http://www.microsoft.com/downloads/d...displaylang=en and this one is for pro: http://www.microsoft.com/downloads/d...displaylang=en __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-21-2008, 02:56 PM	#11 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec I could not produce a Combofix.txt because it said that there was no printer.exe in the system32 folder. I'm not sure what that means. However, here are the hijackthis log and the uninstall list. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:47:59 PM, on 6/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mclogsrv.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\PROGRA~1\McAfee\MSC\mctskshd.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\15171C1A1D1E20.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\wscntfy.exe c:\program files\mcafee\msc\mcuimgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [797B807E81828483] 15171C1A1D1E20.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - Startup: system.exe O4 - Global Startup: autorun.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebSe...veX/ofmctl.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn...detection3.cab O20 - Winlogon Notify: awtqpqo - awtqpqo.dll (file missing) O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing) O20 - Winlogon Notify: mljighh - mljighh.dll (file missing) O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll (file missing) O20 - Winlogon Notify: nnnoonk - nnnoonk.dll (file missing) O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing) O20 - Winlogon Notify: rqrsrsp - rqrsrsp.dll (file missing) O20 - Winlogon Notify: vtutspn - vtutspn.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 9397 bytes -----UNINSTALL LIST Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Photoshop 7.0 Adobe Reader 8.1.2 Adssite Games Collection AIM 6.0 AOL Instant Messenger Apple Mobile Device Support Apple Software Update Athan Basic 3.0 Banctec Service Agreement BitTorrent 5.0.7 Bookkeeper Browser Optimizer Rightonadz Burger Island (remove only) Comcast High-Speed Internet Install Wizard Compatibility Pack for the 2007 Office system Conexant D850 56K V.9x DFVc Modem Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Picture Studio v3.0 Dell Support Dell Support 5.0.0 (766) Desktop Doctor Digital Line Detect DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DVD Decoder Pak for Windows XP Easy DVD Clone Easy DVD-Video Copy ESPNMotion Form Fill (Windows Live Toolbar) FRED GemMaster Mystic GMAT Diagnostic Google Toolbar for Firefox Google Toolbar for Internet Explorer GTK+ 2.6.7-2 runtime environment HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB909394) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) HP Image Zone 3.5 HP PSC & OfficeJet 3.5 HP Software Update HyperLoad - Two Minute Drill Intel(R) Extreme Graphics 2 Driver Intel(R) PRO Network Adapters and Drivers Intel(R) PROSet for Wired Connections Internet Explorer Default Page iPod for Windows 2005-03-23 iTunes Jasc Paint Shop Photo Album 5 Jasc Paint Shop Pro Studio, Dell Editon Java 2 Runtime Environment, SE v1.4.2_03 JD Secure 3.1 LimeWire 4.9.30 LiveUpdate 2.6 (Symantec Corporation) Macromedia Shockwave Player Map Button (Windows Live Toolbar) McAfee SecurityCenter Memories Disc Creator 2.0 Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft ActiveSync 4.0 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Office XP Professional with FrontPage Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE MKSAP for Students 3 (1.0) Modem Helper Move Networks Player for Internet Explorer Movielink Manager Mozilla Firefox (2.0.0.14) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK Musicmatch® Jukebox My Way Search Assistant NetWaiting NetZeroInstallers OneCare Advisor (Windows Live Toolbar) Otto Panda ActiveScan 2.0 Popup Blocker (Windows Live Toolbar) PowerDVD 5.3 QuickTime QuickTime for Windows (32-bit) RealPlayer Rhapsody Player Engine Search Assistant Adssite Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) ShareNow Smart Menus (Windows Live Toolbar) Socialnetworking Helper Adssite Sonic DLA Sonic Encoders Sonic MyDVD Sonic RecordNow! Sonic Update Manager Sony USB Driver SopCast 1.1.2 Spelling Dictionaries Support For Adobe Reader 8 Spybot - Search & Destroy 1.4 SpywareBlaster 4.0 Step3 CCS Symantec AntiVirus System Requirements Lab The Battle for Middle-earth (tm) The Battle for Middle-earth (tm) II The GIMP 2.2.7 The Sims 2 TI Connect 1.6 TI NoteFolio Creator Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) VeohTV BETA Viewpoint Manager (Remove Only) Viewpoint Media Player Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Favorites for Windows Live Toolbar Windows Live Outlook Toolbar (Windows Live Toolbar) Windows Live Toolbar Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Toolbar Feed Detector (Windows Live Toolbar) Windows Media Format Runtime Windows Media Player 10 Windows Media Player 10 Hotfix - KB894476 Windows Media Player Firefox Plugin Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 WinRAR archiver WinZip Yahoo! Browser Services Yahoo! IE Search Suggest Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Yahoo! Search Protection Yahoo! Toolbar ---- Hope this helps...

06-22-2008, 02:00 PM	#12 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec That's odd.. Please delete your copy of combofix and download a new one. After that, run the scan in safe mode. You may want to print these instructions here or save them in notepad since you'll work offline. To enter Safe Mode.. Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter. Please post C:\combofix.txt along with a new hijackthis log in your next reply. __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-23-2008, 12:54 PM	#13 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec it still wont work it says that a recovery console has already been installed. The first time i scanned it, it worked, however it did not produce a log because it said the the printer.exe file in system32 folder was not functioning properly.

06-23-2008, 12:55 PM	#14 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec Might there be a way to uninstall the recovery console to download a new one to produce a combofix.txt log

06-23-2008, 01:06 PM	#15 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec Simply double click combofix.exe in normal mode and see if it will run till completion. If not, try running it in safe mode. Do not attempt to install recovery console anymore. __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.

06-23-2008, 01:15 PM	#16 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec I did both. It still doesn't work....

06-23-2008, 01:16 PM	#17 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec oh wait...so I don't drag the thingy (windows update) to it...ok ill try that...

06-23-2008, 01:23 PM	#18 (permalink)
Miniia Registered User Join Date: Jun 2008 Posts: 28 OS: xp	Re: Constant Warnings - The operation has been cancelled due to restrictions in effec ok there we go now it's working!! will post again once completed...(btw im on another computer...so don't worry me having this browser open)