Popups about viruses and spyware anytime anything is done on the computer.

[jerrinator]

Hi....actually I posted in this forum already and had it resolved. One week of holiday travel and I come back to see my computer messed up again (I think it has something to do with someone using a keygen on my computer and I know things like that is just asking for trouble). The SystemGuard from McAfee keeps disabling and whenever I open the My Documents or anything in windows explorer, a window pops up. I atttached a copy of the message that I saw.
When I click no, it takes me to this link.



Which does not open because another thing comes up and says that the website is web forgery.

The Deckard Scanner doesnt produce and extra.txt log however the main is right here.....also the panda active scan is here as well. Thank you so much and I await further Insrtuctions.

Deckard's System Scanner v20071014.68
Run by Del User on 2008-07-28 19:45:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Del User.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:43 PM, on 7/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Del User\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DELUSE~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: BHO.ext2 - {401F4B6B-3C36-4E8D-BC07-F46FC6D67D9A} - C:\WINDOWS\system32\iexfil.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\RunOnce: [SpybotDeletingA4527] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7888] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\9RCW2TNB\FAVICO~1.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\M7Y7A8YJ\FAVICO~1.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\9RCW2TNB\FAVICO~2.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\M7Y7A8YJ\FAVICO~2.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\9RCW2TNB\FAVICO~3.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\BD24A8XX\FAVICO~1.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\M7Y7A8YJ\FAVICO~3.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\BD24A8XX\IE7PNG~1.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\B9JS2FE5\FAVICO~2.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\B9JS2FE5\OPENSE~1.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\9RCW2TNB\FAVICO~4.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\B9JS2FE5\FAVICO~3.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\BD24A8XX\FAVICO~4.SH! C:\
O4 - HKCU\..\RunOnce: [SpybotDeletingB9232] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8198] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 12774 bytes

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 11:07:41 18944 --a------ C:\WINDOWS\system32\iexfil.dll
2008-07-27 11:03:33 0 d-------- C:\Program Files\MSECache
2008-07-26 16:26:39 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-26 16:26:38 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-25 03:12:59 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-25 02:44:14 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-25 00:32:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 14:00:41 0 d-------- C:\Documents and Settings\Del User\Application Data\Reallusion
2008-07-24 13:58:57 0 d-------- C:\Program Files\Common Files\Reallusion
2008-07-23 13:24:28 0 d-------- C:\Documents and Settings\Del User\Application Data\fltk.org
2008-07-19 03:07:36 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 23:49:33 0 d-------- C:\WINDOWS\system32\scripting
2008-07-18 23:49:32 0 d-------- C:\WINDOWS\l2schemas
2008-07-18 23:49:30 0 d-------- C:\WINDOWS\system32\en
2008-07-18 23:49:30 0 d-------- C:\WINDOWS\system32\bits
2008-07-18 23:45:41 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-18 23:36:16 0 d-------- C:\WINDOWS\EHome
2008-07-18 22:29:46 0 d-------- C:\Program Files\Safari
2008-07-17 22:04:29 0 d-------- C:\Program Files\Common Files\Java
2008-07-17 00:07:54 0 d-------- C:\cmdcons
2008-07-15 21:22:49 0 d-------- C:\Documents and Settings\Del User\.housecall6.6
2008-07-15 20:59:28 0 d-------- C:\Documents and Settings\Del User\Application Data\HouseCall 6.6
2008-07-14 23:47:49 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-13 17:40:28 0 d-------- C:\ie-spyad_zo
2008-07-13 17:04:57 0 d-------- C:\Program Files\SpywareBlaster
2008-07-13 15:44:47 0 d-------- C:\Program Files\Panda Security
2008-07-11 00:13:09 0 d-------- C:\Program Files\Trend Micro
2008-07-10 21:26:10 64324 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-10 21:07:17 0 d-------- C:\Program Files\iPod
2008-07-10 21:07:06 0 d-------- C:\Program Files\iTunes
2008-07-10 20:56:30 0 d-------- C:\Program Files\QuickTime
2008-07-10 15:18:36 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-10 15:18:09 0 d-------- C:\Program Files\NOS
2008-07-09 21:46:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 20:31:54 0 d-------- C:\Program Files\Lavasoft
2008-07-06 22:12:24 0 d-------- C:\WINDOWS\speech
2008-07-06 22:08:14 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-06 10:04:41 0 d-------- C:\Program Files\Sun
2008-07-05 13:29:27 0 d-------- C:\WINDOWS\.jagex_cache_32
2008-07-05 13:24:04 0 d-------- C:\Documents and Settings\Del User\Application Data\bang


-- Find3M Report ---------------------------------------------------------------

2008-07-28 19:43:01 0 d-------- C:\Program Files\FlashGet
2008-07-28 10:14:03 0 d-------- C:\Program Files\McAfee
2008-07-25 19:41:23 0 d-------- C:\Documents and Settings\Del User\Application Data\Adobe
2008-07-25 02:57:47 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-25 02:44:14 0 d-------- C:\Program Files\Common Files
2008-07-24 21:08:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-20 21:38:49 0 d-------- C:\Documents and Settings\Del User\Application Data\SiteAdvisor
2008-07-19 00:08:00 6301 --a------ C:\WINDOWS\system32\wdkaent.dll
2008-07-19 00:07:58 155648 --a------ C:\WINDOWS\system32\SkypeComm.dll <Not Verified; ; Skype Communication>
2008-07-18 23:50:06 0 d-------- C:\Program Files\Messenger
2008-07-18 23:49:30 0 d-------- C:\Program Files\Movie Maker
2008-07-18 23:45:22 0 d-------- C:\Program Files\Windows NT
2008-07-17 22:10:23 20480 --a------ C:\WINDOWS\system32\mssockah.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 2258 0 d-------- C:\Program Files\Java
2008-07-14 23:54:41 0 d-------- C:\Documents and Settings\Del User\Application Data\Real
2008-07-14 23:45:30 0 d-------- C:\Program Files\Common Files\Real
2008-07-13 18:16:29 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-13 15:28:02 0 d-------- C:\Program Files\Real
2008-07-11 00:07:45 0 d-------- C:\Program Files\DivX
2008-07-10 21:18:00 0 d-------- C:\Documents and Settings\Del User\Application Data\Apple Computer
2008-07-10 13:46:37 0 d-------- C:\Documents and Settings\Del User\Application Data\Mozilla
2008-07-09 01:32:14 0 d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-07-06 22:57:13 0 d-------- C:\Program Files\Google
2008-06-26 14:45:52 0 d-------- C:\Program Files\bfgclient
2008-06-23 22:18:11 0 d-------- C:\Documents and Settings\Del User\Application Data\Google
2008-06-23 19:15:31 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-23 19:15:31 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-06-23 18:53:13 0 d-------- C:\Program Files\OpenAL
2008-06-23 15:57:25 0 d-------- C:\Documents and Settings\Del User\Application Data\McAfee
2008-06-20 20:46:29 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-11 21:00:06 0 d-------- C:\Documents and Settings\Del User\Application Data\PowerChallenge
2008-06-07 11:49:13 0 d-------- C:\Documents and Settings\Del User\Application Data\MiniDm
2008-06-07 11:48:21 0 d-------- C:\Documents and Settings\Del User\Application Data\IEPro
2008-06-01 13:01:39 0 d-------- C:\Program Files\Microsoft Works
2008-05-30 21:09:37 0 d-------- C:\Program Files\Web Publish
2008-05-30 20:21:14 0 d-------- C:\Program Files\Common Files\Broderbund
2008-05-30 20:10:00 0 d-------- C:\Program Files\Broderbund
2008-05-30 19:39:41 0 d-------- C:\Program Files\Common Files\L&H
2008-05-30 19:39:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-30 19:36:27 0 d-------- C:\Program Files\Microsoft.NET
2008-05-28 17:55:21 0 d-------- C:\Program Files\Common Files\Nero
2008-05-28 14:56:12 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-28 14:56:08 0 d-------- C:\Program Files\Roxio
2008-05-18 13:56:38 1533 --a------ C:\WINDOWS\mozver.dat
2008-05-05 08:48:00 283 --a------ C:\WINDOWS\system32\installerror.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{401F4B6B-3C36-4E8D-BC07-F46FC6D67D9A}]
07/28/2008 11:07 AM 18944 --a------ C:\WINDOWS\system32\iexfil.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9018F6A8-2495-45DF-9F16-C738F8F3C8FF}]
07/19/2008 12:07 AM 155648 --a------ C:\WINDOWS\system32\SkypeComm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 09:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 09:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 09:50 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 04:12 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 08:05 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [07/24/2006 04:28 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/14/2008 11:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [09/25/2007 04:10 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.exe" [12/04/2007 01:32 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB9232"=command /c del "C:\WINDOWS\SchedLgU.Txt"
"SpybotDeletingD8198"=cmd /c del "C:\WINDOWS\SchedLgU.Txt"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA4527"=command /c del "C:\WINDOWS\SchedLgU.Txt"
"SpybotDeletingC7888"=cmd /c del "C:\WINDOWS\SchedLgU.Txt"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/11/2006 11:12:27 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07389ec4-97ab-11dc-9dd3-001320e1b455}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{589220f5-72c0-11dc-9dc6-001320e1b455}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b74a7e1-b6e2-11dc-9de5-001320e1b455}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe




-- End of Deckard's System Scanner: finished at 2008-07-28 19:47:26 ------------



This is the panda active scan log.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-28 19:37:22
PROTECTIONS: 2
MALWARE: 2
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Del User\Cookies\del_user@server.iad.liveperson[1].txt
03363135 Adware/BHO Adware Yes 1 Yes No C:\WINDOWS\system32\iexfil.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen\Keygen.rar[Keygen.exe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

[chemist]

Hello jerrinator.

Run dss.exe again, but use these instructions(this assumes dss.exe is on your desktop):

• Click Start >> Run then copy/paste the following text into the Run box & click OK
  

  "%userprofile%\desktop\dss.exe" /config

• Click Run
• Click Check All
• Click Uncheck All
• Under the Extra Log heading, check all the boxes.
• Click Scan!
• Please attach extra.txt to your post. To attach a file to a new post, simply
  • Click the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
  • Copy and Paste the following into the Upload File from your Computer box:

    C:\Deckard\System Scanner\extra.txt

  • Click Upload.

[jerrinator]

Here is the attachment...thank you so much once again.

[chemist]

Hello again, jerrinator.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

FlashGet<<Please read this

------------------------------------------------------

Download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

------------------------------------------------------

Close any open browsers.

Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix. Get help here

------------------------------------------------------

Double-click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

C:\ComboFix.txt
new HijackThis log

If you have any questions along the way...STOP and ask them before proceeding.

[jerrinator]

Hello. Thanks for the reply. Everything was done successfully... I never knew about the FlashGet being one of the problems. Thanks for identifying.

Here is the Combofix.txt

ComboFix 08-07-28.4 - Del User 2008-07-29 1:52:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.199 [GMT -4:00]
Running from: C:\Documents and Settings\Del User\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Del User\Application Data\macromedia\Flash Player\#SharedObjects\2VGUMUZ2\interclick.com
C:\Documents and Settings\Del User\Application Data\macromedia\Flash Player\#SharedObjects\2VGUMUZ2\interclick.com\ud.sol
C:\Documents and Settings\Del User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Del User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.

2008-07-29 01:48 . 2008-07-29 01:49 4,314 --a------ C:\WINDOWS\system32\mstmpxmlfun.xml
2008-07-28 19:45 . 2008-07-28 19:45 <DIR> d-------- C:\Deckard
2008-07-28 11:07 . 2008-07-28 11:07 18,944 --a------ C:\WINDOWS\system32\iexfil.dll
2008-07-27 11:03 . 2008-07-27 11:03 <DIR> d-------- C:\Program Files\MSECache
2008-07-26 16:26 . 2008-07-26 16:26 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-26 16:26 . 2008-07-28 12:11 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-07-26 16:24 . 2008-03-07 13:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-26 16:24 . 2008-03-07 13:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-26 16:24 . 2008-03-07 13:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-25 18:03 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-07-25 18:03 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-07-25 03:12 . 2008-07-25 03:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-25 02:44 . 2008-07-25 02:44 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-25 00:32 . 2008-07-25 00:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 14:00 . 2008-07-24 14:00 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\Reallusion
2008-07-24 13:58 . 2008-07-24 13:58 <DIR> d-------- C:\Program Files\Common Files\Reallusion
2008-07-23 13:24 . 2008-07-23 13:24 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\fltk.org
2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-18 23:45 . 2008-07-18 23:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-18 23:40 . 2008-07-26 16:26 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-18 23:36 . 2008-07-18 23:36 <DIR> d-------- C:\WINDOWS\EHome
2008-07-18 23:23 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-07-18 23:22 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-07-18 23:22 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-07-18 23:22 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-07-18 23:22 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-07-18 23:22 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-07-18 23:22 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-07-18 23:22 . 2007-09-17 04:48 1,261 --------- C:\WINDOWS\system32\pid.inf
2008-07-18 22:29 . 2008-07-18 22:30 <DIR> d-------- C:\Program Files\Safari
2008-07-17 22:07 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-17 22:04 . 2008-07-17 22:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-15 21:22 . 2008-07-18 20:55 <DIR> d-------- C:\Documents and Settings\Del User\.housecall6.6
2008-07-15 21:01 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-15 20:59 . 2008-07-15 21:20 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\HouseCall 6.6
2008-07-14 23:47 . 2008-07-14 23:47 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-13 17:40 . 2008-07-13 17:40 <DIR> d-------- C:\ie-spyad_zo
2008-07-13 17:04 . 2008-07-27 23:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-13 15:46 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-13 15:44 . 2008-07-13 15:44 <DIR> d-------- C:\Program Files\Panda Security
2008-07-11 00:13 . 2008-07-11 00:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-10 21:26 . 2008-07-26 11:21 64,324 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-10 21:07 . 2008-07-10 21:08 <DIR> d-------- C:\Program Files\iTunes
2008-07-10 21:07 . 2008-07-10 21:07 <DIR> d-------- C:\Program Files\iPod
2008-07-10 20:56 . 2008-07-10 21:00 <DIR> d-------- C:\Program Files\QuickTime
2008-07-10 15:18 . 2008-07-10 15:18 <DIR> d-------- C:\Program Files\NOS
2008-07-10 15:18 . 2008-07-10 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-10 14:41 . 2008-04-23 00:16 6,066,176 --a------ C:\WINDOWS\system32\SET5E.tmp
2008-07-10 11:26 . 2007-08-13 18:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-07-09 21:46 . 2008-07-10 00:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 21:46 . 2008-07-10 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 20:31 . 2008-07-09 20:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\WINDOWS\speech
2008-07-06 22:08 . 2008-07-06 22:08 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-06 10:04 . 2008-07-06 10:04 <DIR> d-------- C:\Program Files\Sun
2008-07-05 13:29 . 2008-07-05 13:29 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-05 13:24 . 2008-07-05 13:25 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\bang
2008-07-03 23:05 . 2008-07-03 23:05 268 --ah----- C:\sqmdata16.sqm
2008-07-03 23:05 . 2008-07-03 23:05 244 --ah----- C:\sqmnoopt16.sqm
2008-07-03 18:55 . 2008-07-03 18:55 268 --ah----- C:\sqmdata15.sqm
2008-07-03 18:55 . 2008-07-03 18:55 244 --ah----- C:\sqmnoopt15.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 05:47 --------- d-----w C:\Program Files\FlashGet
2008-07-28 17:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2008-07-28 14:14 --------- d-----w C:\Program Files\McAfee
2008-07-28 03:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-25 06:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-25 01:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-21 01:38 --------- d-----w C:\Documents and Settings\Del User\Application Data\SiteAdvisor
2008-07-19 04:08 6,301 ----a-w C:\WINDOWS\system32\wdkaent.dll
2008-07-19 04:07 155,648 ----a-w C:\WINDOWS\system32\SkypeComm.dll
2008-07-18 02:10 20,480 ----a-w C:\WINDOWS\system32\mssockah.dll
2008-07-18 02:06 --------- d-----w C:\Program Files\Java
2008-07-15 03:45 --------- d-----w C:\Program Files\Common Files\Real
2008-07-13 19:28 --------- d-----w C:\Program Files\Real
2008-07-11 04:07 --------- d-----w C:\Program Files\DivX
2008-07-11 01:18 --------- d-----w C:\Documents and Settings\Del User\Application Data\Apple Computer
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-10 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-09 05:32 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-07-07 02:57 --------- d-----w C:\Program Files\Google
2008-06-26 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-26 18:45 --------- d-----w C:\Program Files\bfgclient
2008-06-24 02:51 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee
2008-06-23 23:15 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-23 23:15 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-23 22:53 --------- d-----w C:\Program Files\OpenAL
2008-06-23 19:57 --------- d-----w C:\Documents and Settings\Del User\Application Data\McAfee
2008-06-23 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 01:00 --------- d-----w C:\Documents and Settings\Del User\Application Data\PowerChallenge
2008-06-07 15:49 --------- d-----w C:\Documents and Settings\Del User\Application Data\MiniDm
2008-06-07 15:48 --------- d-----w C:\Documents and Settings\Del User\Application Data\IEPro
2008-06-01 17:01 --------- d-----w C:\Program Files\Microsoft Works
2008-05-31 01:09 --------- d-----w C:\Program Files\Web Publish
2008-05-31 00:21 --------- d-----w C:\Program Files\Common Files\Broderbund
2008-05-31 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Broderbund
2008-05-31 00:10 --------- d-----w C:\Program Files\Broderbund
2008-05-31 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Broderbund Software
2008-05-30 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-30 23:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-30 23:39 --------- d-----w C:\Program Files\Common Files\L&H
2008-05-30 23:36 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-30 18:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 18:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 18:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 18:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 18:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 18:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 18:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-28 21:55 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-28 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-28 18:56 --------- d-----w C:\Program Files\Roxio
2008-05-28 18:56 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:53 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:53 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2006-06-16 00:33 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 22:43 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 18:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 17:10 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 16:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 22:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 15:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 15:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 15:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 15:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-07-24 16:28 35992]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-14 23:40 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-11 23:12:27 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 10:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07389ec4-97ab-11dc-9dd3-001320e1b455}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b74a7e1-b6e2-11dc-9de5-001320e1b455}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
.
Contents of the 'Scheduled Tasks' folder

2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-07-15 C:\WINDOWS\Tasks\McDefragTask.job
- C:\WINDOWS\system32\defrag.exe [2008-04-13 20:12]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 01:57:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-29 2:00:06
ComboFix-quarantined-files.txt 2008-07-29 06:00:00

Pre-Run: 53,536,411,648 bytes free
Post-Run: 53,601,161,216 bytes free

279 --- E O F --- 2008-07-28 13:58:13


Here is the new Hijack this loag

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:24 AM, on 7/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 10349 bytes

[jerrinator]

Thanks alot and awaiting further instructions

[chemist]

Hello again, jerrinator. Please tell us how your system is behaving after doing the following.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Quote:

The SystemGuard from McAfee keeps disabling

This is not a malware related problem--it is actually a McAfee problem. It started in March of this year and has not been resolved by McAfee as of yet.

Please see here >> http://community.mcafee.com/showthread.php?t=219964

I would recommend uninstalling McAfee and trying another antivirus program. Let me know what you decide and I will help you.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the quotebox below into Notepad:

Quote:

File::
C:\WINDOWS\system32\mstmpxmlfun.xml
C:\WINDOWS\system32\iexfil.dll
C:\WINDOWS\system32\wdkaent.dll
C:\WINDOWS\system32\mssockah.dll

Folder::
C:\Documents and Settings\Del User\.housecall6.6\Quarantine
C:\Program Files\FlashGet
C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07389ec4-97ab-11dc-9dd3-001320e1b455}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b74a7e1-b6e2-11dc-9de5-001320e1b455}]

Save this as CFScript.txt, in the same location as ComboFix.exe and then close the file.





Referring to the picture above, drag CFScript into ComboFix

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

------------------------------------------------------

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT.
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer.
• Once the scan is complete, it will display if your system has been infected.
• It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click the Save Report as... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

C:\ComboFix.txt
Kaspersky report
new HijackThis log
report on system behavior

[jerrinator]

hello again chemist......i did as instucted....

well it means alot because the popups stop coming...and well i ran the virtual technician (it found some registry problem that it fixed) and the problem seems to be gone with the systemguard....so i'm keeping the mcafee if you don't mind...

here is the ComboFix file (and i should say it uncovered some things that i have to deal with the other users of this computer)


ComboFix 08-07-28.4 - Del User 2008-07-30 17:29:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.142 [GMT -4:00]
Running from: C:\Documents and Settings\Del User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Del User\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\iexfil.dll
C:\WINDOWS\system32\mssockah.dll
C:\WINDOWS\system32\mstmpxmlfun.xml
C:\WINDOWS\system32\wdkaent.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen
C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen\Desktop.ini
C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen\Keygen.rar
C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen\Thumbs.db

<snip>

C:\WINDOWS\system32\iexfil.dll
C:\WINDOWS\system32\mssockah.dll
C:\WINDOWS\system32\mstmpxmlfun.xml
C:\WINDOWS\system32\wdkaent.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-28 19:45 . 2008-07-28 19:45 <DIR> d-------- C:\Deckard
2008-07-27 11:03 . 2008-07-27 11:03 <DIR> d-------- C:\Program Files\MSECache
2008-07-26 16:26 . 2008-07-26 16:26 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-26 16:26 . 2008-07-29 09:36 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-07-26 16:24 . 2008-03-07 13:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-26 16:24 . 2008-03-07 13:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-26 16:24 . 2008-03-07 13:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-25 18:03 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-07-25 18:03 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-07-25 03:12 . 2008-07-25 03:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-25 02:44 . 2008-07-25 02:44 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-25 00:32 . 2008-07-25 00:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 14:00 . 2008-07-24 14:00 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\Reallusion
2008-07-24 13:58 . 2008-07-24 13:58 <DIR> d-------- C:\Program Files\Common Files\Reallusion
2008-07-23 13:24 . 2008-07-23 13:24 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\fltk.org
2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-18 23:45 . 2008-07-18 23:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-18 23:40 . 2008-07-26 16:26 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-18 23:36 . 2008-07-18 23:36 <DIR> d-------- C:\WINDOWS\EHome
2008-07-18 23:23 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-07-18 23:22 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-07-18 23:22 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-07-18 23:22 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-07-18 23:22 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-07-18 23:22 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-07-18 23:22 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-07-18 23:22 . 2007-09-17 04:48 1,261 --------- C:\WINDOWS\system32\pid.inf
2008-07-18 22:29 . 2008-07-18 22:30 <DIR> d-------- C:\Program Files\Safari
2008-07-17 22:07 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-17 22:04 . 2008-07-17 22:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-15 21:22 . 2008-07-18 20:55 <DIR> d-------- C:\Documents and Settings\Del User\.housecall6.6
2008-07-15 21:01 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-15 20:59 . 2008-07-15 21:20 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\HouseCall 6.6
2008-07-14 23:47 . 2008-07-14 23:47 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-13 17:40 . 2008-07-13 17:40 <DIR> d-------- C:\ie-spyad_zo
2008-07-13 17:04 . 2008-07-27 23:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-13 15:46 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-13 15:44 . 2008-07-13 15:44 <DIR> d-------- C:\Program Files\Panda Security
2008-07-11 00:13 . 2008-07-11 00:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-10 21:26 . 2008-07-26 11:21 64,324 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-10 21:07 . 2008-07-10 21:08 <DIR> d-------- C:\Program Files\iTunes
2008-07-10 21:07 . 2008-07-10 21:07 <DIR> d-------- C:\Program Files\iPod
2008-07-10 20:56 . 2008-07-10 21:00 <DIR> d-------- C:\Program Files\QuickTime
2008-07-10 15:18 . 2008-07-10 15:18 <DIR> d-------- C:\Program Files\NOS
2008-07-10 15:18 . 2008-07-10 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-10 14:41 . 2008-04-23 00:16 6,066,176 --a------ C:\WINDOWS\system32\SET5E.tmp
2008-07-10 11:26 . 2007-08-13 18:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-07-09 21:46 . 2008-07-10 00:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 21:46 . 2008-07-10 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 20:31 . 2008-07-09 20:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\WINDOWS\speech
2008-07-06 22:08 . 2008-07-06 22:08 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-06 10:04 . 2008-07-06 10:04 <DIR> d-------- C:\Program Files\Sun
2008-07-05 13:29 . 2008-07-05 13:29 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-05 13:24 . 2008-07-05 13:25 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\bang
2008-07-03 23:05 . 2008-07-03 23:05 268 --ah----- C:\sqmdata16.sqm
2008-07-03 23:05 . 2008-07-03 23:05 244 --ah----- C:\sqmnoopt16.sqm
2008-07-03 18:55 . 2008-07-03 18:55 268 --ah----- C:\sqmdata15.sqm
2008-07-03 18:55 . 2008-07-03 18:55 244 --ah----- C:\sqmnoopt15.sqm
2008-06-28 15:21 . 2008-06-28 15:21 268 --ah----- C:\sqmdata14.sqm
2008-06-28 15:21 . 2008-06-28 15:21 244 --ah----- C:\sqmnoopt14.sqm
2008-06-27 23:59 . 2008-06-27 23:59 268 --ah----- C:\sqmdata13.sqm
2008-06-27 23:59 . 2008-06-27 23:59 244 --ah----- C:\sqmnoopt13.sqm
2008-06-27 18:19 . 2008-06-27 18:19 268 --ah----- C:\sqmdata12.sqm
2008-06-27 18:19 . 2008-06-27 18:19 244 --ah----- C:\sqmnoopt12.sqm
2008-06-26 22:12 . 2008-06-26 22:12 268 --ah----- C:\sqmdata11.sqm
2008-06-26 22:12 . 2008-06-26 22:12 244 --ah----- C:\sqmnoopt11.sqm
2008-06-26 14:45 . 2008-06-26 14:45 <DIR> d-------- C:\Program Files\bfgclient
2008-06-26 14:45 . 2008-06-26 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-25 22:28 . 2008-06-25 22:28 268 --ah----- C:\sqmdata10.sqm
2008-06-25 22:28 . 2008-06-25 22:28 244 --ah----- C:\sqmnoopt10.sqm
2008-06-25 17:45 . 2008-06-25 17:45 268 --ah----- C:\sqmdata09.sqm
2008-06-25 17:45 . 2008-06-25 17:45 244 --ah----- C:\sqmnoopt09.sqm
2008-06-25 15:37 . 2008-06-25 15:37 268 --ah----- C:\sqmdata08.sqm
2008-06-25 15:37 . 2008-06-25 15:37 244 --ah----- C:\sqmnoopt08.sqm
2008-06-24 16:31 . 2008-06-24 16:31 268 --ah----- C:\sqmdata07.sqm
2008-06-24 16:31 . 2008-06-24 16:31 244 --ah----- C:\sqmnoopt07.sqm
2008-06-23 22:51 . 2008-06-23 22:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-06-23 22:50 . 2008-06-23 22:50 268 --ah----- C:\sqmdata06.sqm
2008-06-23 22:50 . 2008-06-23 22:50 244 --ah----- C:\sqmnoopt06.sqm
2008-06-23 20:39 . 2008-06-23 20:39 268 --ah----- C:\sqmdata05.sqm
2008-06-23 20:39 . 2008-06-23 20:39 244 --ah----- C:\sqmnoopt05.sqm
2008-06-23 18:53 . 2008-06-23 18:53 <DIR> d-------- C:\Program Files\OpenAL
2008-06-23 18:53 . 2008-06-23 19:15 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-06-23 18:53 . 2008-06-23 19:15 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-06-20 20:46 . 2008-06-20 20:46 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-20 13:46 . 2008-06-20 13:46 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 13:46 . 2008-06-20 13:46 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 07:51 . 2008-06-20 07:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 07:40 . 2008-06-20 07:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 07:08 . 2008-06-20 07:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-16 20:28 . 2007-03-07 19:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-06-16 20:28 . 2007-03-07 19:51 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-16 20:28 . 2007-03-07 19:51 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-14 13:35 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-06-14 13:35 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-06-14 13:35 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-06-14 13:35 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-06-14 13:35 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-06-14 13:35 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-06-14 13:35 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-06-14 13:35 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-06-13 14:40 . 2008-06-13 14:40 38 --a------ C:\WINDOWS\avisplitter.INI
2008-06-10 19:15 . 2008-06-11 21:00 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\PowerChallenge
2008-06-10 19:13 . 2008-06-13 07:05 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 19:13 . 2008-06-13 07:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 19:13 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-09 15:23 . 2008-06-09 15:23 37 --a------ C:\WINDOWS\SWFConverter.INI
2008-06-09 14:41 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-06-09 14:41 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-06-09 14:41 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-06-09 14:41 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-06-09 14:41 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-06-09 14:41 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-06-09 14:41 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-06-09 14:35 . 2008-06-09 14:35 <DIR> d-------- C:\WINDOWS\Logs
2008-06-08 20:21 . 2008-06-08 20:21 268 --ah----- C:\sqmdata04.sqm
2008-06-08 20:21 . 2008-06-08 20:21 244 --ah----- C:\sqmnoopt04.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 21:00 --------- d-----w C:\Program Files\McAfee
2008-07-28 17:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2008-07-28 03:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-25 06:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-25 01:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-21 01:38 --------- d-----w C:\Documents and Settings\Del User\Application Data\SiteAdvisor
2008-07-18 02:06 --------- d-----w C:\Program Files\Java
2008-07-15 03:45 --------- d-----w C:\Program Files\Common Files\Real
2008-07-13 19:28 --------- d-----w C:\Program Files\Real
2008-07-11 04:07 --------- d-----w C:\Program Files\DivX
2008-07-11 01:18 --------- d-----w C:\Documents and Settings\Del User\Application Data\Apple Computer
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-10 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-09 05:32 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-07-07 02:57 --------- d-----w C:\Program Files\Google
2008-06-23 19:57 --------- d-----w C:\Documents and Settings\Del User\Application Data\McAfee
2008-06-23 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-01 17:01 --------- d-----w C:\Program Files\Microsoft Works
2008-05-31 01:09 --------- d-----w C:\Program Files\Web Publish
2008-05-31 00:21 --------- d-----w C:\Program Files\Common Files\Broderbund
2008-05-31 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Broderbund
2008-05-31 00:10 --------- d-----w C:\Program Files\Broderbund
2008-05-31 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Broderbund Software
2008-05-30 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-30 23:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-30 23:39 --------- d-----w C:\Program Files\Common Files\L&H
2008-05-30 23:36 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-28 21:55 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-28 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-28 18:56 --------- d-----w C:\Program Files\Roxio
2008-05-28 18:56 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:53 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:53 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\SET55.tmp
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\SET2F.tmp
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2006-06-16 00:33 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 22:43 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 18:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 17:10 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 16:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 22:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 15:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 15:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 15:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 15:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-29_ 1.59.30.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-17 19:56:58 117,584 ----a-w C:\WINDOWS\Downloaded Program Files\McContentMgr.dll
+ 2008-04-17 19:56:16 354,136 ----a-w C:\WINDOWS\Downloaded Program Files\McHealthCheck.dll
+ 2008-04-17 19:57:18 119,112 ----a-w C:\WINDOWS\Downloaded Program Files\McLogMgr.dll
+ 2008-04-17 19:56:38 527,696 ----a-w C:\WINDOWS\Downloaded Program Files\McPlugins.dll
+ 2008-04-17 19:57:38 238,416 ----a-w C:\WINDOWS\Downloaded Program Files\McProdMgr.dll
+ 2008-04-17 19:55:34 291,680 ----a-w C:\WINDOWS\Downloaded Program Files\MVT.dll
+ 2008-04-17 19:53:54 147,456 ----a-w C:\WINDOWS\Downloaded Program Files\Uploader.exe
- 2008-07-29 03:47:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-30 21:07:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-29 03:47:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-30 21:07:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-07-24 16:28 35992]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-14 23:40 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-11 23:12:27 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 10:24]
.
Contents of the 'Scheduled Tasks' folder

2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 17:38:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-07-30 17:52:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 21:52:00
ComboFix2.txt 2008-07-29 06:00:08

Pre-Run: 54,000,242,688 bytes free
Post-Run: 54,036,430,848 bytes free

821 --- E O F --- 2008-07-28 13:58:13


here is the kaspersky Report..


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 30, 2008 8:32:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/07/2008
Kaspersky Anti-Virus database records: 1031195
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 102311
Number of viruses found: 3
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 02:04:51

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{29946A7C-D1F8-4435-9EDB-70FBFF60AFD2}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\Del User\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped
C:\Documents and Settings\Del User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Working\database_4ED0_4FDC_D04F_C943\dfsr.db Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Working\database_4ED0_4FDC_D04F_C943\fsr.log Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Working\database_4ED0_4FDC_D04F_C943\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Working\database_4ED0_4FDC_D04F_C943\tmp.edb Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Windows Live Contacts\liltrini_capriboi@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Windows Live Contacts\liltrini_capriboi@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\History\History.IE5\MSHist012008073020080731\index.dat Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\fb_2108.lck Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\sqlite_KOWxE2IWYCv7MGH Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\sqlite_lB2IdzGfokWr7e4 Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\~DF121F.tmp Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\~DF7B82.tmp Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\~DF8F10.tmp Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\~DF8F32.tmp Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\~DF9EE9.tmp Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\~DF9F26.tmp Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\Content.IE5\6IGS7SUV\p_502105779=0&[4].htm Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\Content.IE5\DCAI4DVC\p_502105779=0&[4].htm Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\Content.IE5\DCAI4DVC\p_502105779=0&[5].htm Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Nero 8 Ultra Edition 8.2.8.0\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Nero 8 Ultra Edition 8.2.8.0\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped
C:\Documents and Settings\Del User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Del User\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU2.txt Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iexfil.dll.vir Infected: Trojan.Win32.BHO.fby skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP183\A0048771.exe Infected: Trojan.Win32.BHO.ffb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0051066.dll Infected: Trojan.Win32.BHO.fby skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{AB57B6E7-5E7A-4127-8378-D0FCFE1328AA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\fb_1484.lck Object is locked skipped
C:\WINDOWS\Temp\mcafee_Cl7CJgVfgAOxh7W Object is locked skipped
C:\WINDOWS\Temp\mcmsc_604tz8zbkYIu1ph Object is locked skipped
C:\WINDOWS\Temp\mcmsc_aMbcfEcqaHr7r2t Object is locked skipped
C:\WINDOWS\Temp\mcmsc_bbH0VRzKPufzQUg Object is locked skipped
C:\WINDOWS\Temp\sqlite_3F4zcuudRaMk9MJ Object is locked skipped
C:\WINDOWS\Temp\sqlite_ongn2xU8aucmtsw Object is locked skipped
C:\WINDOWS\Temp\sqlite_uxFdcxr0vLCYsl5 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


and here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:56 PM, on 7/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus...an_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 10458 bytes


again as for the report on system behaviour...everything seems to be back to normal....thank you so much once again chemist.

[chemist]

Hello again jerrinator.

Quote:

and i should say it uncovered some things that i have to deal with the other users of this computer

Please read this to help you deal with the other users:

Cracked (Illegal) Software

This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal.

------------------------------------------------------

Quote:

i ran the virtual technician (it found some registry problem that it fixed) and the problem seems to be gone with the systemguard....so i'm keeping the mcafee if you don't mind...

Just a suggestion because many users who applied your fix reported that the problem reappears every time McAfee updates. It may have fixed it--I hope it did. Let me know if it reappears after an update.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the code box below into Notepad:

Code:

del /a/f/q "C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Nero 8 Ultra Edition 8.2.8.0\Nero-8.2.8.0_eng_trial.exe"

Save this Notepad file as delete.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on delete.bat to run it. A DOS window will open and close again, this is normal. You may delete the file afterwards.

------------------------------------------------------

Your logs appear clean. See what happens with McAfee and let me know.

[jerrinator]

oh ok..well the mcafee seems fine...no troubles here....thanks once again...you saved my computer for the second time.....wish i xould do what yall do here....

I just have one more questionhowever.....what are the infections and files that Kaspersky found?...did it remove them or something?

Thanks again...

[chemist]

Hello Coal. Did you upload that zip file?

Please try this online scan:

Go here to run an online scannner from ESET.

**Note**
To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

• Note: You will need to use Internet Explorer for this scan.
• Click on
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the ActiveX control to install.
• Close/disable all running programs, including your antivirus and all antispyware programs.
• Click Start
• Make sure that the option Remove found threats is unchecked.
• Make sure the option Scan unwanted applications is checked.
• Click Scan
• Wait for the scan to finish.
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems.

[jerrinator]

i'm guessing you sent it to the wrong person....cause you called me Coal.

[chemist]

Sorry. I posted the wrong reply.

Most of the files listed are not infections. Kaspersky doesn't delete files--it only lists them.

The few that are infections are quarantined, except the one you deleted.

Quote:

you saved my computer for the second time

That's my fault. I missed FlashGet on the first run.

Let me know how your system behaves over the next day or so.

[jerrinator]

Ok well everything seems to be fine and back to normal. McAfee not acting up again. And don't be so hard on yourself. What you do here is great work. One day I would like to be analyst and do these things in my free time. Thanks alot once again without you guys I don't know what I would have done about this PC.

[chemist]

Congratulations. Well done! Your logs appear clean. You should be good to go.

As far as those infected objects listed in the Kaspersky log, those are safely tucked away in ComboFix's quarantine folder or in old System Restore points, which we will be taking care of now.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK

combofix /u

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore points which contain previous infections, and create a fresh, clean System Restore point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

• How Did I Get Infected In The First Place? by TonyKlein
• PC Safety and Security--What Do I Need?

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

• SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
  
• SpywareGuard catches and blocks spyware installation and browser hijacking in real-time. See tutorial here
  
• IE-Spyad is another excellent program that places over 5000 dubious websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. It basically prevents any downloads from the sites listed, although you will still be able to connect to the site. See tutorial here
  
• MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
  
• Spybot - Search & Destroy is an excellent spyware remover and also offers real-time protection against critical registry changes. Don't use the Immunize feature if you use SpywareBlaster. See tutorial here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.

[jerrinator]

OK well everything here is done. Computer is back to normal..thank you so much once again chemist. You can put this as resolved now.

[jerrinator]

oh well one more thing actually. I seem to not be able to access the system tools disk defragmenter?

Something like ""choose the program you want to ust to open this file" comes up then it shows dfrg.msc. Do you know what i can do about that?

[chemist]

• Run dss.exe again, but use these instructions(this assumes dss.exe is on your desktop):
• Click Start >> Run then copy/paste the following text into the Run box & click OK
  
  "%userprofile%\desktop\dss.exe" /config
  
  
• Click Run
• In the dialog box that appears:
• Click Check All
• Click Uncheck All
• Look to the upper left under the Main Log heading, and check File Associations
• Click Scan!

Post the main.txt it produces.

[jerrinator]

Here it is


Deckard's System Scanner v20071014.68
Run by Del User on 2008-08-04 19:11:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- End of Deckard's System Scanner: finished at 2008-08-04 19:11:44 ------------

[chemist]

Hello jerrinator. I'm not sure what's causing your defrag problem. You may have other issues.

As this forum is concerned with malware removal, I suggest you seek expert advice in our Windows XP Support Forum