myau

Yipee....... It is fixed now. That nasty Chinese Characters are gone now. I didn't think this is going to work. All I did was to start the computer in SAFE MODE and clicked on Normal mode. It's still gave me that ignoring Access Denied error thingy twice and I restarted the computer and then checked the MSCONFIG with curiosity. I am serious I was expecting it is not going to work, but it has selected with Normal Startup. Then I checked the Startup Tab and it is finally gone. I haven't test the MSCONFIG to see if it is still giving me that Access Denied error thingy. I am afraid to do it. I am so happy it has been fixed. THANK YOU SO MUCH "AdvancedSetup". If wasn't for your help, it's more likely it wouldn't make a difference. You guys have excellent customer services. To show you how thankful I am, I will buy the full version to support you guys. KEEP UP THE GOOD WORK AND THANK YOU!

I deleted it successfully. I used F-Secure Rescue CD and find nothing. I was going to use Avira AntiVir Rescue System, but it was in a different language and I don't understand them. I will try to use BitDefender Rescue CD too, if it lets me. The MSCONFIG is NOT back to normal. It's still doing the same thing. Maybe it can't be fixed. Thank you!

Okay, I have set it back to default setting based on those two websites. I have a question. I don't know if you know what it is. On the SERVICES, I see something called "YION " and I don't know what it is. It gives an executable path of C:\DOCUME~1\CINDY~2\LOCALS~1\Temp\YION.exe . It was set it to manual and I tried to change it to disabled but nothing happen. Thank you!

Here is the logs. Thank You! DDS (Ver_09-05-14.01) - NTFSx86 Run by Cindy at 16:13:19.71 on Fri 06/12/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.257 [GMT -5:00] AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Cindy\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://yahoo.sbc.com/dsl mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsl uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe" mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe mRun: [iPInSightMonitor 01] "c:\program files\sbc yahoo!\connection manager\ip insight\IPMon32.exe" mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\cindy~2\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {3492AC37-16C6-42FC-A2CA-439E9CFDACDF} - hxxp://falcon.web2server.info/install/1.4/ie/install.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} - hxxp://216.249.24.142/code/PWActiveXImgCtl.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152515880921 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} - hxxp://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX/download/kdx.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\cindy~2\applic~1\mozilla\firefox\profiles\uhgesm42.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\program files\mozilla firefox\components\blsfflock.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-16 201320] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-16 203280] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-16 359248] R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-12-16 144704] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-16 79304] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-16 35240] S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2007-7-9 17432] S3 JFMGBVTWO;JFMGBVTWO;c:\docume~1\cindy~2\locals~1\temp\jfmgbvtwo.exe --> c:\docume~1\cindy~2\locals~1\temp\JFMGBVTWO.exe [?] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-16 33832] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-16 40488] S3 YION;YION;c:\docume~1\cindy~2\locals~1\temp\yion.exe --> c:\docume~1\cindy~2\locals~1\temp\YION.exe [?] S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-16 695624] =============== Created Last 30 ================ 2009-06-12 05:15 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-12 05:15 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-06-12 05:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-06-12 04:12 <DIR> --ds---- C:\ComboFix 2009-06-12 04:12 389,120 a------- c:\windows\system32\CF17690.exe 2009-06-11 21:58 517,790 a------- C:\HaxFix.exe 2009-06-11 21:58 <DIR> --d----- C:\HaxFix 2009-06-11 03:01 118,353 a------- C:\RootRepeal.dmp 2009-06-11 02:59 0 a------- C:\settings.dat 2009-06-10 17:25 2,105,344 a------- c:\windows\system32\secsetup.sdb 2009-06-10 10:52 <DIR> --d----- c:\windows\system32\CatRoot2 2009-06-09 19:21 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll 2009-06-09 19:21 12,800 -------- c:\windows\system32\dllcache\xpshims.dll 2009-06-09 12:15 <DIR> --d----- c:\documents and settings\cindy\DoctorWeb 2009-06-08 16:31 <DIR> --d----- c:\program files\ESET 2009-06-08 16:26 <DIR> --dsh--- c:\documents and settings\cindy\PrivacIE 2009-06-08 16:14 73,728 a------- c:\windows\system32\javacpl.cpl 2009-06-08 16:14 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-08 15:36 <DIR> --d----- c:\program files\CCleaner 2009-06-08 00:39 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat 2009-06-07 22:57 <DIR> a-dshr-- C:\cmdcons 2009-06-07 22:54 161,792 a------- c:\windows\SWREG.exe 2009-06-07 22:54 155,136 a------- c:\windows\PEV.exe 2009-06-07 22:54 98,816 a------- c:\windows\sed.exe 2009-06-06 18:11 <DIR> --d----- c:\program files\Trend Micro 2009-06-06 10:04 <DIR> --d----- c:\docume~1\cindy~2\applic~1\Malwarebytes 2009-06-06 10:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-06-06 05:57 <DIR> --d----- c:\program files\XoftSpySE 2009-06-05 13:48 <DIR> --dsh--- c:\documents and settings\cindy\IETldCache 2009-06-05 13:10 <DIR> --d----- c:\windows\SxsCaPendDel 2009-06-05 12:49 <DIR> --d----- c:\windows\ie8updates 2009-06-05 12:46 102,912 -------- c:\windows\system32\dllcache\iecompat.dll 2009-06-05 12:38 <DIR> -cd-h--- c:\windows\ie8 2009-06-05 02:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix 2009-06-05 02:39 61,224 a------- c:\documents and settings\cindy\GoToAssistDownloadHelper.exe 2009-06-02 19:11 54,156 a---h--- c:\windows\QTFont.qfn 2009-06-02 19:11 1,409 a------- c:\windows\QTFont.for ==================== Find3M ==================== 2009-06-07 20:33 108,856 a------- c:\docume~1\cindy~2\applic~1\GDIPFONTCACHEV1.DAT 2009-05-13 00:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll 2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-13 00:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll 2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-30 16:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll 2009-04-30 16:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll 2009-04-30 16:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll 2009-04-30 16:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll 2009-04-30 16:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll 2009-04-30 06:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 07:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 09:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll 2009-02-17 15:00 47,360 a------- c:\docume~1\cindy~2\applic~1\pcouffin.sys 2008-11-19 21:00 60,744 a------- c:\documents and settings\cindy\g2mdlhlpx.exe 2007-07-16 00:49 110 ac------ c:\docume~1\alluse~1\applic~1\MostFunGameId.bin 2004-01-10 02:27 693,840 ac------ c:\program files\wmv9VCMsetup.exe 2003-10-28 15:50 5,313,488 ac------ c:\program files\DivX51Bundle.exe 2003-10-22 21:56 723,963 ac------ c:\program files\netvampire.zip 2003-10-06 15:32 765 ac--h--- c:\program files\hpothb07.tif 2003-10-06 15:32 452 ac--h--- c:\program files\hpothb07.dat 2003-09-30 15:16 0 ac--h--- c:\documents and settings\cindy\hpothb07.dat 2003-08-15 22:02 3,120,360 ac------ c:\program files\Install_AIM.exe 2003-08-15 11:22 9,130,944 ac------ c:\program files\AdbeRdr60_enu.exe 2002-05-19 03:48 102 ac------ c:\program files\Readme.txt 2002-05-19 02:57 944,797 ac------ c:\program files\wrar300.exe 2002-05-15 01:37 473 ac------ c:\program files\rarreg.key ============= FINISH: 16:14:40.46 ===============

It was fine I guess. When I tried to uninstall mIRC it said it might be already uninstalled do you want me to take it out of the add/Remove and I clicked yes. Also I believe I have uninstall J2SE Runtime Environment 5.0 Update 3 and upgraded to 6, so I didn't uninstall JRE 6. Malwarebytes Anti-Malware lets me do updates and I also did a scan but found nothing. The problem is still the same. Those Characters looks different everytime I restart the computer. I went back and changed my McAfree to be enabled. Almost forgot to include the combofix logs. What should I do next? THANK YOU! ComboFix 09-06-11.06 - Cindy06/12/2009 4:15.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.270 [GMT -5:00] Running from: c:\documents and settings\Cindy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Cindy\Desktop\CFscript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\windows\System32\Drivers\sptd.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\RootRepeal.exe . ((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 ))))))))))))))))))))))))))))))) . 2009-06-12 02:58 . 2009-06-12 03:19 -------- d-----w- C:\HaxFix 2009-06-12 02:58 . 2009-06-11 07:16 517790 ----a-w- C:\HaxFix.exe 2009-06-11 08:13 . 2009-06-11 08:13 -------- d-sh--w- c:\documents and settings\Administrator.SMILEFACE.000\IETldCache 2009-06-11 07:59 . 2009-06-11 07:59 0 ----a-w- C:\settings.dat 2009-06-11 05:31 . 2009-06-11 05:31 -------- d-sh--w- c:\documents and settings\Daniel\PrivacIE 2009-06-10 15:52 . 2009-06-12 09:14 -------- d-----w- c:\windows\system32\CatRoot2 2009-06-10 00:21 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-10 00:21 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-09 17:15 . 2009-06-09 17:15 -------- d-----w- c:\documents and settings\Cindy\DoctorWeb 2009-06-08 21:31 . 2009-06-08 21:31 -------- d-----w- c:\program files\ESET 2009-06-08 21:26 . 2009-06-08 21:26 -------- d-sh--w- c:\documents and settings\Cindy\PrivacIE 2009-06-08 21:14 . 2009-06-08 21:12 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-08 21:12 . 2009-06-08 21:12 -------- d-----w- c:\program files\Java 2009-06-08 20:36 . 2009-06-08 20:36 -------- d-----w- c:\program files\CCleaner 2009-06-06 23:11 . 2009-06-06 23:11 -------- d-----w- c:\program files\Trend Micro 2009-06-06 21:28 . 2009-06-06 21:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-06 15:04 . 2009-06-06 15:04 -------- d-----w- c:\documents and settings\Cindy\Application Data\Malwarebytes 2009-06-06 15:03 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-06 15:03 . 2009-06-06 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-06 15:03 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-06 15:03 . 2009-06-06 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-06 11:25 . 2009-06-06 11:25 -------- d-sh--w- c:\documents and settings\Daniel\IETldCache 2009-06-06 10:57 . 2009-06-06 11:17 -------- d-----w- c:\program files\XoftSpySE 2009-06-05 18:48 . 2009-06-05 18:48 -------- d-sh--w- c:\documents and settings\Cindy\IETldCache 2009-06-05 18:10 . 2009-06-05 18:45 -------- d-----w- c:\windows\SxsCaPendDel 2009-06-05 17:49 . 2009-06-05 17:49 -------- d-----w- c:\windows\ie8updates 2009-06-05 17:46 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-06-05 17:38 . 2009-06-05 17:46 -------- dc-h--w- c:\windows\ie8 2009-06-05 07:44 . 2009-06-05 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix 2009-06-05 07:40 . 2009-06-05 07:40 -------- d-----w- c:\documents and settings\Cindy\Local Settings\Application Data\Citrix 2009-06-05 07:39 . 2009-06-05 07:39 61224 ----a-w- c:\documents and settings\Cindy\GoToAssistDownloadHelper.exe 2009-06-05 06:22 . 2009-06-05 06:22 49152 ----a-r- c:\documents and settings\Cindy\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe 2009-06-05 06:22 . 2009-06-05 06:22 49152 ----a-r- c:\documents and settings\Cindy\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-12 08:32 . 2007-09-14 06:17 -------- d-----w- c:\program files\ParetoLogic 2009-06-12 08:31 . 2008-02-09 18:38 -------- d-----w- c:\program files\eMule 2009-06-09 21:45 . 2005-01-21 17:31 -------- d-----w- c:\program files\Common Files\Motive 2009-06-08 08:16 . 2009-06-08 08:15 108856 ----a-w- c:\documents and settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-08 03:46 . 2008-12-16 20:52 1457 ----a-w- c:\windows\AC6A35BD-5292-43f6-B548-5FE3C42C144C.bat 2009-06-05 07:40 . 2007-07-19 23:56 -------- d-----w- c:\program files\Citrix 2009-06-05 06:21 . 2008-12-16 20:34 -------- d-----w- c:\program files\McAfee 2009-05-14 19:16 . 2009-05-06 18:55 -------- d-----w- c:\program files\Coupons 2009-05-13 05:15 . 2005-06-18 04:49 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 21:23 . 2005-10-25 20:50 -------- d-----w- c:\documents and settings\Cindy\Application Data\Canon 2009-05-12 21:08 . 2009-02-17 11:09 266400 ----a-r- c:\documents and settings\Cindy\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2009-05-07 15:32 . 2002-08-29 10:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-05 03:46 . 2009-05-04 23:48 -------- d-----w- c:\documents and settings\Cindy\Application Data\Nero 2009-05-04 23:31 . 2009-05-04 21:34 -------- d-----w- c:\program files\Common Files\Nero 2009-05-04 22:42 . 2009-05-04 21:37 -------- d-----w- c:\program files\Nero 2009-05-04 22:13 . 2009-05-04 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-05-04 20:36 . 2009-05-04 20:36 -------- d-----w- c:\program files\MSBuild 2009-05-04 20:35 . 2009-05-04 20:35 -------- d-----w- c:\program files\Reference Assemblies 2009-05-04 11:06 . 2009-05-04 11:06 -------- d-----w- c:\program files\Windows Sidebar 2009-04-17 12:26 . 2002-08-29 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-04-28 18:57 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2004-01-10 07:27 . 2004-01-10 07:27 693840 -c--a-w- c:\program files\wmv9VCMsetup.exe 2003-10-28 20:50 . 2003-10-28 20:50 5313488 -c--a-w- c:\program files\DivX51Bundle.exe 2003-10-23 02:56 . 2003-10-23 02:56 723963 -c--a-w- c:\program files\netvampire.zip 2003-10-06 20:32 . 2003-10-06 20:32 765 -c-ha-w- c:\program files\hpothb07.tif 2003-10-06 20:32 . 2003-10-06 20:32 452 -c-ha-w- c:\program files\hpothb07.dat 2003-08-16 03:02 . 2003-08-16 03:02 3120360 -c--a-w- c:\program files\Install_AIM.exe 2003-08-15 16:22 . 2003-08-15 15:51 9130944 -c--a-w- c:\program files\AdbeRdr60_enu.exe 2002-05-19 08:48 . 2003-10-28 19:42 102 -c--a-w- c:\program files\Readme.txt 2002-05-19 07:57 . 2003-10-28 19:42 944797 -c--a-w- c:\program files\wrar300.exe 2002-05-15 06:37 . 2003-10-28 19:42 473 -c--a-w- c:\program files\rarreg.key 2008-12-16 20:52 . 2008-12-16 20:54 94208 ----a-w- c:\program files\mozilla firefox\components\blsfflock.dll 2008-09-04 19:03 . 2008-09-04 19:03 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2008-09-04 19:03 . 2008-09-04 19:03 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2008-09-04 19:03 . 2008-09-04 19:03 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-08_04.12.27 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-12 09:26 . 2009-06-12 09:26 16384 c:\windows\temp\Perflib_Perfdata_604.dat - 2002-08-29 10:00 . 2009-03-08 09:33 25600 c:\windows\SYSTEM32\jsproxy.dll + 2002-08-29 10:00 . 2009-04-30 21:22 25600 c:\windows\SYSTEM32\jsproxy.dll + 2006-05-10 05:22 . 2009-04-30 21:22 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll - 2006-05-10 05:22 . 2009-03-08 09:33 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll - 2009-06-05 05:40 . 2009-06-08 01:15 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-06-05 05:40 . 2009-06-12 07:38 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-06-05 05:40 . 2009-06-12 07:38 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat - 2009-06-05 05:40 . 2009-06-08 01:15 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat + 2002-09-30 10:11 . 2009-06-10 19:10 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe - 2002-09-30 10:11 . 2009-04-16 05:57 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe + 2002-09-30 10:11 . 2009-06-10 19:10 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe - 2002-09-30 10:11 . 2009-04-16 05:57 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe - 2002-09-30 10:11 . 2009-04-16 05:57 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe + 2002-09-30 10:11 . 2009-06-10 19:10 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe + 2002-09-30 10:11 . 2009-06-10 19:10 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe - 2002-09-30 10:11 . 2009-04-16 05:57 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe + 2009-06-10 19:10 . 2009-06-10 19:10 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2009-06-05 17:24 . 2009-06-05 17:24 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2003-07-17 22:58 . 2009-06-08 08:18 69120 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\xlicons.exe - 2003-07-17 22:58 . 2003-09-23 17:46 69120 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\xlicons.exe - 2003-07-17 22:58 . 2003-09-23 17:46 35328 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\wordicon.exe + 2003-07-17 22:58 . 2009-06-08 08:18 35328 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\wordicon.exe - 2003-07-17 22:58 . 2003-09-23 17:46 30208 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\pptico.exe + 2003-07-17 22:58 . 2009-06-08 08:18 30208 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\pptico.exe - 2003-07-17 22:58 . 2003-09-23 17:46 11264 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\PEicons.exe + 2003-07-17 22:58 . 2009-06-08 08:18 11264 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\PEicons.exe - 2003-07-17 22:58 . 2003-09-23 17:46 28160 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe + 2003-07-17 22:58 . 2009-06-08 08:18 28160 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe + 2003-07-17 22:58 . 2009-06-08 08:18 73216 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\fpicon.exe - 2003-07-17 22:58 . 2003-09-23 17:46 73216 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\fpicon.exe + 2003-07-17 22:58 . 2009-06-08 08:18 22528 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\bindico.exe - 2003-07-17 22:58 . 2003-09-23 17:46 22528 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\bindico.exe + 2009-04-03 23:01 . 2009-04-03 23:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNVP.DLL + 2009-04-03 22:57 . 2009-04-03 22:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12EXE.EXE + 2009-06-10 19:09 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll + 2009-06-10 19:09 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll - 2002-09-30 10:11 . 2009-04-16 05:57 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe + 2002-09-30 10:11 . 2009-06-10 19:10 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe - 2002-09-30 10:11 . 2009-04-16 05:57 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe + 2002-09-30 10:11 . 2009-06-10 19:10 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe + 2002-09-30 10:11 . 2009-06-10 19:10 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe - 2002-09-30 10:11 . 2009-04-16 05:57 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe + 2009-06-08 21:14 . 2009-06-08 21:12 148888 c:\windows\SYSTEM32\javaws.exe + 2009-06-08 21:14 . 2009-06-08 21:12 144792 c:\windows\SYSTEM32\javaw.exe + 2009-06-08 21:14 . 2009-06-08 21:12 144792 c:\windows\SYSTEM32\java.exe + 2002-08-29 10:00 . 2009-04-30 21:22 385536 c:\windows\SYSTEM32\iedkcs32.dll - 2002-08-29 10:00 . 2009-03-08 09:32 173056 c:\windows\SYSTEM32\ie4uinit.exe + 2002-08-29 10:00 . 2009-04-30 11:21 173056 c:\windows\SYSTEM32\ie4uinit.exe - 2002-09-30 10:15 . 2009-06-05 18:45 336256 c:\windows\SYSTEM32\FNTCACHE.DAT + 2002-09-30 10:15 . 2003-05-20 05:00 336256 c:\windows\SYSTEM32\FNTCACHE.DAT + 2006-05-10 05:23 . 2009-05-13 05:15 915456 c:\windows\SYSTEM32\DLLCACHE\wininet.dll + 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\SYSTEM32\DLLCACHE\rpcrt4.dll + 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\SYSTEM32\DLLCACHE\localspl.dll + 2006-11-07 09:27 . 2009-04-30 21:22 385536 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll + 2006-11-07 09:26 . 2009-04-30 11:21 173056 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe - 2006-11-07 09:26 . 2009-03-08 09:32 173056 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe - 2009-06-06 21:28 . 2009-06-06 17:35 245760 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat + 2009-06-06 21:28 . 2009-06-10 19:41 245760 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat + 2009-06-12 09:12 . 2009-06-12 09:12 389120 c:\windows\SYSTEM32\CF17690.exe - 2003-07-17 22:58 . 2003-09-23 17:46 104960 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\outicon.exe + 2003-07-17 22:58 . 2009-06-08 08:18 104960 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\outicon.exe + 2003-07-17 22:58 . 2009-06-08 08:18 155136 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\accicons.exe - 2003-07-17 22:58 . 2003-09-23 17:46 155136 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\accicons.exe + 2009-06-10 19:09 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll + 2009-06-10 19:09 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll + 2009-06-10 19:09 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe + 2009-06-10 19:09 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll + 2009-06-10 19:09 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll + 2009-06-10 19:09 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe + 2005-09-02 20:19 . 2009-04-30 21:22 1207808 c:\windows\SYSTEM32\urlmon.dll + 2005-10-04 17:19 . 2009-05-13 05:15 5936128 c:\windows\SYSTEM32\mshtml.dll - 2006-10-17 17:57 . 2009-03-08 09:32 1985024 c:\windows\SYSTEM32\iertutil.dll + 2006-10-17 17:57 . 2009-04-30 21:22 1985024 c:\windows\SYSTEM32\iertutil.dll + 2008-10-15 17:44 . 2009-04-17 12:26 1847168 c:\windows\SYSTEM32\DLLCACHE\win32k.sys + 2006-05-10 05:23 . 2009-04-30 21:22 1207808 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll + 2006-05-19 15:08 . 2009-05-13 05:15 5936128 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll - 2007-05-10 06:30 . 2009-03-08 09:32 1985024 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll + 2007-05-10 06:30 . 2009-04-30 21:22 1985024 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll + 2009-04-03 22:57 . 2009-04-03 22:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12CNV.DLL + 2009-06-10 19:09 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll + 2009-06-10 19:09 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll + 2009-06-10 19:09 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll + 2005-10-17 01:20 . 2009-06-01 16:51 23635392 c:\windows\SYSTEM32\MRT.exe + 2006-11-08 03:03 . 2009-04-30 21:22 11064832 c:\windows\SYSTEM32\ieframe.dll + 2007-05-10 06:30 . 2009-04-30 21:22 11064832 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll + 2009-04-03 23:01 . 2009-04-03 23:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNV.EXE + 2009-06-10 19:09 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-09-15 380928] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672] "IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304] "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-31 185896] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-08 148888] c:\documents and settings\Cindy\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-1-21 217088] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-7-14 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk] backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Cindy^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Cindy^Start Menu^Programs^Startup^MostFun.lnk] backup=c:\windows\pss\MostFun.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= S2 IcRecUsb;IC Recorder Driver;c:\windows\SYSTEM32\DRIVERS\IcRecUsb.sys [7/9/2007 7:38 PM 17432] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/16/2008 3:45 PM 203280] S3 JFMGBVTWO;JFMGBVTWO;c:\docume~1\CINDY~2\LOCALS~1\Temp\JFMGBVTWO.exe [6/11/2009 9:38 PM 355200] S3 YION;YION;c:\docume~1\CINDY~2\LOCALS~1\Temp\YION.exe [6/11/2009 8:51 PM 514944] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-05-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-16 19:32] 2009-06-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-16 19:32] 2005-10-19 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [2006-05-12 20:40] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://yahoo.sbc.com/dsl mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsl uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm Trusted Zone: internet Trusted Zone: mcafee.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {3492AC37-16C6-42FC-A2CA-439E9CFDACDF} - hxxp://falcon.web2server.info/install/1.4/ie/install.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-12 04:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2500) c:\windows\system32\WININET.dll c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\SYSTEM32\UStorSrv.exe c:\windows\wanmpsvc.exe c:\windows\SYSTEM32\fxssvc.exe c:\windows\SYSTEM32\CF17690.exe c:\program files\Yahoo!\browser\ycommon.exe c:\program files\SBC Self Support Tool\bin\mpbtn.exe c:\windows\SYSTEM32\wscntfy.exe c:\progra~1\McAfee\MSC\mcuimgr.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\Real\RealPlayer\realplay.exe . ************************************************************************** . Completion time: 2009-06-12 4:39 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-12 09:39 ComboFix2.txt 2009-06-10 03:45 ComboFix3.txt 2009-06-08 04:22 Pre-Run: 6,038,839,296 bytes free Post-Run: 6,049,865,728 bytes free 319 --- E O F --- 2009-06-10 19:11

Hi I only did the log file, because I don't know if you want me to run autofix from HAXFIX. I have attached the log file for Rootkit Revealer. For some reason the Rootkit Revealer doesn't save correctly. I tried to save it on the desktop but then it shows up an alert saying something Rootkit Revealer program needs to be closed. It's kind of like frozen. It did that twice because I tried to scan it again. When I look for the log files on the desktop it doesn't show up. Then I run the Rootkit Revealer program again and click file save and clicked rootkitrevealer and then open. That's how I got the log file. I hope nothings wrong with it. I thought I should let you know. THANK YOU! HAXFIX logfile - by Marckie version 5.081 Thu 06/11/2009 21:59:52.79 running from C:\HaxFix --- Checking for Haxdoor --- checking for a3d files a3d files not found checking for matching notify keys no matching notify keys found checking for matching services matching services found Aspi32 checking for matching safeboot services no matching safeboot services found --- Checking for Goldun - Spybanker --- checking for SSODL keys no ssodl keys found checking for notify keys no notify keys found checking for services no services found checking for random used files and services -- these files are not necessarily malicious -- scanning all folders C:\I386\NETEL90A.INF C:\I386\NETEL980.INF C:\I386\EVENTVWR.EXE C:\I386\LPRHELP.DLL C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\startStopIS.dll no matching random used services found checking for browser helper objects no known browser helper objects found checking for appinit files no files found checking for possible infected files please submit these file here: http://www.bleepingcomputer.com/submit-mal....php?channel=11 no files found checking for Active Setup Installed Components no known Active Setup Installed Components found checking iexplore.exe iexplore.exe is not infected --- Checking for other Goldun, Spybanker and Haxdoor files --- no other Haxdoor or Goldun files found --- Catchme logfile - thank you Gmer --- catchme 0.3.1380.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-11 22:04:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... C:\WINDOWS\SYSTEM32\findstr.exe [2116] 0x82CD4840 scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:19,da,35,d3,79,b1,46,f4,31,cb,51,2d,c2,25,55,76,60,69,84,9a,a1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:19,da,35,d3,79,b1,46,f4,31,cb,51,2d,c2,25,55,76,60,69,84,9a,a1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:19,da,35,d3,79,b1,46,f4,31,cb,51,2d,c2,25,55,76,60,69,84,9a,a1,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:000039d5 scanning hidden files ... scan completed successfully hidden processes: 1 hidden services: 0 hidden files: 0 --- Analysing Catchme logfile --- no matching regkeys found Finished!

I just tested the Safe Mode. Is it the Safe Mode suppose to have many lines something like" multi(0)disk(0)........ and it is in black screen before going to the Safe Mode? If it is then I can run it in Safe Mode. I think maybe I added the Recovery console then they let me boot on Safe Mode. I am not sure.I tried Step 2 but it won't let me scan it and it crashes. I have also attached the GMER log file. Thanks for explaining the joke about the cat. Now I understand it. It is funny. I hope you have a sweet dream. THANK YOU! ROOTREPEAL CRASH REPORT ------------------------- Exception Code: 0xc0000005 Exception Address: 0x00412d1a Attempt to read from address: 0x00ee2004

I forgot to ask. On step 4. I only need to get a log file right? I don't need to run auto fix?Thank You!

I don't think I can run in Safe mode. Last time I ran it, it gives me some kind of warning and to reboot the computer on normal mode. But I will try it again.

I don't really get the cat part. I don't have a cat also.

I tried it and it won't let me. It's giving me the same error message twice. THANK YOU!

Yes. I tried that many times and it still doesn't work. From the beginning, I used the MSCONFIG to check to see if there were any weird stuff on the Startup Tab. It was so I tried to unchecked that weird Chinese Characters and then I clicked apply. This message showed up. "An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes." And I clicked ok the above message showed up again. And then it gives me a choice to select either restart or exit restart. I clicked restart. Since then I can't make any changes at all. Firefox acting kind of funny. Some of the website I went to is redirecting me to my internet provider site. When I use my Internet Explorer and my internet provider brower doesn't do that. Should I just follow the steps on the massage you posted on 11pm? THANK YOU! Here is the new log from Malwarebytes Anti-Malware: Malwarebytes' Anti-Malware 1.37 Database version: 2260 Windows 5.1.2600 Service Pack 3 6/10/2009 11:54:30 PM mbam-log-2009-06-10 (23-54-30).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 266524 Time elapsed: 2 hour(s), 34 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

The twins are so cute and it is very funny.

MicrosoftFix doesn't solve that either. I ran it twice. I am starting to think I will never get this fix. But you are doing an awesome job on helping me. Most of all you are very patience. I am still scanning with Malwarebytes Anti-Malware. My power went out when I was scanning in the middle of it, so I have to start over. I will post the log when it is done. THANK YOU!

I tried that and it still doesn't fix the problems either. When I was run the Dial-a-fix program. It gives me some error messages. They are: Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Your version of iesetup.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Your version of imgutil.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Your version of inseng.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Your version of inseng.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Your version of mshtml.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Your version of mshtml.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Your version of msrating.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Your version of occachel.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Your version of occache.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Your version of pngfilt.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Your version of webcheck.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Your version of webcheck.dll is 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of this file. THANK YOU!

No, it's still checked in Selective Startup and also giving that same ignoring message " access Denied error thingy AND after that it will give me an option to restart or exit restart. THANK YOU!

Here is some more new logs. I don't know if this would help, probably not. On the System Configuration Utility, Startup Tab, Startup Item (it has Chinese characters) Command (Chinese characters again) Location (SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows) Thank you! Malwarebytes' Anti-Malware 1.37 Database version: 2256 Windows 5.1.2600 Service Pack 3 6/9/2009 11:25:15 PM mbam-log-2009-06-09 (23-25-15).txt Scan type: Quick Scan Objects scanned: 129659 Time elapsed: 6 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 09-06-09.06 - Cindy 06/09/2009 22:20.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.191 [GMT -5:00] Running from: c:\documents and settings\Cindy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Cindy\Desktop\CFscript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\program files\bittorrent-3.3.exe" "c:\program files\EZAntivirus.exe" "c:\program files\spyhunterS3.exe" "c:\windows\System32\Drivers\sptd.sys" "c:\windows\Tasks\ISP signup reminder 1.job" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\635980274c573cde37e5c1d5 c:\635980274c573cde37e5c1d5\amd64\filterpipelineprintproc.dll c:\635980274c573cde37e5c1d5\amd64\msxpsdrv.cat c:\635980274c573cde37e5c1d5\amd64\msxpsdrv.inf c:\635980274c573cde37e5c1d5\amd64\msxpsinc.gpd c:\635980274c573cde37e5c1d5\amd64\msxpsinc.ppd c:\635980274c573cde37e5c1d5\amd64\mxdwdrv.dll c:\635980274c573cde37e5c1d5\amd64\xpssvcs.dll c:\635980274c573cde37e5c1d5\i386\filterpipelineprintproc.dll c:\635980274c573cde37e5c1d5\i386\msxpsdrv.cat c:\635980274c573cde37e5c1d5\i386\msxpsdrv.inf c:\635980274c573cde37e5c1d5\i386\msxpsinc.gpd c:\635980274c573cde37e5c1d5\i386\msxpsinc.ppd c:\635980274c573cde37e5c1d5\i386\mxdwdrv.dll c:\635980274c573cde37e5c1d5\i386\xpssvcs.dll c:\program files\bittorrent-3.3.exe c:\program files\EZAntivirus.exe c:\program files\spyhunterS3.exe c:\windows\System32\Drivers\sptd.sys c:\windows\Tasks\ISP signup reminder 1.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SPTD -------\Service_sptd ((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 ))))))))))))))))))))))))))))))) . 2009-06-09 17:15 . 2009-06-09 17:15 -------- d-----w- c:\documents and settings\Cindy\DoctorWeb 2009-06-08 21:31 . 2009-06-08 21:31 -------- d-----w- c:\program files\ESET 2009-06-08 21:26 . 2009-06-08 21:26 -------- d-sh--w- c:\documents and settings\Cindy\PrivacIE 2009-06-08 21:14 . 2009-06-08 21:12 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-08 21:12 . 2009-06-08 21:12 -------- d-----w- c:\program files\Java 2009-06-08 20:36 . 2009-06-08 20:36 -------- d-----w- c:\program files\CCleaner 2009-06-06 23:11 . 2009-06-06 23:11 -------- d-----w- c:\program files\Trend Micro 2009-06-06 21:28 . 2009-06-06 21:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-06 15:04 . 2009-06-06 15:04 -------- d-----w- c:\documents and settings\Cindy\Application Data\Malwarebytes 2009-06-06 15:03 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-06 15:03 . 2009-06-06 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-06 15:03 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-06 15:03 . 2009-06-06 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-06 11:25 . 2009-06-06 11:25 -------- d-sh--w- c:\documents and settings\Daniel\IETldCache 2009-06-06 10:57 . 2009-06-06 11:17 -------- d-----w- c:\program files\XoftSpySE 2009-06-05 18:48 . 2009-06-05 18:48 -------- d-sh--w- c:\documents and settings\Cindy\IETldCache 2009-06-05 18:10 . 2009-06-05 18:45 -------- d-----w- c:\windows\SxsCaPendDel 2009-06-05 17:49 . 2009-06-05 17:49 -------- d-----w- c:\windows\ie8updates 2009-06-05 17:46 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-06-05 17:38 . 2009-06-05 17:46 -------- dc-h--w- c:\windows\ie8 2009-06-05 07:44 . 2009-06-05 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix 2009-06-05 07:40 . 2009-06-05 07:40 -------- d-----w- c:\documents and settings\Cindy\Local Settings\Application Data\Citrix 2009-06-05 07:39 . 2009-06-05 07:39 61224 ----a-w- c:\documents and settings\Cindy\GoToAssistDownloadHelper.exe 2009-06-05 06:22 . 2009-06-05 06:22 49152 ----a-r- c:\documents and settings\Cindy\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe 2009-06-05 06:22 . 2009-06-05 06:22 49152 ----a-r- c:\documents and settings\Cindy\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-09 21:45 . 2005-01-21 17:31 -------- d-----w- c:\program files\Common Files\Motive 2009-06-08 08:16 . 2009-06-08 08:15 108856 ----a-w- c:\documents and settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-08 03:46 . 2008-12-16 20:52 1457 ----a-w- c:\windows\AC6A35BD-5292-43f6-B548-5FE3C42C144C.bat 2009-06-05 18:51 . 2003-07-17 19:10 108856 ----a-w- c:\documents and settings\Cindy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-05 07:40 . 2007-07-19 23:56 -------- d-----w- c:\program files\Citrix 2009-06-05 06:21 . 2008-12-16 20:34 -------- d-----w- c:\program files\McAfee 2009-05-14 19:16 . 2009-05-06 18:55 -------- d-----w- c:\program files\Coupons 2009-05-12 21:23 . 2005-10-25 20:50 -------- d-----w- c:\documents and settings\Cindy\Application Data\Canon 2009-05-12 21:08 . 2009-02-17 11:09 266400 ----a-r- c:\documents and settings\Cindy\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2009-05-05 03:46 . 2009-05-04 23:48 -------- d-----w- c:\documents and settings\Cindy\Application Data\Nero 2009-05-04 23:31 . 2009-05-04 21:34 -------- d-----w- c:\program files\Common Files\Nero 2009-05-04 22:42 . 2009-05-04 21:37 -------- d-----w- c:\program files\Nero 2009-05-04 22:13 . 2009-05-04 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-05-04 20:36 . 2009-05-04 20:36 -------- d-----w- c:\program files\MSBuild 2009-05-04 20:35 . 2009-05-04 20:35 -------- d-----w- c:\program files\Reference Assemblies 2009-05-04 11:06 . 2009-05-04 11:06 -------- d-----w- c:\program files\Windows Sidebar 2004-01-10 07:27 . 2004-01-10 07:27 693840 -c--a-w- c:\program files\wmv9VCMsetup.exe 2003-10-28 20:50 . 2003-10-28 20:50 5313488 -c--a-w- c:\program files\DivX51Bundle.exe 2003-10-23 02:56 . 2003-10-23 02:56 723963 -c--a-w- c:\program files\netvampire.zip 2003-10-06 20:32 . 2003-10-06 20:32 765 -c-ha-w- c:\program files\hpothb07.tif 2003-10-06 20:32 . 2003-10-06 20:32 452 -c-ha-w- c:\program files\hpothb07.dat 2003-08-16 03:02 . 2003-08-16 03:02 3120360 -c--a-w- c:\program files\Install_AIM.exe 2003-08-15 16:22 . 2003-08-15 15:51 9130944 -c--a-w- c:\program files\AdbeRdr60_enu.exe 2002-05-19 08:48 . 2003-10-28 19:42 102 -c--a-w- c:\program files\Readme.txt 2002-05-19 07:57 . 2003-10-28 19:42 944797 -c--a-w- c:\program files\wrar300.exe 2002-05-15 06:37 . 2003-10-28 19:42 473 -c--a-w- c:\program files\rarreg.key 2008-12-16 20:52 . 2008-12-16 20:54 94208 ----a-w- c:\program files\mozilla firefox\components\blsfflock.dll 2008-09-04 19:03 . 2008-09-04 19:03 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2008-09-04 19:03 . 2008-09-04 19:03 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2008-09-04 19:03 . 2008-09-04 19:03 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-08_04.12.27 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-10 03:31 . 2009-06-10 03:31 16384 c:\windows\temp\Perflib_Perfdata_474.dat - 2009-06-05 05:40 . 2009-06-08 01:15 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-06-05 05:40 . 2009-06-10 02:31 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-06-05 05:40 . 2009-06-08 01:15 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat + 2009-06-05 05:40 . 2009-06-10 02:31 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat + 2003-07-17 22:58 . 2009-06-08 08:18 69120 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\xlicons.exe - 2003-07-17 22:58 . 2003-09-23 17:46 69120 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\xlicons.exe + 2003-07-17 22:58 . 2009-06-08 08:18 35328 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\wordicon.exe - 2003-07-17 22:58 . 2003-09-23 17:46 35328 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\wordicon.exe - 2003-07-17 22:58 . 2003-09-23 17:46 30208 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\pptico.exe + 2003-07-17 22:58 . 2009-06-08 08:18 30208 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\pptico.exe + 2003-07-17 22:58 . 2009-06-08 08:18 11264 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\PEicons.exe - 2003-07-17 22:58 . 2003-09-23 17:46 11264 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\PEicons.exe - 2003-07-17 22:58 . 2003-09-23 17:46 28160 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe + 2003-07-17 22:58 . 2009-06-08 08:18 28160 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe - 2003-07-17 22:58 . 2003-09-23 17:46 73216 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\fpicon.exe + 2003-07-17 22:58 . 2009-06-08 08:18 73216 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\fpicon.exe + 2003-07-17 22:58 . 2009-06-08 08:18 22528 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\bindico.exe - 2003-07-17 22:58 . 2003-09-23 17:46 22528 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\bindico.exe + 2009-06-08 21:14 . 2009-06-08 21:12 148888 c:\windows\SYSTEM32\javaws.exe + 2009-06-08 21:14 . 2009-06-08 21:12 144792 c:\windows\SYSTEM32\javaw.exe + 2009-06-08 21:14 . 2009-06-08 21:12 144792 c:\windows\SYSTEM32\java.exe - 2003-07-17 22:58 . 2003-09-23 17:46 104960 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\outicon.exe + 2003-07-17 22:58 . 2009-06-08 08:18 104960 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\outicon.exe + 2003-07-17 22:58 . 2009-06-08 08:18 155136 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\accicons.exe - 2003-07-17 22:58 . 2003-09-23 17:46 155136 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\accicons.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ParetoLogic Anti-Spyware"="c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2007-08-01 2643312] "AIM"="c:\program files\AIM\aim.exe" [2003-08-01 61440] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-09-15 380928] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672] "IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304] "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-31 185896] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-08 148888] c:\documents and settings\Cindy\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-1-21 217088] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-7-14 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= "c:\program files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [2007-08-01 98304] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk] backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Cindy^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Cindy^Start Menu^Programs^Startup^MostFun.lnk] backup=c:\windows\pss\MostFun.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/16/2008 3:45 PM 203280] S2 IcRecUsb;IC Recorder Driver;c:\windows\SYSTEM32\DRIVERS\IcRecUsb.sys [7/9/2007 7:38 PM 17432] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-05-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-16 19:32] 2009-06-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-16 19:32] 2009-06-05 c:\windows\Tasks\ParetoLogic Anti-Spyware.job - c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe [2007-08-01 20:56] 2009-06-09 c:\windows\Tasks\ParetoLogic Update.job - c:\program files\Common Files\ParetoLogic\UUS\Pareto_Update.exe [2007-08-01 18:39] 2005-10-19 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [2006-05-12 20:40] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://yahoo.sbc.com/dsl mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsl uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm Trusted Zone: internet Trusted Zone: mcafee.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {3492AC37-16C6-42FC-A2CA-439E9CFDACDF} - hxxp://falcon.web2server.info/install/1.4/ie/install.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab FF - ProfilePath - c:\documents and settings\Cindy\Application Data\Mozilla\Firefox\Profiles\uhgesm42.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\program files\Mozilla Firefox\components\blsfflock.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.mcafee.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3492AC37-16C6-42FC-A2CA-439E9CFDACDF} - http://falcon.web2server.info/install/1.4/ie/install.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152515880921 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/download/kdx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BED16ABC-31F9-441A-86CD-ECF906FFF14B}: NameServer = 68.94.156.1 151.164.8.201 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12521 bytes

I am pretty sure I have downloaded the combofix.exe before and it was in the desktop. Now it is not there anymore. I don't think I delete it. Is it ok to download a new copy and just follow those steps? Thank you!

I hope I did everything correctly this time. Thank you! Service Pack 3 6 9 2009 19:10:24.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver sptd.sys Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS Loaded driver ACPI.sys Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver pciide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver PxHelp20.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver Mup.sys Loaded driver agp440.sys Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\System32\DRIVERS\ialmnt5.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\System32\DRIVERS\HSFHWBS2.sys Loaded driver \SystemRoot\System32\DRIVERS\HSF_DP.sys Loaded driver \SystemRoot\System32\DRIVERS\HSF_CNXT.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\System32\DRIVERS\bcm4sbxp.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\system32\drivers\Imapi.sys Loaded driver \SystemRoot\system32\drivers\pfc.sys Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys Loaded driver \SystemRoot\system32\drivers\smwdm.sys Loaded driver \SystemRoot\system32\drivers\aeaudio.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\wanatw4.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\omci.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\System32\Drivers\Mpfp.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\DRIVERS\serial.sys Did not load driver \SystemRoot\System32\DRIVERS\p3.sys Did not load driver \SystemRoot\System32\DRIVERS\processr.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\Drivers\SCDEmu.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\drivers\mfehidk.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Aspi32.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Did not load driver \SystemRoot\System32\Drivers\IcRecUsb.sys Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \SystemRoot\System32\DRIVERS\mdmxsdk.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\drivers\mfebopk.sys Loaded driver \SystemRoot\system32\drivers\mfeavfk.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys Loaded driver \SystemRoot\system32\drivers\mfesmfk.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys

That step doesn't solve the problems either. Here are the 2 logs. AdvancedSetup, your time and help is appreciated. I just wish this stubborn problem would be solved. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:54:51 PM, on 6/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe C:\Program Files\AIM\aim.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3492AC37-16C6-42FC-A2CA-439E9CFDACDF} - http://falcon.web2server.info/install/1.4/ie/install.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152515880921 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/download/kdx.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12220 bytes This is the log from DrWeb CakeManiaInstall.exe/data016\data002;C:\Documents and Settings\Cindy\My Documents\New downloads\everything\CakeManiaInstall.exe/data016;Adware.SpywareStorm;; data016;C:\Documents and Settings\Cindy\My Documents\New downloads\everything;Archive contains infected objects;; CakeManiaInstall.exe;C:\Documents and Settings\Cindy\My Documents\New downloads\everything;Archive contains infected objects;Moved.; InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably MULDROP.Trojan;Incurable.Moved.; SlgClientServicesRedists.exe\data002;C:\Program Files\GameHouse\Cake Mania\SlgClientServicesRedists.exe;Adware.SpywareStorm;; SlgClientServicesRedists.exe;C:\Program Files\GameHouse\Cake Mania;Archive contains infected objects;Moved.; mirc.exe;C:\sysreset;Program.mIRC.612;Moved.; A0001132.bat;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1;Probably BATCH.Virus;Incurable.Moved.; A0001164.exe/data002\32788R22FWJFW\FIND3M.bat;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0001164.exe/data002;Probably BATCH.Virus;; data002;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1;Archive contains infected objects;; A0001164.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1;Container contains infected objects;Moved.; A0003688.exe\data002;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0003688.exe;Adware.SpywareStorm;; A0003688.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5;Archive contains infected objects;Moved.; A0003689.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5;Program.mIRC.612;Moved.;

Sadly, that doesn't work either. Whenever I check with MSCONFIG, the general tap the Selective Startup has been selected. It won't let me change anything and it always show that pop up alerting saying "access Denied error was returned while attempting to change a service. You need to log on using An Administrator account to make the specified changes." It shows up twice and then giving me the option to restart or exit. Even if I selected the Normal Startup, that pop up still come up. I can't never get rid of that chinese characters. I also want to mention, my other Anti-spyware scanned up another thing called " WinAntivirus Pro 2006 but Malwarebytes Anti-Malware can't detect it at all. I didn't clean it when I use Malwarebytes Anti-Malware because it has the most updates. Is there anymore suggestion to try it? Thank you!

Hi, I tried that step and it still doesn't work. But my anti-Spyware saying something like a program has been configured to run at the startup and could potentially be malware. That warning only show up when I tried to uncheck that weird characters on the Startup tab and also saying access denied error for not being in an Administrator account. My Anti- Spyware gives me a path: C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE/auto It lets me block it's access. But before I used Malwarebytes Anti-Malware, it won't let my block it at all. I hope this little information helps a bit. Thank you!

I have followed all the steps and with 2 new logs requested. What should I do next? Thank you! JavaRa 1.14 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Jun 08 14:58:48 2009 Found and removed: Software\JavaSoft\Java2D\1.5.0_03 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} ------------------------------------ Finished reporting. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=62bdc403ff18eb489d56c7eac1bd3db2 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-06-08 11:00:12 # local_time=2009-06-08 06:00:12 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 37 100 88 433196027187500 # scanned=137522 # found=0 # cleaned=0 # scan_time=5034

Here are the new logs. I have attached the Attach.txt log. Thank you! Malwarebytes' Anti-Malware 1.37 Database version: 2246 Windows 5.1.2600 Service Pack 3 6/8/2009 1:24:07 AM mbam-log-2009-06-08 (01-24-07).txt Scan type: Quick Scan Objects scanned: 122806 Time elapsed: 14 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:06:27 AM, on 6/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3492AC37-16C6-42FC-A2CA-439E9CFDACDF} - http://falcon.web2server.info/install/1.4/ie/install.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152515880921 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/download/kdx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BED16ABC-31F9-441A-86CD-ECF906FFF14B}: NameServer = 68.94.156.1 151.164.8.201 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 11798 bytes DDS (Ver_09-05-14.01) - NTFSx86 Run by Cindy at 1:26:21.54 on Mon 06/08/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.276 [GMT -5:00] AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\WINDOWS\system32\wuauclt.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Documents and Settings\Cindy\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.msn.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://yahoo.sbc.com/dsl mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsl uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ParetoLogic Anti-Spyware] "c:\program files\paretologic\anti-spyware\Pareto_AS.exe" -NM -hidesplash uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe" mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe mRun: [iPInSightMonitor 01] "c:\program files\sbc yahoo!\connection manager\ip insight\IPMon32.exe" mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide StartupFolder: c:\docume~1\cindyb~2\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE uPolicies-explorer: EditLevel = 0 (0x0) uPolicies-explorer: NoCommonGroups = 0 (0x0) IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {3492AC37-16C6-42FC-A2CA-439E9CFDACDF} - hxxp://falcon.web2server.info/install/1.4/ie/install.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} - hxxp://216.249.24.142/code/PWActiveXImgCtl.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152515880921 DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} - hxxp://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX/download/kdx.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: PASShlExt Class: {51c55f9e-c308-4c95-89ab-8858d8afd819} - c:\program files\paretologic\anti-spyware\PASShlExt.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\cindy~2\applic~1\mozilla\firefox\profiles\uhgesm42.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.marketamerica.com/lilant FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\program files\mozilla firefox\components\blsfflock.dll FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-16 201320] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-16 203280] R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2008-12-16 144704] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-16 79304] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-16 35240] S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2007-7-9 17432] S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-16 359248] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-16 33832] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-16 40488] S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-16 695624] =============== Created Last 30 ================ 2009-06-07 22:57 <DIR> a-dshr-- C:\cmdcons 2009-06-07 22:54 161,792 a------- c:\windows\SWREG.exe 2009-06-07 22:54 155,136 a------- c:\windows\PEV.exe 2009-06-07 22:54 98,816 a------- c:\windows\sed.exe 2009-06-06 18:11 <DIR> --d----- c:\program files\Trend Micro 2009-06-06 10:04 <DIR> --d----- c:\docume~1\cindy~2\applic~1\Malwarebytes 2009-06-06 10:03 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-06 10:03 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-06-06 10:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-06-06 10:03 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-06-06 05:57 <DIR> --d----- c:\program files\XoftSpySE 2009-06-05 13:48 <DIR> --dsh--- c:\documents and settings\cindy\IETldCache 2009-06-05 13:13 <DIR> --d----- C:\635980274c573cde37e5c1d5 2009-06-05 13:10 <DIR> --d----- c:\windows\SxsCaPendDel 2009-06-05 12:49 <DIR> --d----- c:\windows\ie8updates 2009-06-05 12:46 102,912 -------- c:\windows\system32\dllcache\iecompat.dll 2009-06-05 12:38 <DIR> -cd-h--- c:\windows\ie8 2009-06-05 02:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix 2009-06-05 02:39 61,224 a------- c:\documents and settings\cindy\GoToAssistDownloadHelper.exe 2009-06-02 19:11 54,156 a---h--- c:\windows\QTFont.qfn 2009-06-02 19:11 1,409 a------- c:\windows\QTFont.for ==================== Find3M ==================== 2009-06-07 20:33 108,856 a------- c:\docume~1\cindy~2\applic~1\GDIPFONTCACHEV1.DAT 2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll 2009-02-17 15:00 47,360 a------- c:\docume~1\cindy~2\applic~1\pcouffin.sys 2008-11-19 21:00 60,744 a------- c:\documents and settings\cindy\g2mdlhlpx.exe 2007-07-16 00:49 110 ac------ c:\docume~1\alluse~1\applic~1\MostFunGameId.bin 2004-01-10 02:27 693,840 ac------ c:\program files\wmv9VCMsetup.exe 2003-11-27 22:56 2,847,377 ac------ c:\program files\bittorrent-3.3.exe 2003-11-04 16:05 3,909,192 ac------ c:\program files\EZAntivirus.exe 2003-10-28 15:50 5,313,488 ac------ c:\program files\DivX51Bundle.exe 2003-10-22 21:56 723,963 ac------ c:\program files\netvampire.zip 2003-10-06 15:32 765 ac--h--- c:\program files\hpothb07.tif 2003-10-06 15:32 452 ac--h--- c:\program files\hpothb07.dat 2003-10-01 10:55 2,410,929 ac------ c:\program files\spyhunterS3.exe 2003-09-30 15:16 0 ac--h--- c:\documents and settings\cindy\hpothb07.dat 2003-08-15 22:02 3,120,360 ac------ c:\program files\Install_AIM.exe 2003-08-15 11:22 9,130,944 ac------ c:\program files\AdbeRdr60_enu.exe 2002-05-19 03:48 102 ac------ c:\program files\Readme.txt 2002-05-19 02:57 944,797 ac------ c:\program files\wrar300.exe 2002-05-15 01:37 473 ac------ c:\program files\rarreg.key ============= FINISH: 1:27:32.01 ===============

Ok I have followed all the steps. When I checked with the Startup Tab again through to my curiousity. The Chinese characters are still there. Now my McAfee SecurityCenter Real Time Scan saying I have a Trojan called " Artemis!1C3CDF112C40" and the status saying repaired(removed). Is that a false alarm? It is kind of weird when I finished using ComboFix my desktop picture changed to my previous one. Here are the 2 logs from below. I am looking forward to anyone's help. Thank you! ComboFix 09-06-07.05 - Cindy Boortz 06/07/2009 23:05.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.161 [GMT -5:00] Running from: c:\documents and settings\Cindy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Cindy\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Cindy\Application Data\inst.exe c:\windows\patch.exe c:\windows\system32\mdm.exe . ((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 ))))))))))))))))))))))))))))))) . 2009-06-06 23:11 . 2009-06-06 23:11 -------- d-----w- c:\program files\Trend Micro 2009-06-06 21:28 . 2009-06-06 21:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-06 15:04 . 2009-06-06 15:04 -------- d-----w- c:\documents and settings\Cindy\Application Data\Malwarebytes 2009-06-06 15:03 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-06 15:03 . 2009-06-06 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-06 15:03 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-06 15:03 . 2009-06-06 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-06 11:25 . 2009-06-06 11:25 -------- d-sh--w- c:\documents and settings\Daniel\IETldCache 2009-06-06 10:57 . 2009-06-06 11:17 -------- d-----w- c:\program files\XoftSpySE 2009-06-05 18:48 . 2009-06-05 18:48 -------- d-sh--w- c:\documents and settings\Cindy\IETldCache 2009-06-05 18:13 . 2009-06-05 18:16 -------- d-----w- C:\635980274c573cde37e5c1d5 2009-06-05 18:10 . 2009-06-05 18:45 -------- d-----w- c:\windows\SxsCaPendDel 2009-06-05 17:49 . 2009-06-05 17:49 -------- d-----w- c:\windows\ie8updates 2009-06-05 17:46 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-06-05 17:38 . 2009-06-05 17:46 -------- dc-h--w- c:\windows\ie8 2009-06-05 07:44 . 2009-06-05 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix 2009-06-05 07:40 . 2009-06-05 07:40 -------- d-----w- c:\documents and settings\Cindy\Local Settings\Application Data\Citrix 2009-06-05 07:39 . 2009-06-05 07:39 61224 ----a-w- c:\documents and settings\Cindy\GoToAssistDownloadHelper.exe 2009-06-05 06:22 . 2009-06-05 06:22 49152 ----a-r- c:\documents and settings\Cindy\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe 2009-06-05 06:22 . 2009-06-05 06:22 49152 ----a-r- c:\documents and settings\Cindy\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe 2009-05-10 04:37 . 2009-05-10 04:37 -------- d-----w- c:\documents and settings\Cindy\Local Settings\Application Data\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-08 03:46 . 2008-12-16 20:52 1457 ----a-w- c:\windows\AC6A35BD-5292-43f6-B548-5FE3C42C144C.bat 2009-06-05 18:51 . 2003-07-17 19:10 108856 ----a-w- c:\documents and settings\Cindy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-05 07:40 . 2007-07-19 23:56 -------- d-----w- c:\program files\Citrix 2009-06-05 06:21 . 2008-12-16 20:34 -------- d-----w- c:\program files\McAfee 2009-05-14 19:16 . 2009-05-06 18:55 -------- d-----w- c:\program files\Coupons 2009-05-12 21:23 . 2005-10-25 20:50 -------- d-----w- c:\documents and settings\Cindy\Application Data\Canon 2009-05-12 21:08 . 2009-02-17 11:09 266400 ----a-r- c:\documents and settings\Cindy\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll 2009-05-05 03:46 . 2009-05-04 23:48 -------- d-----w- c:\documents and settings\Cindy\Application Data\Nero 2009-05-04 23:31 . 2009-05-04 21:34 -------- d-----w- c:\program files\Common Files\Nero 2009-05-04 22:42 . 2009-05-04 21:37 -------- d-----w- c:\program files\Nero 2009-05-04 22:13 . 2009-05-04 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-05-04 20:36 . 2009-05-04 20:36 -------- d-----w- c:\program files\MSBuild 2009-05-04 20:35 . 2009-05-04 20:35 -------- d-----w- c:\program files\Reference Assemblies 2009-05-04 11:06 . 2009-05-04 11:06 -------- d-----w- c:\program files\Windows Sidebar 2004-01-10 07:27 . 2004-01-10 07:27 693840 -c--a-w- c:\program files\wmv9VCMsetup.exe 2003-11-28 03:56 . 2003-11-28 03:56 2847377 -c--a-w- c:\program files\bittorrent-3.3.exe 2003-11-04 21:05 . 2003-11-04 21:05 3909192 -c--a-w- c:\program files\EZAntivirus.exe 2003-10-28 20:50 . 2003-10-28 20:50 5313488 -c--a-w- c:\program files\DivX51Bundle.exe 2003-10-23 02:56 . 2003-10-23 02:56 723963 -c--a-w- c:\program files\netvampire.zip 2003-10-06 20:32 . 2003-10-06 20:32 765 -c-ha-w- c:\program files\hpothb07.tif 2003-10-06 20:32 . 2003-10-06 20:32 452 -c-ha-w- c:\program files\hpothb07.dat 2003-10-01 15:55 . 2003-10-01 15:55 2410929 -c--a-w- c:\program files\spyhunterS3.exe 2003-08-16 03:02 . 2003-08-16 03:02 3120360 -c--a-w- c:\program files\Install_AIM.exe 2003-08-15 16:22 . 2003-08-15 15:51 9130944 -c--a-w- c:\program files\AdbeRdr60_enu.exe 2002-05-19 08:48 . 2003-10-28 19:42 102 -c--a-w- c:\program files\Readme.txt 2002-05-19 07:57 . 2003-10-28 19:42 944797 -c--a-w- c:\program files\wrar300.exe 2002-05-15 06:37 . 2003-10-28 19:42 473 -c--a-w- c:\program files\rarreg.key 2008-12-16 20:52 . 2008-12-16 20:54 94208 ----a-w- c:\program files\mozilla firefox\components\blsfflock.dll 2008-09-04 19:03 . 2008-09-04 19:03 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2008-09-04 19:03 . 2008-09-04 19:03 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2008-09-04 19:03 . 2008-09-04 19:03 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ParetoLogic Anti-Spyware"="c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2007-08-01 2643312] "AIM"="c:\program files\AIM\aim.exe" [2003-08-01 61440] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2006-09-15 380928] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672] "IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304] "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-31 185896] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576] c:\documents and settings\Cindy\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-1-21 217088] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-7-14 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "EditLevel"= 0 (0x0) "NoCommonGroups"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= "c:\program files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [2007-08-01 98304] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk] backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Cindy^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Cindy^Start Menu^Programs^Startup^MostFun.lnk] backup=c:\windows\pss\MostFun.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/16/2008 3:45 PM 203280] S2 IcRecUsb;IC Recorder Driver;c:\windows\SYSTEM32\DRIVERS\IcRecUsb.sys [7/9/2007 7:38 PM 17432] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2003-07-17 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12] 2009-05-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-16 19:32] 2009-06-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-16 19:32] 2009-06-05 c:\windows\Tasks\ParetoLogic Anti-Spyware.job - c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe [2007-08-01 20:56] 2009-06-05 c:\windows\Tasks\ParetoLogic Update.job - c:\program files\Common Files\ParetoLogic\UUS\Pareto_Update.exe [2007-08-01 18:39] 2005-10-19 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [2006-05-12 20:40] . - - - - ORPHANS REMOVED - - - - HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://yahoo.sbc.com/dsl mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsl uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm Trusted Zone: internet Trusted Zone: mcafee.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {3492AC37-16C6-42FC-A2CA-439E9CFDACDF} - hxxp://falcon.web2server.info/install/1.4/ie/install.cab FF - ProfilePath - c:\documents and settings\Cindy\Application Data\Mozilla\Firefox\Profiles\uhgesm42.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.marketamerica.com/lilant FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\program files\Mozilla Firefox\components\blsfflock.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.mcafee.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3492AC37-16C6-42FC-A2CA-439E9CFDACDF} - http://falcon.web2server.info/install/1.4/ie/install.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152515880921 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/download/kdx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BED16ABC-31F9-441A-86CD-ECF906FFF14B}: NameServer = 68.94.156.1 151.164.8.201 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 11775 bytes