Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

new to the forums [CLOSED]

Started by kelan76 , Sep 09 2007 08:35 PM

  • This topic is locked This topic is locked

#1
kelan76
Posted 09 September 2007 - 08:35 PM

kelan76

    Member

  • Member
  • PipPip
  • 20 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:32:31 Kelan, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\System32\cisvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcods.exe
E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\rnamfler\naofsvc.exe
E:\Program Files\Spyware Doctor\sdhelp.exe
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Media Player\WMPNetwk.exe
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\WINDOWS\Explorer.EXE
e:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe
E:\Program Files\Vtune\TBPanel.exe
E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\rnamfler\naomf.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\Netropa\Onscreen Display\OSD.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AIM6\aim6.exe
E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
e:\program files\rnamfler\radprcmp.exe
E:\Program Files\AIM6\aolsoftware.exe
E:\Program Files\Rainlendar\Rainlendar.exe
E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe
E:\Documents and Settings\KJO\Desktop\Clean\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lefty - {275296E0-75EC-4380-BB5F-900636889A8D} - E:\WINDOWS\system32\nsx100.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\PROGRA~1\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Gainward] E:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] E:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wrna3ls] E:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [Segmento] E:\Program Files\ydt\Segmento_Alpha\Segmento_Alpha.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD08] E:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Free Ram Optimizer] E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "E:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Startup: Alienware Dock.lnk = E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Rainlendar.lnk = E:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Ram Optimizer XP (2).lnk = E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - E:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - E:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - E:\Program Files\rnamfler\naofsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Program Files\Spyware Doctor\sdhelp.exe
  • 0

Advertisements

#2
kelan76
Posted 22 September 2007 - 10:11 AM

kelan76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
and also to add to this i get an error every now and then which closes my IE...the error is "drwatson postmorten debugger"
  • 0

#3
sage5
Posted 26 September 2007 - 11:36 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi kelan76,

Welcome to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5 and I will be helping you with this problem.

Because it has been a while since that HijackThis log was done, and there isn't really that much in it, I would like you to scan using the tool below:

Please download Deckard's System Scanner and save it to your Desktop.

Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt. I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Cheers,

sage5
  • 0

#4
kelan76
Posted 27 September 2007 - 06:21 AM

kelan76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
hey there sage5...no worries on waiting, i cant complain with free help...here is the main.txt file...

Deckard's System Scanner v20070905.67
Run by KJO on 2007-09-27 08:14:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
83: 2007-09-27 12:14:35 UTC - RP713 - Deckard's System Scanner Restore Point
82: 2007-09-27 03:30:12 UTC - RP712 - System Checkpoint
81: 2007-09-22 16:39:10 UTC - RP711 - System Checkpoint
80: 2007-09-21 09:10:28 UTC - RP710 - System Checkpoint
79: 2007-09-20 08:10:28 UTC - RP709 - System Checkpoint


-- First Restore Point --
1: 2007-06-30 08:01:38 UTC - RP631 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as KJO.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:15:21 AM, on 9/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\System32\cisvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcods.exe
E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\rnamfler\naofsvc.exe
E:\Program Files\Spyware Doctor\sdhelp.exe
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Media Player\WMPNetwk.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\Explorer.EXE
e:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\Program Files\Vtune\TBPanel.exe
E:\Program Files\rnamfler\naomf.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\Program Files\AIM6\aim6.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
E:\Program Files\Rainlendar\Rainlendar.exe
E:\Program Files\AIM6\aolsoftware.exe
E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
e:\program files\rnamfler\radprcmp.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Perfect Alarm Clock\Alarm.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Documents and Settings\KJO\Desktop\dss.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe
E:\DOCUME~1\KJO\Desktop\Clean\hijackthis\KJO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Lefty - {275296E0-75EC-4380-BB5F-900636889A8D} - E:\WINDOWS\system32\nsx100.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\PROGRA~1\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Gainward] E:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [wrna3ls] E:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Ram Optimizer] E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Alienware Dock.lnk = E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Rainlendar.lnk = E:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Ram Optimizer XP (2).lnk = E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - E:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - E:\Program Files\rnamfler\naofsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Program Files\Spyware Doctor\sdhelp.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - E:\Program Files\AlienGUIse\Themes\Alienware Invader Icon Packager\Alienware Invader.icl,43
.hlp - hlpfile - DefaultIcon - E:\WINDOWS\System32\shell32.dll,23
.inf - inffile - DefaultIcon - E:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - E:\Program Files\AlienGUIse\Themes\Alienware Invader Icon Packager\Alienware Invader.icl,35
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.txt - txtfile - DefaultIcon - E:\Program Files\AlienGUIse\Themes\Alienware Invader Icon Packager\Alienware Invader.icl,22
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FileDisk - e:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R1 PCLEPCI - e:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 aslm75 - e:\windows\system32\drivers\aslm75.sys
R2 TBPanel - e:\windows\system32\drivers\tbpanel.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 Afc (PPdus ASPI Shell) - e:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 ASAPIW2k - e:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 MarvinBus (Pinnacle Marvin Bus) - e:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S3 ENTECH - e:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "e:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RdnaoFlSvc - e:\program files\rnamfler\naofsvc.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_AA511019&REV_60\3&267A616A&0&8D
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_AA511019&REV_60\3&267A616A&0&8D
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-09-25 07:25:04 284 --a------ E:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-09-15 01:26:50 336 --a------ E:\WINDOWS\Tasks\McDefragTask.job
2007-09-01 01:00:15 328 --a------ E:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-08-27 and 2007-09-27 -----------------------------

2007-09-22 15:28:35 0 d-------- E:\Program Files\AviSynth 2.5
2007-09-22 15:28:33 0 d-------- E:\Program Files\Red Kawa
2007-09-20 18:59:53 751237 --a------ E:\Program Files\KCompare.exe <Not Verified; Macromedia, Inc.; Flash 4.0>
2007-09-20 18:59:51 14368 --a------ E:\Program Files\secdrv.sys
2007-09-20 18:59:51 32256 --a------ E:\Program Files\drvmgt.dll
2007-09-20 18:59:50 163328 --a------ E:\Program Files\dplayerx.dll
2007-09-20 18:59:50 177152 --a------ E:\Program Files\clokspl.exe
2007-09-20 18:59:50 27648 --a------ E:\Program Files\clcd32.dll
2007-09-20 18:59:50 6784 --a------ E:\Program Files\clcd16.dll
2007-09-20 18:59:49 280311 --a------ E:\Program Files\USAF.exe <Not Verified; Electronic Arts; Jane's USAF>
2007-09-20 18:59:48 385024 --a------ E:\Program Files\USAFConfig.exe <Not Verified; ; Config Application>
2007-09-20 18:55:50 4562 -----n--- E:\Program Files\Wmm-95.dat
2007-09-20 18:55:50 61440 -----n--- E:\Program Files\MMDLL.dll
2007-09-20 18:55:50 262144 -----n--- E:\Program Files\KCData.exe
2007-09-20 18:55:50 221184 -----n--- E:\Program Files\JoystickSetting.exe <Not Verified; ; JoysticSens Application>
2007-09-20 18:55:50 75264 -----n--- E:\Program Files\IFORCE2.dll
2007-09-20 18:53:51 0 d-------- E:\Program Files\Resource
2007-09-20 18:53:51 0 d-------- E:\Program Files\Pilots
2007-09-20 18:53:50 0 d-------- E:\Program Files\Externals
2007-09-20 18:35:28 345 --a------ E:\WINDOWS\EReg072.dat
2007-09-20 18:35:15 33792 -ra------ E:\WINDOWS\NPSExec.exe <Not Verified; Electronic Arts; Electronic Arts NPSExec>
2007-09-20 18:35:14 0 d-------- E:\Program Files\Electronic Arts
2007-09-20 18:34:59 24576 --a------ E:\WINDOWS\system32\ealtest.exe
2007-09-20 18:34:59 36864 --a------ E:\WINDOWS\system32\eaexec.exe <Not Verified; Electronic Arts; Electronic Arts NPSExec>
2007-09-18 09:40:15 0 d-------- E:\Program Files\iTunes
2007-09-15 01:30:47 0 d-------- E:\Program Files\VIA
2007-09-15 01:29:45 0 d-------- E:\Program Files\On-line Help Console
2007-09-15 01:28:54 0 d-------- E:\WINDOWS\system32\Tools
2007-09-15 01:27:46 17505 -ra------ E:\DBI.EXE
2007-09-15 01:15:19 0 d-------- E:\Program Files\Intel Corporation
2007-09-06 22:21:55 0 --a------ E:\WINDOWS\PowerReg.dat
2007-09-06 22:15:53 0 d-------- E:\WINDOWS\UbiSoft
2007-08-30 00:26:42 0 dr-h----- E:\Program Files\rnamfler
2007-08-28 22:08:40 143360 --a------ E:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-08-28 22:05:49 0 d-------- E:\Program Files\McAfee
2007-08-28 22:05:28 0 d-------- E:\Program Files\Common Files\McAfee
2007-08-28 21:53:57 0 d-------- E:\Documents and Settings\All Users\Application Data\McAfee


-- Find3M Report ---------------------------------------------------------------

2007-09-26 22:42:14 0 d-------- E:\Documents and Settings\KJO\Application Data\ComcastToolbar
2007-09-22 11:26:24 30623 --a------ E:\Program Files\sim.ibx
2007-09-22 11:26:24 56616 --a------ E:\Program Files\DMEMessage.c
2007-09-22 11:24:48 456 --a------ E:\Program Files\tgen.ini
2007-09-20 19:29:46 0 d-------- E:\Program Files\StepMania
2007-09-20 19:06:05 1276 --a------ E:\Program Files\CTM_DB.ini
2007-09-20 19:00:52 2634102 --a------ E:\Program Files\Uninst.isu
2007-09-18 09:40:20 0 d-------- E:\Program Files\iPod
2007-09-17 21:49:09 0 d-------- E:\Documents and Settings\KJO\Application Data\Rainlendar
2007-09-15 01:29:45 0 d--h----- E:\Program Files\InstallShield Installation Information
2007-09-11 10:10:31 0 d-------- E:\Program Files\Apple Software Update
2007-09-08 19:59:47 1934 --a------ E:\WINDOWS\system32\tmp.reg
2007-09-08 16:18:04 0 d-------- E:\Documents and Settings\KJO\Application Data\Adobe
2007-08-28 22:12:34 0 d-------- E:\Program Files\McAfee.com
2007-08-19 18:36:52 0 d-------- E:\Documents and Settings\KJO\Application Data\Apple Computer
2007-08-13 01:29:54 0 d-------- E:\Program Files\Hitman Pro
2007-08-08 06:33:03 0 d-------- E:\Documents and Settings\KJO\Application Data\Yahoo!
2007-08-08 06:11:09 0 d-------- E:\Program Files\Yahoo!
2007-08-06 06:53:02 76800 --a------ E:\WINDOWS\system32\nsx100.dll
2007-07-31 13:56:41 1324 --a----c- E:\WINDOWS\system32\d3d9caps.dat
2007-07-31 12:05:24 0 d-------- E:\Program Files\SystemRequirementsLab
2007-07-31 10:06:26 0 d-------- E:\Program Files\QuickTime
2007-07-24 22:24:03 53248 --a------ E:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-07-10 05:55:16 76800 --a----c- E:\WINDOWS\system32\nsbB.dll
2007-06-29 00:43:00 1626112 --a----c- E:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43:00 1019904 --a----c- E:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43:00 1703936 --a----c- E:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43:00 466944 --a----c- E:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43:00 1474560 --a----c- E:\WINDOWS\system32\nview.dll
2007-06-29 00:43:00 1339392 --a----c- E:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43:00 442368 --a----c- E:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43:00 425984 --a----c- E:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{275296E0-75EC-4380-BB5F-900636889A8D}]
08/06/2007 06:53 AM 76800 --a------ E:\WINDOWS\system32\nsx100.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="E:\WINDOWS\system32\PSDrvCheck.exe" [03/10/2004 04:26 PM]
"Gainward"="E:\Program Files\Vtune\TBPanel.exe" [09/13/2006 11:16 AM]
"wrna3ls"="E:\Program Files\rnamfler\naomf.exe" [04/01/2006 10:45 AM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [06/29/2007 12:43 AM]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 12:43 AM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [09/14/2007 10:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Free Ram Optimizer"="E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe" [08/22/2003 09:19 AM]
"Aim6"="E:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

E:\Documents and Settings\KJO\Start Menu\Programs\Startup\
Alienware Dock.lnk - E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe [3/19/2007 10:03:24 PM]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/16/2005 8:26:18 PM]
Rainlendar.lnk - E:\Program Files\Rainlendar\Rainlendar.exe [1/21/2006 8:31:46 AM]
Ram Optimizer XP (2).lnk - E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe [8/22/2003 9:19:42 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 12/06/2005 09:16 PM 176128 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
E:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
E:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"E:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Segmento]
E:\Program Files\ydt\Segmento_Alpha\Segmento_Alpha.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"E:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
E:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{198ff992-17d1-11db-8ed1-806d6172696f}]
AutoRun\command- D:\automenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecc86d5a-3cb5-11da-b782-0011d8f4a9fd}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2ea2230-80b4-11da-9f96-806d6172696f}]




-- End of Deckard's System Scanner: finished at 2007-09-27 08:17:13 ------------



and now here is the extra.txt file...


Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6420 @ 2.13GHz
CPU 1: Intel® Core™2 CPU 6420 @ 2.13GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 1535.29 MiB / 1025.7 MiB
Pagefile Memory (total/avail): 2876.89 MiB / 2404.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1958.61 MiB

A: is Removable (No Media)
B: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 19.35 GiB free.
D: is CDROM (CDFS)
E: is Fixed (NTFS) - 74.52 GiB total, 51.71 GiB free.
G: is Removable (No Media)

\\.\PHYSICALDRIVE1 - WDC WD400JB-00FMA0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - E:

\\.\PHYSICALDRIVE2 - HP Photosmart 8000 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\AIM\\aim.exe"="E:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"E:\\StubInstaller.exe"="E:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"E:\\Program Files\\LimeWire\\LimeWire.exe"="E:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="E:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"E:\\Program Files\\Common Files\\AOL\\1133153654\\ee\\aolsoftware.exe"="E:\\Program Files\\Common Files\\AOL\\1133153654\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"E:\\Program Files\\Common Files\\AOL\\1133153654\\ee\\aim6.exe"="E:\\Program Files\\Common Files\\AOL\\1133153654\\ee\\aim6.exe:*:Enabled:AIM"
"E:\\Program Files\\BitTorrent\\bittorrent.exe"="E:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"E:\\Program Files\\Kazaa\\kazaa.exe"="E:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"E:\\Program Files\\Common Files\\AOL\\1141261970\\ee\\aolsoftware.exe"="E:\\Program Files\\Common Files\\AOL\\1141261970\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"E:\\Program Files\\Common Files\\AOL\\1141261970\\ee\\aim6.exe"="E:\\Program Files\\Common Files\\AOL\\1141261970\\ee\\aim6.exe:*:Enabled:AIM"
"E:\\Documents and Settings\\KJO\\My Documents\\LimeWire\\LimeWire.exe"="E:\\Documents and Settings\\KJO\\My Documents\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="E:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"D:\\Setup.exe"="D:\\Setup.exe:*:Enabled:Setup"
"E:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="E:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe:*:Enabled:iMesh"
"E:\\Program Files\\Valve\\Steam\\SteamApps\\kosxexxx\\counter-strike source\\hl2.exe"="E:\\Program Files\\Valve\\Steam\\SteamApps\\kosxexxx\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"E:\\WINDOWS\\system32\\dpnsvr.exe"="E:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"E:\\WINDOWS\\system32\\dxdiag.exe"="E:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"E:\\Program Files\\Valve\\Steam\\SteamApps\\kosxexxx\\day of defeat source\\hl2.exe"="E:\\Program Files\\Valve\\Steam\\SteamApps\\kosxexxx\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"E:\\Program Files\\Internet Explorer\\iexplore.exe"="E:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"E:\\Program Files\\iTunes\\iTunes.exe"="E:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=E:\Documents and Settings\All Users
APPDATA=E:\Documents and Settings\KJO\Application Data
CLASSPATH=.;E:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=E:\Program Files\Common Files
COMPUTERNAME=KELAN
ComSpec=E:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=E:
HOMEPATH=\Documents and Settings\KJO
LOGONSERVER=\\KELAN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=E:\Program Files\Internet Explorer;;E:\WINDOWS\system32;E:\WINDOWS;E:\WINDOWS\System32\Wbem;E:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=E:\Program Files
PROMPT=$P$G
QTJAVA=E:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=E:
SystemRoot=E:\WINDOWS
TEMP=E:\DOCUME~1\KJO\LOCALS~1\Temp
TMP=E:\DOCUME~1\KJO\LOCALS~1\Temp
USERDOMAIN=KELAN
USERNAME=KJO
USERPROFILE=E:\Documents and Settings\KJO
windir=E:\WINDOWS


-- User Profiles ---------------------------------------------------------------

KJO (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> E:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> E:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> E:\WINDOWS\UNNMP.exe /UNINSTALL
--> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
3DMark03 --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FF35F637-72B9-43BE-A281-06EB2854393A}\Setup.exe" -l0x9
Adobe Acrobat 5.0 --> E:\WINDOWS\ISUNINST.EXE -f"E:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"E:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> E:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Shockwave Player --> E:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE E:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> E:\Program Files\AIM6\uninst.exe
ALi USB2.0 Driver --> E:\WINDOWS\system32\UnUSB20.EXE RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}\Setup.exe" -uninst
AlienGUIse Theme Manager --> E:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AquaMark3 --> E:\PROGRA~1\AQUAMA~1\UNWISE.EXE E:\PROGRA~1\AQUAMA~1\INSTALL.LOG
ArcSoft PhotoImpression 4 --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{302A4752-29A9-4DEA-9FB4-9D1E79D26D2B}\Setup.exe" -l0x9
ArcSoft PhotoStudio 5.5 --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{3B755EF7-F860-4F72-9A2D-5216CB48BA7C}\setup.exe" -l0x9
ArcSoft VideoImpression 2 --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{66E0EB37-6024-4872-897A-8E83AF1C87CA}\setup.exe" -l0x9
ASUS Probe V2.22.04 --> E:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
AviSynth 2.5 --> "E:\Program Files\AviSynth 2.5\Uninstall.exe"
Comcast Toolbar --> E:\Program Files\ComcastToolbar\uninstall.exe
Cool Edit Pro 2.0 --> E:\Program Files\coolpro2\cep2unin.exe
Counter-Strike™ --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike: Source --> MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Dell Digital Jukebox Driver --> E:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell DJ Explorer --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9 /remove
Desktop Graffitist --> "E:\Program Files\Desktop Graffitist\uninstall.exe"
DVD Decrypter (Remove Only) --> "E:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "E:\Program Files\DVD Shrink\unins000.exe"
Free Ram Optimizer XP 1.0 --> "E:\Program Files\AceLogix\Free Ram Optimizer\unins000.exe"
Google Earth --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 1.99.1 --> E:\Documents and Settings\KJO\Desktop\Clean\hijackthis\HijackThis.exe /uninstall
Hollywood FX 5.5 Additional Effects --> E:\WINDOWS\unvise32.exe E:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\unextralog
Hollywood FX Pack 26 - Extra FX --> E:\WINDOWS\unvise32.exe E:\WINDOWS\unextrafx.log
Hotfix for Windows Media Format 11 SDK (KB929399) --> "E:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "E:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Image Zone 5.3 --> E:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> E:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> E:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> E:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® Processor ID Utility --> MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
iolo technologies' System Mechanic Professional 6 --> "E:\Program Files\iolo\System Mechanic Professional 6\UninstallSMPro.exe"
iPod for Windows 2006-06-28 --> E:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jane’s Combat Simulations USAF --> e:\program files\Externals\Setup.exe
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jeff's Fish --> E:\Program Files\v-cade\Uninstal.exe
Lava Lamp 3.2.0.1 --> E:\Program Files\Lava Lamp\SXUNINST.EXE
Lexmark Supplies Monitor --> E:\WINDOWS\system32\LXSMUNIN.EXE
LimeWire 4.12.15 --> "E:\Program Files\LimeWire\uninstall.exe"
McAfee SecurityCenter --> E:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Base Smart Card Cryptographic Service Provider Package --> "E:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Musicmatch® Jukebox --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Nero Suite --> E:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Network Play System (Patching) --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NVIDIA Drivers --> E:\WINDOWS\system32\nvudisp.exe UninstallGUI
On-line Help Console --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime700\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{6283826F-59A2-11D9-BB04-000AE6BE6EE7}\setup.exe" -l0x9
PConPoint v2.0 --> "E:\Program Files\PConPoint\unins000.exe"
Perfect Alarm Clock --> E:\Program Files\Perfect Alarm Clock\Uninstall.exe
PERFECT SERIES MULTI-DIRECTION OPTICAL MOUSE 1.4 --> E:\Program Files\PERFECT SERIES\MULTI-DIRECTION OPTICAL MOUSE\1.4\unins000.EXE
Pinnacle Hollywood FX for Studio --> E:\WINDOWS\unvise32.exe E:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Polaroid Digital Camera --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0697A326-25B4-4CF7-8D72-29609E828367}\Setup.exe"
PowerDVD --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
proDAD Heroglyph 1.0 --> "E:\Program Files\proDAD\Heroglyph-1.0\uninstall.exe" uninstall spcp
proDAD Heroglyph 2.0 --> "E:\Program Files\proDAD\Heroglyph-2.0\uninstall.exe" uninstall spcp PATHVERSION 2.0
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Rainlendar (remove only) --> "E:\Program Files\Rainlendar\uninst.exe"
ScreenShot2File 1.3.5 --> "E:\Program Files\ScreenShot2File\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segmento_Alpha Yummy Desktop Toy --> E:\WINDOWS\Segmento_AlphaUninstall.exe
SiS 900 PCI Fast Ethernet Adapter Driver --> E:\Progra~1\SiSLan\Uninst.exe
Skycar Yummy Desktop Toy --> E:\WINDOWS\SkycarUninstall.exe
SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "E:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartSound Quicktracks Plugin --> E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic Foundry ACID 4.0 --> MsiExec.exe /I{2A38B5AA-EA84-4F87-9937-2FB23982243A}
Spyware Doctor 4.0 --> E:\Program Files\Spyware Doctor\unins000.exe
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StepMania (remove only) --> "E:\Program Files\StepMania\uninstall.exe"
Studio 9 --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
Studio 9 Content CD/DVD --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x9 UNINSTALL
System Requirements Lab --> E:\Program Files\SystemRequirementsLab\Uninstall.exe
The Weather Channel Desktop --> E:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Platform Device Manager --> E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\Intel 32\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Videora iPod nano Converter 3.04 --> E:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Viewpoint Media Player --> E:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Hypnotist 5.51 --> E:\Program Files\Virtual Hypnotist\uninst.exe
VoipBuster --> "E:\Program Files\VoipBuster.com\VoipBuster\unins000.exe"
Vtune 4.6 --> "E:\Program Files\Vtune\unins000.exe"
Weather Services --> E:\WINDOWS\system32\control.exe E:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
Window Washer --> E:\WINDOWS\unwash.exe
WindowBlinds --> E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Media Connect --> "E:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "E:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Yahoo! Browser Services --> E:\PROGRA~1\Yahoo!\Common\unin_yextras.exe /S
Yahoo! Messenger --> E:\PROGRA~1\Yahoo!\Messenger\UNWISE.EXE /U E:\PROGRA~1\Yahoo!\Messenger\INSTALL.LOG
Yahoo! Toolbar --> E:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4507 / Error
Event Submitted/Written: 09/27/2007 08:15:36 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type4506 / Error
Event Submitted/Written: 09/27/2007 08:15:36 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type4505 / Error
Event Submitted/Written: 09/27/2007 08:15:36 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type4504 / Error
Event Submitted/Written: 09/27/2007 08:15:36 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The server name or address could not be resolved

Event Record #/Type4462 / Error
Event Submitted/Written: 09/25/2007 11:26:11 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16512, faulting module quicktimeh264.qtx, version 7.2.0.240, fault address 0x00054c8a.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23543 / Warning
Event Submitted/Written: 09/26/2007 11:09:38 PM
Event ID/Source: 20192 / RemoteAccess
Event Description:
A certificate could not be found. Connections that use the L2TP protocol over IPSec
require the installation of a machine certificate, also known as a computer
certificate. No L2TP calls will be accepted.

Event Record #/Type23535 / Error
Event Submitted/Written: 09/26/2007 11:09:38 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Uninterruptible Power Supply service terminated with the following error:
%%2481

Event Record #/Type23533 / Error
Event Submitted/Written: 09/26/2007 11:09:23 PM
Event ID/Source: 2481 / UPS
Event Description:
The UPS service is not configured correctly.

Event Record #/Type23522 / Warning
Event Submitted/Written: 09/26/2007 10:23:18 PM
Event ID/Source: 20192 / RemoteAccess
Event Description:
A certificate could not be found. Connections that use the L2TP protocol over IPSec
require the installation of a machine certificate, also known as a computer
certificate. No L2TP calls will be accepted.

Event Record #/Type23508 / Error
Event Submitted/Written: 09/26/2007 10:23:11 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Uninterruptible Power Supply service terminated with the following error:
%%2481



-- End of Deckard's System Scanner: finished at 2007-09-27 08:17:13 ------------

thanks a lotforyour help...talk to ya soon!..
  • 0

#5
sage5
Posted 28 September 2007 - 12:52 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi kelan76,

Please download the following tools and save them to your desktop:

SDFix
OTMoveIt by OldTimer.

Run SDFix:
Double click SDFix.exe and it will extract the files to %systemdrive%, (typically C:\SDFix)
  • Restart your Computer in Safe Mode
  • As soon as it starts to boot up, tap your F8 key repeatedly.
  • This should bring up the Windows Advanced Options Menu.
  • Use your arrow keys to select Safe Mode and click the Enter key.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save as C:\SDFix\Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Fix File Associations:
  • Go to Start > Run and type or paste "%userprofile%\desktop\dss.exe" /daft
  • Click on the Scan button.
  • Place a checkmark next to the following entries if they appear:
    • bat
    • hlp
    • inf
    • ini
    • js
    • reg
    • scr
    • txt
    • vbs
  • Click the Fix button.
  • Re-scan and save the logfile. This will default to daft.txt
  • Save it to your C:\ drive, I'll need that log later.
If everything is ok again, it should display the "all associations ok message"


Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    E:\DBI.EXE
    E:\Program Files\DMEMessage.c
    E:\WINDOWS\system32\nsx100.dll
    E:\WINDOWS\system32\d3d9caps.dat
    E:\WINDOWS\system32\nsbB.dll
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Open Notepad
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Paste the text into the Notepad file, click in the window and press Ctrl + V.
  • Click "Exit" to close OTMoveIt.
  • Save the text file as C:\otmove.txt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Lefty - {275296E0-75EC-4380-BB5F-900636889A8D} - E:\WINDOWS\system32\nsx100.dll
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.
Re-run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 1 text file will open in Notepad.
  • Close the text file.
[color=purple]This file is a new version of C:\Deckard\System Scanner\main.txt

Please post the contents of the following, as your next Reply
C:\Deckard\System Scanner\main.txt
C:\otmove.txt
C:\SDFix\Report.txt

Cheers,

sage5
  • 0

#6
kelan76
Posted 30 September 2007 - 07:46 PM

kelan76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
wow lots to do haha...sorry it took so long ive been a little busy but here the report.txt file...

Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

E:\WINDOWS
No streams found.

E:\WINDOWS\system32
No streams found.

E:\WINDOWS\system32\svchost.exe
No streams found.

E:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\AIM\\aim.exe"="E:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"E:\\StubInstaller.exe"="E:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"E:\\Program Files\\LimeWire\\LimeWire.exe"="E:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="E:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"E:\\Program Files\\Common Files\\AOL\\1133153654\\ee\\aolsoftware.exe"="E:\\Program Files\\Common Files\\AOL\\1133153654\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"E:\\Program Files\\Common Files\\AOL\\1133153654\\ee\\aim6.exe"="E:\\Program Files\\Common Files\\AOL\\1133153654\\ee\\aim6.exe:*:Enabled:AIM"
"E:\\Program Files\\BitTorrent\\bittorrent.exe"="E:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"E:\\Program Files\\Kazaa\\kazaa.exe"="E:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"E:\\Program Files\\Common Files\\AOL\\1141261970\\ee\\aolsoftware.exe"="E:\\Program Files\\Common Files\\AOL\\1141261970\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"E:\\Program Files\\Common Files\\AOL\\1141261970\\ee\\aim6.exe"="E:\\Program Files\\Common Files\\AOL\\1141261970\\ee\\aim6.exe:*:Enabled:AIM"
"E:\\Documents and Settings\\KJO\\My Documents\\LimeWire\\LimeWire.exe"="E:\\Documents and Settings\\KJO\\My Documents\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="E:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"D:\\Setup.exe"="D:\\Setup.exe:*:Enabled:Setup"
"E:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="E:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe:*:Enabled:iMesh"
"E:\\Program Files\\Valve\\Steam\\SteamApps\\kosxexxx\\counter-strike source\\hl2.exe"="E:\\Program Files\\Valve\\Steam\\SteamApps\\kosxexxx\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"E:\\WINDOWS\\system32\\dpnsvr.exe"="E:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"E:\\WINDOWS\\system32\\dxdiag.exe"="E:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"E:\\Program Files\\Valve\\Steam\\SteamApps\\kosxexxx\\day of defeat source\\hl2.exe"="E:\\Program Files\\Valve\\Steam\\SteamApps\\kosxexxx\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"E:\\Program Files\\Internet Explorer\\iexplore.exe"="E:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"E:\\Program Files\\iTunes\\iTunes.exe"="E:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------


Files with Hidden Attributes:

Sun 21 Jul 2002 418,816 ...HR --- "E:\WINDOWS\system32\Tools\All.exe"
Fri 19 Jul 2002 390,144 ...HR --- "E:\WINDOWS\system32\Tools\Change.exe"
Tue 20 Aug 2002 430,592 ...HR --- "E:\WINDOWS\system32\Tools\Counter.exe"
Fri 19 Jul 2002 388,096 ...HR --- "E:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 ...HR --- "E:\WINDOWS\system32\Tools\Regexe.exe"
Mon 2 Dec 2002 431,616 ...HR --- "E:\WINDOWS\system32\Tools\Restart.exe"
Thu 27 Sep 2007 0 A.SH. --- "E:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Finished!


the file associations thing didnt work, but i know i have a program that fixes that, i dunno but heres the moveIT results...

E:\DBI.EXE moved successfully.
E:\Program Files\DMEMessage.c moved successfully.
E:\WINDOWS\system32\nsx100.dll unregistered successfully.
E:\WINDOWS\system32\nsx100.dll moved successfully.
E:\WINDOWS\system32\d3d9caps.dat moved successfully.
E:\WINDOWS\system32\nsbB.dll unregistered successfully.
E:\WINDOWS\system32\nsbB.dll moved successfully.

Created on 09/30/2007 21:39:05


and..here is the hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 9:43:46 PM, on 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\System32\cisvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcods.exe
E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\rnamfler\naofsvc.exe
E:\Program Files\Spyware Doctor\sdhelp.exe
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Media Player\WMPNetwk.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Vtune\TBPanel.exe
E:\Program Files\rnamfler\naomf.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
E:\Program Files\AIM6\aim6.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
e:\program files\rnamfler\radprcmp.exe
E:\Program Files\Rainlendar\Rainlendar.exe
E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
E:\Program Files\AIM6\aolsoftware.exe
e:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\System32\wbem\wmiprvse.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Documents and Settings\KJO\Desktop\            \hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\PROGRA~1\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Gainward] E:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [wrna3ls] E:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Ram Optimizer] E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Alienware Dock.lnk = E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Rainlendar.lnk = E:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Ram Optimizer XP (2).lnk = E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - E:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - E:\Program Files\rnamfler\naofsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Program Files\Spyware Doctor\sdhelp.exe

and last but not least the dss log...

Deckard's System Scanner v20070905.67
Run by KJO on 2007-09-30 21:45:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as KJO.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:45:34 PM, on 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\System32\cisvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcods.exe
E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\rnamfler\naofsvc.exe
E:\Program Files\Spyware Doctor\sdhelp.exe
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Media Player\WMPNetwk.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Vtune\TBPanel.exe
E:\Program Files\rnamfler\naomf.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
E:\Program Files\AIM6\aim6.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
e:\program files\rnamfler\radprcmp.exe
E:\Program Files\Rainlendar\Rainlendar.exe
E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
E:\Program Files\AIM6\aolsoftware.exe
e:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\system32\cidaemon.exe
E:\Documents and Settings\KJO\Desktop\            \hijackthis\dss.exe
E:\DOCUME~1\KJO\Desktop\            \hijackthis\KJO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\PROGRA~1\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Gainward] E:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [wrna3ls] E:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Ram Optimizer] E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Alienware Dock.lnk = E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Rainlendar.lnk = E:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Ram Optimizer XP (2).lnk = E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - E:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - E:\Program Files\rnamfler\naofsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Program Files\Spyware Doctor\sdhelp.exe


-- Files created between 2007-08-30 and 2007-09-30 -----------------------------

2007-09-30 21:22:26 0 d-------- E:\WINDOWS\ERUNT
2007-09-30 21:18:55 0 d--h----- E:\Documents and Settings\Administrator\Templates
2007-09-30 21:18:55 0 dr------- E:\Documents and Settings\Administrator\Start Menu
2007-09-30 21:18:55 0 dr-h----- E:\Documents and Settings\Administrator\SendTo
2007-09-30 21:18:55 0 d--h----- E:\Documents and Settings\Administrator\Recent
2007-09-30 21:18:55 0 d--h----- E:\Documents and Settings\Administrator\PrintHood
2007-09-30 21:18:55 0 d--h----- E:\Documents and Settings\Administrator\NetHood
2007-09-30 21:18:55 0 d-------- E:\Documents and Settings\Administrator\My Documents
2007-09-30 21:18:55 0 d--h----- E:\Documents and Settings\Administrator\Local Settings
2007-09-30 21:18:55 0 d-------- E:\Documents and Settings\Administrator\Favorites
2007-09-30 21:18:55 0 d-------- E:\Documents and Settings\Administrator\Desktop
2007-09-30 21:18:55 0 d--hs---- E:\Documents and Settings\Administrator\Cookies
2007-09-30 21:18:55 0 dr-h----- E:\Documents and Settings\Administrator\Application Data
2007-09-30 21:18:55 0 d---s---- E:\Documents and Settings\Administrator\Application Data\Microsoft
2007-09-30 21:18:54 524288 --ah----- E:\Documents and Settings\Administrator\NTUSER.DAT
2007-09-22 15:28:35 0 d-------- E:\Program Files\AviSynth 2.5
2007-09-22 15:28:33 0 d-------- E:\Program Files\Red Kawa
2007-09-20 18:59:53 751237 --a------ E:\Program Files\KCompare.exe <Not Verified; Macromedia, Inc.; Flash 4.0>
2007-09-20 18:59:51 14368 --a------ E:\Program Files\secdrv.sys
2007-09-20 18:59:51 32256 --a------ E:\Program Files\drvmgt.dll
2007-09-20 18:59:50 163328 --a------ E:\Program Files\dplayerx.dll
2007-09-20 18:59:50 177152 --a------ E:\Program Files\clokspl.exe
2007-09-20 18:59:50 27648 --a------ E:\Program Files\clcd32.dll
2007-09-20 18:59:50 6784 --a------ E:\Program Files\clcd16.dll
2007-09-20 18:59:49 280311 --a------ E:\Program Files\USAF.exe <Not Verified; Electronic Arts; Jane's USAF>
2007-09-20 18:59:48 385024 --a------ E:\Program Files\USAFConfig.exe <Not Verified; ; Config Application>
2007-09-20 18:55:50 4562 -----n--- E:\Program Files\Wmm-95.dat
2007-09-20 18:55:50 61440 -----n--- E:\Program Files\MMDLL.dll
2007-09-20 18:55:50 262144 -----n--- E:\Program Files\KCData.exe
2007-09-20 18:55:50 221184 -----n--- E:\Program Files\JoystickSetting.exe <Not Verified; ; JoysticSens Application>
2007-09-20 18:55:50 75264 -----n--- E:\Program Files\IFORCE2.dll
2007-09-20 18:53:51 0 d-------- E:\Program Files\Resource
2007-09-20 18:53:51 0 d-------- E:\Program Files\Pilots
2007-09-20 18:53:50 0 d-------- E:\Program Files\Externals
2007-09-20 18:35:28 345 --a------ E:\WINDOWS\EReg072.dat
2007-09-20 18:35:15 33792 -ra------ E:\WINDOWS\NPSExec.exe <Not Verified; Electronic Arts; Electronic Arts NPSExec>
2007-09-20 18:35:14 0 d-------- E:\Program Files\Electronic Arts
2007-09-20 18:34:59 24576 --a------ E:\WINDOWS\system32\ealtest.exe
2007-09-20 18:34:59 36864 --a------ E:\WINDOWS\system32\eaexec.exe <Not Verified; Electronic Arts; Electronic Arts NPSExec>
2007-09-18 09:40:15 0 d-------- E:\Program Files\iTunes
2007-09-15 01:30:47 0 d-------- E:\Program Files\VIA
2007-09-15 01:29:45 0 d-------- E:\Program Files\On-line Help Console
2007-09-15 01:28:54 0 d-------- E:\WINDOWS\system32\Tools
2007-09-15 01:15:19 0 d-------- E:\Program Files\Intel Corporation
2007-09-06 22:21:55 0 --a------ E:\WINDOWS\PowerReg.dat
2007-09-06 22:15:53 0 d-------- E:\WINDOWS\UbiSoft
2007-08-30 00:26:42 0 dr-h----- E:\Program Files\rnamfler


-- Find3M Report ---------------------------------------------------------------

2007-09-29 00:31:25 30681 --a------ E:\Program Files\sim.ibx
2007-09-29 00:31:25 57 --a------ E:\Program Files\default.mda
2007-09-26 22:42:14 0 d-------- E:\Documents and Settings\KJO\Application Data\ComcastToolbar
2007-09-22 11:24:48 456 --a------ E:\Program Files\tgen.ini
2007-09-20 19:29:46 0 d-------- E:\Program Files\StepMania
2007-09-20 19:06:05 1276 --a------ E:\Program Files\CTM_DB.ini
2007-09-20 19:00:52 2634102 --a------ E:\Program Files\Uninst.isu
2007-09-18 09:40:20 0 d-------- E:\Program Files\iPod
2007-09-17 21:49:09 0 d-------- E:\Documents and Settings\KJO\Application Data\Rainlendar
2007-09-15 01:29:45 0 d--h----- E:\Program Files\InstallShield Installation Information
2007-09-11 10:10:31 0 d-------- E:\Program Files\Apple Software Update
2007-09-08 19:59:47 1934 --a------ E:\WINDOWS\system32\tmp.reg
2007-09-08 16:18:04 0 d-------- E:\Documents and Settings\KJO\Application Data\Adobe
2007-08-28 22:12:40 0 d-------- E:\Program Files\McAfee
2007-08-28 22:12:34 0 d-------- E:\Program Files\McAfee.com
2007-08-28 22:08:32 0 d-------- E:\Program Files\Common Files\McAfee
2007-08-19 18:36:52 0 d-------- E:\Documents and Settings\KJO\Application Data\Apple Computer
2007-08-13 01:29:54 0 d-------- E:\Program Files\Hitman Pro
2007-08-08 06:33:03 0 d-------- E:\Documents and Settings\KJO\Application Data\Yahoo!
2007-08-08 06:11:09 0 d-------- E:\Program Files\Yahoo!
2007-07-31 12:05:24 0 d-------- E:\Program Files\SystemRequirementsLab
2007-07-31 10:06:26 0 d-------- E:\Program Files\QuickTime
2007-07-24 22:24:03 53248 --a------ E:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="E:\WINDOWS\system32\PSDrvCheck.exe" [03/10/2004 04:26 PM]
"Gainward"="E:\Program Files\Vtune\TBPanel.exe" [09/13/2006 11:16 AM]
"wrna3ls"="E:\Program Files\rnamfler\naomf.exe" [04/01/2006 10:45 AM]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [06/29/2007 12:43 AM]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 12:43 AM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [09/14/2007 10:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Free Ram Optimizer"="E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe" [08/22/2003 09:19 AM]
"Aim6"="E:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

E:\Documents and Settings\KJO\Start Menu\Programs\Startup\
Alienware Dock.lnk - E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe [3/19/2007 10:03:24 PM]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/16/2005 8:26:18 PM]
Rainlendar.lnk - E:\Program Files\Rainlendar\Rainlendar.exe [1/21/2006 8:31:46 AM]
Ram Optimizer XP (2).lnk - E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe [8/22/2003 9:19:42 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 12/06/2005 09:16 PM 176128 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
E:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
E:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"E:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Segmento]
E:\Program Files\ydt\Segmento_Alpha\Segmento_Alpha.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"E:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
E:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\automenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecc86d5a-3cb5-11da-b782-0011d8f4a9fd}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2ea2230-80b4-11da-9f96-806d6172696f}]




-- End of Deckard's System Scanner: finished at 2007-09-30 21:45:56 ------------



thank you very much for your time...hope this helps you help me lol..
  • 0

#7
sage5
Posted 30 September 2007 - 09:31 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi kelan76,


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Read the FAQ and information about Supported Browsers
  • Click the Start Scanning button
  • If you get a Security warning, or the Information Bar at the top of the IE7 page flashes, Allow permission for the ActiveX to run
  • click the Accept button
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy & Paste the entire report into a new Notepad file, saved as C:\ f_secure.txt

Please try to run DAFT again, the error could have been a timing issue, before the removal of the bad files.

Fix File Associations:
  • Go to Start > Run and type or paste "%userprofile%\desktop\dss.exe" /daft
  • Click on the Scan button.
  • Place a checkmark next to the following entries if they appear:
    • bat
    • hlp
    • inf
    • ini
    • js
    • reg
    • scr
    • txt
    • vbs
  • Click the Fix button.
  • Re-scan and save the logfile. This will default to daft.txt
  • Save it to your C:\ drive, I'll need that log later.
If everything is ok again, it should display the "all associations ok message"


Shut down & Reboot normally:

Run HijackThis again:
  • Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
  • Start your Web Browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
Please include a note to tell me how your PC is running now.

Cheers,

sage5
  • 0

#8
kelan76
Posted 02 October 2007 - 01:12 AM

kelan76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
alrighty here the the daft. txt...it worked finally...

DAFT Log saved on 2007-10-01 21:43:30
-----------------------------------------------------------------------
All associations okay!


f_secure.txt...

Scanning Report
Monday, October 01, 2007 21:53:32 - 03:09:49
Computer name: KELAN
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ E:\


--------------------------------------------------------------------------------

Result: 2 malware found
Backdoor.Win32.VB.gen (virus)
E:\DOCUMENTS AND SETTINGS\KJO\MY DOCUMENTS\PROG INSTALL\SND-REMOTE.HAVOC.3.0.1\REMOTE.EXE (Submitted)
not-virus:Hoax.Win32.Agent.o (virus)
E:\DOCUMENTS AND SETTINGS\KJO\SHARED\((((((((( F22 RAPTOR ))))))))) ULTIMATE.EDITION\SETUP.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 44326
System: 0
Not scanned: 3
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 2
Submitted: 2
Files not scanned:
E:\PAGEFILE.SYS
E:\WINDOWS\TEMP\MCAFEE_7OCELCIDVFVNUX8
E:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-10-01
F-Secure AVP: 7.0.171, 2007-10-02
F-Secure Orion: 1.2.37, 2007-10-02
F-Secure Blacklight: 1.0.64
F-Secure Pegasus: 1.19.0, 2007-08-25
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD LSP MAP MHT MIF PHP POT WMF NWS TAR
Use Advanced heuristics

and ill send the hijackthis log when i restart
  • 0

#9
kelan76
Posted 02 October 2007 - 01:21 AM

kelan76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:20:51 AM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\System32\cisvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcods.exe
E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\rnamfler\naofsvc.exe
E:\WINDOWS\System32\rsvp.exe
E:\Program Files\Spyware Doctor\sdhelp.exe
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\svchost.exe
e:\PROGRA~1\mcafee\virusscan\mcvsshld.exe
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\Program Files\Windows Media Player\WMPNetwk.exe
e:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Vtune\TBPanel.exe
E:\Program Files\rnamfler\naomf.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
E:\Program Files\AIM6\aim6.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
E:\Program Files\Rainlendar\Rainlendar.exe
e:\program files\rnamfler\radprcmp.exe
E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe
E:\Program Files\AIM6\aolsoftware.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\AIM6\aolsoftware.exe
E:\Documents and Settings\KJO\Desktop\            \hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\PROGRA~1\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Gainward] E:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [wrna3ls] E:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Ram Optimizer] E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Alienware Dock.lnk = E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Rainlendar.lnk = E:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Ram Optimizer XP (2).lnk = E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-sec...3beta/fscax.cab
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - E:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - E:\Program Files\rnamfler\naofsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Program Files\Spyware Doctor\sdhelp.exe
  • 0

#10
sage5
Posted 02 October 2007 - 06:07 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi kelan76

Lets get the final clean up jobs done.

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Clear Out Old Restore points:
(Windows XP)
1. Turn off System Restore.
Click Start and right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Click Start and right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.


Cleanup with OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Click the Clean up button
  • Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • Click Yes to the reboot.

Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.

Shut down & Reboot normally:

Run HijackThis again:
  • Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
  • Start your Web Browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
Please include a note to tell me how your PC is running now.

Cheers,

sage5
  • 0

Advertisements

#11
kelan76
Posted 06 October 2007 - 09:25 AM

kelan76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:25:27 AM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\System32\cisvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcods.exe
E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\rnamfler\naofsvc.exe
E:\Program Files\Spyware Doctor\sdhelp.exe
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Media Player\WMPNetwk.exe
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\WINDOWS\Explorer.EXE
e:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Vtune\TBPanel.exe
E:\Program Files\rnamfler\naomf.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
E:\Program Files\AIM6\aim6.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
e:\program files\rnamfler\radprcmp.exe
E:\Program Files\Rainlendar\Rainlendar.exe
E:\Program Files\AIM6\aolsoftware.exe
E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\KJO\Desktop\            \hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\PROGRA~1\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Gainward] E:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [wrna3ls] E:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Ram Optimizer] E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Alienware Dock.lnk = E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Rainlendar.lnk = E:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Ram Optimizer XP (2).lnk = E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-sec...3beta/fscax.cab
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - E:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - E:\Program Files\rnamfler\naofsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Program Files\Spyware Doctor\sdhelp.exe

there you are good sir...i would have to say my computer is running a bit better...thanks a lot..it is much appreciated
  • 0

#12
sage5
Posted 08 October 2007 - 08:47 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi kelan76,

There are a couple of more scans I would like you to do for me.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Download Dr.Web CureIt to the desktop:
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Pleaase post the text from the two files as your next reply.

The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5
  • 0

#13
kelan76
Posted 08 October 2007 - 09:58 AM

kelan76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
here is the file from the first scan...

ComboFix 07-10-07.2 - KJO 2007-10-08 11:29:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.876 [GMT -4:00]
Running from: E:\Documents and Settings\KJO\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Documents and Settings\KJO\Application Data\macromedia\Flash Player\#SharedObjects\NH7ZEE66\www.broadcaster.com
E:\Documents and Settings\KJO\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
E:\Program Files\version.txt
E:\WINDOWS\Fonts\acrsecI.fon

.
((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-08 11:28 51,200 --a------ E:\WINDOWS\NirCmd.exe
2007-10-08 10:49 <DIR> d-------- E:\WINDOWS\LastGood
2007-10-02 10:22 <DIR> d-------- E:\Program Files\iTunes
2007-09-30 21:22 <DIR> d-------- E:\WINDOWS\ERUNT
2007-09-22 15:28 <DIR> d-------- E:\Program Files\Red Kawa
2007-09-22 15:28 <DIR> d-------- E:\Program Files\AviSynth 2.5
2007-09-20 18:59 751,237 --a------ E:\Program Files\KCompare.exe
2007-09-20 18:59 6,784 --a------ E:\Program Files\clcd16.dll
2007-09-20 18:59 385,024 --a------ E:\Program Files\USAFConfig.exe
2007-09-20 18:59 32,256 --a------ E:\Program Files\drvmgt.dll
2007-09-20 18:59 280,311 --a------ E:\Program Files\USAF.exe
2007-09-20 18:59 27,648 --a------ E:\Program Files\clcd32.dll
2007-09-20 18:59 177,152 --a------ E:\Program Files\clokspl.exe
2007-09-20 18:59 163,328 --a------ E:\Program Files\dplayerx.dll
2007-09-20 18:59 14,368 --a------ E:\Program Files\secdrv.sys
2007-09-20 18:55 75,264 --------- E:\Program Files\IFORCE2.dll
2007-09-20 18:55 70,656 --------- E:\Program Files\MSVCIRT.DLL
2007-09-20 18:55 61,440 --------- E:\Program Files\MMDLL.dll
2007-09-20 18:55 401,484 --------- E:\Program Files\Msvcrtd.dll
2007-09-20 18:55 4,562 --------- E:\Program Files\Wmm-95.dat
2007-09-20 18:55 262,144 --------- E:\Program Files\KCData.exe
2007-09-20 18:55 221,184 --------- E:\Program Files\JoystickSetting.exe
2007-09-20 18:55 12,800 --------- E:\Program Files\std-2.0.1-vc5.0-mt.dll
2007-09-20 18:53 <DIR> d-------- E:\Program Files\Resource
2007-09-20 18:53 <DIR> d-------- E:\Program Files\Pilots
2007-09-20 18:53 <DIR> d-------- E:\Program Files\Externals
2007-09-20 18:35 345 --a------ E:\WINDOWS\EReg072.dat
2007-09-20 18:35 33,792 -ra------ E:\WINDOWS\NPSExec.exe
2007-09-20 18:35 <DIR> d-------- E:\Program Files\Electronic Arts
2007-09-20 18:34 36,864 --a------ E:\WINDOWS\system32\eaexec.exe
2007-09-20 18:34 24,576 --a------ E:\WINDOWS\system32\ealtest.exe
2007-09-15 01:30 <DIR> d-------- E:\Program Files\VIA
2007-09-15 01:29 <DIR> d-------- E:\Program Files\On-line Help Console
2007-09-15 01:28 <DIR> d-------- E:\WINDOWS\system32\Tools
2007-09-15 01:15 <DIR> d-------- E:\Program Files\Intel Corporation
2007-09-11 10:13 30,336 --a------ E:\WINDOWS\system32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 10:49 --------- d-------- E:\Program Files\McAfee
2007-10-08 01:00 --------- dr-h----- E:\Program Files\rnamfler
2007-10-06 11:43 57 --a------ E:\Program Files\default.mda
2007-10-06 11:43 30681 --a------ E:\Program Files\sim.ibx
2007-10-06 11:32 506084 --a------ E:\Program Files\DMEMessage.c
2007-10-02 10:22 --------- d-------- E:\Program Files\iPod
2007-09-26 22:42 --------- d-------- E:\Documents and Settings\KJO\Application Data\ComcastToolbar
2007-09-26 22:36 --------- d-a------ E:\Documents and Settings\All Users\Application Data\TEMP
2007-09-22 11:24 456 --a------ E:\Program Files\tgen.ini
2007-09-20 19:29 --------- d-------- E:\Program Files\StepMania
2007-09-20 19:06 1276 --a------ E:\Program Files\CTM_DB.ini
2007-09-20 19:00 2634102 --a------ E:\Program Files\Uninst.isu
2007-09-17 21:49 --------- d-------- E:\Documents and Settings\KJO\Application Data\Rainlendar
2007-09-15 01:29 --------- d--h----- E:\Program Files\InstallShield Installation Information
2007-09-13 22:00 25088 --a------ E:\WINDOWS\system32\drivers\Document Scrap '%SystemRoot%_Sys...'.shs
2007-09-11 10:10 --------- d-------- E:\Program Files\Apple Software Update
2007-09-06 22:25 28624 --a--c--- E:\WINDOWS\system32\drivers\secdrv.sys
2007-08-28 22:12 --------- d-------- E:\Program Files\McAfee.com
2007-08-28 22:12 --------- d-------- E:\Documents and Settings\All Users\Application Data\McAfee.com
2007-08-28 22:12 --------- d-------- E:\Documents and Settings\All Users\Application Data\McAfee
2007-08-28 22:08 --------- d-------- E:\Program Files\Common Files\McAfee
2007-08-19 18:36 --------- d-------- E:\Documents and Settings\KJO\Application Data\Apple Computer
2007-08-13 01:29 --------- d-------- E:\Program Files\Hitman Pro
2007-08-08 06:33 --------- d-------- E:\Documents and Settings\KJO\Application Data\Yahoo!
2007-08-08 06:20 --------- d-------- E:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-08 06:11 --------- d-------- E:\Program Files\Yahoo!
2007-08-08 06:11 --------- d-------- E:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-30 19:19 92504 --a------ E:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ E:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ E:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ E:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ E:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ E:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ E:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ E:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ E:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a--c--- E:\WINDOWS\system32\wups.dll
2007-07-24 22:24 53248 --a------ E:\WINDOWS\system32\Process.exe
2005-05-12 00:36 12288 --a--c--- E:\WINDOWS\Fonts\RandFont.dll
2000-06-02 19:09 19144 --a------ E:\Program Files\readme.htm
1999-09-22 02:42 5492781 --a------ E:\Program Files\USAF.icd
1999-09-21 15:57 4546 --a------ E:\Program Files\license.txt
1999-09-21 14:59 308280 --a------ E:\Program Files000409.256
1999-09-21 14:59 307324 --a------ E:\Program Files000409.016
1999-09-15 12:34 9453 -r------- E:\Program Files\camera.ini
1999-07-27 23:32 51909 --a------ E:\Program Files\USAF.exp
1999-01-14 11:53 6432 --------- E:\Program Files\BlueStarErr.log
1999-01-14 11:53 365 --------- E:\Program Files\brain.log
1999-01-14 11:53 365 --------- E:\Program Files\BlueStarDbg.log
1999-01-14 11:53 18894 --------- E:\Program Files\error.c
1999-01-14 11:53 127916 --------- E:\Program Files\CRError.c
1999-01-14 11:53 0 --------- E:\Program Files\CommDebug.log
1998-12-31 16:29 0 --------- E:\Program Files\Damage.log
1998-12-31 16:29 0 --------- E:\Program Files\ArenaManager.log
1998-12-27 14:25 0 --------- E:\Program Files\Arena.log
1998-12-24 12:35 18896 --------- E:\Program Files\mvmr.log
1998-06-16 14:31 6449 --------- E:\Program Files\iaforce.ifr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="E:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26]
"Gainward"="E:\Program Files\Vtune\TBPanel.exe" [2006-09-13 11:16]
"wrna3ls"="E:\Program Files\rnamfler\naomf.exe" [2006-04-01 10:45]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Free Ram Optimizer"="E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe" [2003-08-22 09:19]
"Aim6"="E:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-16 20:26:18]
Rainlendar.lnk - E:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 08:31:46]
Ram Optimizer XP (2).lnk - E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe [2003-08-22 09:19:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-06 21:16 176128 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
E:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"E:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
E:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"E:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Segmento]
E:\Program Files\ydt\Segmento_Alpha\Segmento_Alpha.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"E:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
E:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

R1 npapimon;npapimon;E:\WINDOWS\system32\drivers\npapimon.sys
R1 ssdiagn;ssdiagn;E:\WINDOWS\system32\drivers\ssdiagn.sys
S2 0121131191854965mcinstcleanup;McAfee Application Installer Cleanup (0121131191854965);E:\WINDOWS\TEMP121131191854965mcinst.exe E:\PROGRA~1\COMMON~1\McAfee\Installer\cleanup.ini -cleanup -nolog -service
S3 PINNMB;Pinnacle MovieBox USB;E:\WINDOWS\system32\Drivers\pinnmb.SYS
S3 USBAAPL;Apple Mobile USB Driver;E:\WINDOWS\system32\Drivers\usbaapl.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\automenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{198ff992-17d1-11db-8ed1-806d6172696f}]
play\Command- "E:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecc86d5a-3cb5-11da-b782-0011d8f4a9fd}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2ea2230-80b4-11da-9f96-806d6172696f}]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 11:25:03 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-15 05:26:50 E:\WINDOWS\Tasks\McDefragTask.job"
"2007-10-01 05:00:03 E:\WINDOWS\Tasks\McQcTask.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 11:31:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 11:32:35
E:\ComboFix-quarantined-files.txt ... 2007-10-08 11:32
.
--- E O F ---


and the new hijackthis...


Logfile of HijackThis v1.99.1
Scan saved at 11:57:32 AM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
E:\Program Files\Vtune\TBPanel.exe
E:\Program Files\rnamfler\naomf.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
E:\Program Files\AIM6\aim6.exe
E:\PROGRA~1\McAfee\VirusScan\mcods.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\PROGRA~1\McAfee\MPS\mps.exe
E:\Program Files\AIM6\aolsoftware.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Rainlendar\Rainlendar.exe
e:\program files\rnamfler\radprcmp.exe
E:\Program Files\rnamfler\naofsvc.exe
E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
E:\Program Files\Spyware Doctor\sdhelp.exe
e:\PROGRA~1\mcafee.com\agent\mcagent.exe
E:\Program Files\McAfee\MPS\mpsevh.exe
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Media Player\WMPNetwk.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe
E:\Documents and Settings\KJO\Desktop\            \hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\PROGRA~1\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Gainward] E:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [wrna3ls] E:\Program Files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Ram Optimizer] E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] E:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Alienware Dock.lnk = E:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Rainlendar.lnk = E:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Ram Optimizer XP (2).lnk = E:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-sec...3beta/fscax.cab
O20 - Winlogon Notify: WBSrv - E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0121131191854965) (0121131191854965mcinstcleanup) - Unknown owner - E:\WINDOWS\TEMP121131191854965mcinst.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - E:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - E:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - E:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RdnaoFlSvc - Unknown owner - E:\Program Files\rnamfler\naofsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Program Files\Spyware Doctor\sdhelp.exe


and the other thing you sent me wouldnt run because of a dr. watson postmortem debugger error
  • 0

#14
sage5
Posted 10 October 2007 - 07:43 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi kelan76,

The Combofix log identified a couple of files to delete.

Next download AVG Anti-Spyware and save that file to your Desktop.
Update AVG Anti-Spyware:
This is a 30 day trial of the program
  • Double-click the AVG icon on the desktop to launch the set up program.
    Once setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select Update then select the Update now link.
    • Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
  • Once in the Settings screen click on Recommended actions and then select Quarantine.
  • Under Reports
    • Select Automatically generate report after every scan
    • Un-Select Only if threats were found
  • Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Run AVG Anti-Spyware:
  • Reboot your computer into SafeMode.
    • Restart your computer and tap the F8 key, repeatedly until a menu appears.
    • Use your up arrow key to highlight SafeMode then hit Enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select Apply all actions
    • Next select the Reports icon at the top.
    • Select the Save report as button in the lower left hand of the screen and save it as C:\avg_as.txt
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode
Post the text from the C:\avg_as.txt in your nexy Reply.

Cheers,

sage5
  • 0

#15
kelan76
Posted 10 October 2007 - 10:35 PM

kelan76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
well i had an issue with getting the log file...everything was greyed out and i couldnt save it...but there were a whole bunch of tracking cookies, which i have a program that gets those anyway...there were 2 adware medium risk files...and one high risk file which was called backdoor.vb...hope this helps but i can try to run the scan again if you need me too...it took over an hour...thanks!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP