Random Ad Pop-ups

Question

We've been having ad pop-ups even though we have pop-up blockers and even if we aren't using a web browser at the time.  McAfee has removed trojans Facebook.exe and browser.exe.  I found and removed twain.exe.  We're still having the problems.  I've downloaded Ad-Aware and ran that but still no fix.  Any help would be beyond awesome!   Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:03:18 PM, on 9/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\WINDOWS\system32
vsvc32.exeC:\Program Files\SiteAdvisor\6261\SAService.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\dlcicoms.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Dell AIO Printer 946\dlcimon.exeC:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\DellSupport\DSAgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Playskool\MADE FOR ME Software\HbDetect.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [ISUSPM Startup] 'C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe' -startupO4 - HKLM\..\Run: [ISUSScheduler] 'C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' -startO4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe'O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottimeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [dlcimon.exe] 'C:\Program Files\Dell AIO Printer 946\dlcimon.exe'O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [SiteAdvisor] 'C:\Program Files\SiteAdvisor\6261\SiteAdv.exe'O4 - HKLM\..\Run: [dscactivate] 'C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe'O4 - HKLM\..\Run: [DellSupportCenter] 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenterO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /backgroundO4 - HKCU\..\Run: [DellSupport] 'C:\Program Files\DellSupport\DSAgnt.exe' /startupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [HbDetect.exe] C:\Program Files\Playskool\MADE FOR ME Software\HbDetect.exeO4 - HKCU\..\Run: [DellSupportCenter] 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenterO4 - HKUS\S-1-5-21-2771855957-4210284596-745361752-1005\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background (User 'Jason')O4 - HKUS\S-1-5-21-2771855957-4210284596-745361752-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jason')O4 - HKUS\S-1-5-21-2771855957-4210284596-745361752-1005\..\Run: [DellSupport] 'C:\Program Files\DellSupport\DSAgnt.exe' /startup (User 'Jason')O4 - HKUS\S-1-5-21-2771855957-4210284596-745361752-1005\..\Run: [DellSupportCenter] 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenter (User 'Jason')O4 - HKUS\S-1-5-21-2771855957-4210284596-745361752-1005\..\Run: [Twain] C:\Program Files\Twain\Twain.exe (User 'Jason')O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://*.mcafee.comO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193579616031O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: dlci_device -   - C:\WINDOWS\system32\dlcicoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exeO23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe --End of file - 11622 bytes

bamajim · Answer

angelagriff 1. Go HERE and download File Lister. Save it to your Desktop Rt Click ->> Extract all ->> And extract it to your Desktop Additional help on extracting zip files can be found HERE Open the File Lister Folder. Rt Click FileLister.vbe ->>Select Open Then Open to confirm. As the program runs, it will appear that nothing is happening. When the program is fnished it will produce a log for you C:\Files.txt Copy and paste the contents of that log in your reply. You may have to post the results in more than one reply Microsoft MVP Consumer-Security   SpywareHammer   'The world is what you make of it'

angelagriff · Answer

9/9/2008 8:27:11 PM 2304 32 C:\Documents and Settings\Angela\Local Settings\Temp\~bfcf441eef2241c8fd7353429d00.jpg

9/9/2008 8:27:06 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~bfcf44201b254e1c8f8ceee002f00.jpd

9/9/2008 8:27:06 PM 2703 32 C:\Documents and Settings\Angela\Local Settings\Temp\~bfcf44201b254e1c8f8ceee002f00.jpg

9/9/2008 8:27:13 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~cbcf441bd11381c8fd7379683d00.jpd

9/9/2008 8:27:13 PM 1642 32 C:\Documents and Settings\Angela\Local Settings\Temp\~cbcf441bd11381c8fd7379683d00.jpg

9/9/2008 8:27:11 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~cbcf441f11245d1c8fd7353429d00.jpd

9/9/2008 8:27:11 PM 2242 32 C:\Documents and Settings\Angela\Local Settings\Temp\~cbcf441f11245d1c8fd7353429d00.jpg

9/9/2008 8:27:05 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~cbcf442110a4ce1c8f8ceeccf0200.jpd

9/9/2008 8:27:05 PM 2398 32 C:\Documents and Settings\Angela\Local Settings\Temp\~cbcf442110a4ce1c8f8ceeccf0200.jpg

9/9/2008 8:26:54 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~cdcf441410be941c8f6545abbc500.jpd

9/9/2008 8:26:54 PM 2163 32 C:\Documents and Settings\Angela\Local Settings\Temp\~cdcf441410be941c8f6545abbc500.jpg

9/9/2008 8:27:41 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~d67b225b144f301c912c9693b7300.jpd

9/9/2008 8:27:41 PM 2506 32 C:\Documents and Settings\Angela\Local Settings\Temp\~d67b225b144f301c912c9693b7300.jpg

9/9/2008 8:27:26 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~d67b225f1124631c912c95d4fb100.jpd

9/9/2008 8:27:26 PM 2031 32 C:\Documents and Settings\Angela\Local Settings\Temp\~d67b225f1124631c912c95d4fb100.jpg

9/9/2008 8:27:22 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~d67b22612af0541c912c94b6e0e00.jpd

9/9/2008 8:27:22 PM 2100 32 C:\Documents and Settings\Angela\Local Settings\Temp\~d67b22612af0541c912c94b6e0e00.jpg

9/9/2008 8:27:12 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~d7cf441b12c6c01c8fd7375d4b600.jpd

9/9/2008 8:27:12 PM 2056 32 C:\Documents and Settings\Angela\Local Settings\Temp\~d7cf441b12c6c01c8fd7375d4b600.jpg

9/9/2008 8:27:07 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~d7cf441f3c0c5f1c8fd734e7de900.jpd

9/9/2008 8:27:07 PM 1934 32 C:\Documents and Settings\Angela\Local Settings\Temp\~d7cf441f3c0c5f1c8fd734e7de900.jpg

9/9/2008 8:27:04 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~d7cf442110c8a71c8f8cee80a4e00.jpd

9/9/2008 8:27:04 PM 2174 32 C:\Documents and Settings\Angela\Local Settings\Temp\~d7cf442110c8a71c8f8cee80a4e00.jpg

9/9/2008 8:27:15 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~de7b224813f9401c912c91f528d00.jpd

9/9/2008 8:27:15 PM 2836 32 C:\Documents and Settings\Angela\Local Settings\Temp\~de7b224813f9401c912c91f528d00.jpg

9/6/2008 10:13:01 PM 491520 32 C:\Documents and Settings\Angela\Local Settings\Temp\~DF1BBF.tmp

9/10/2008 10:33:08 AM 65536 32 C:\Documents and Settings\Angela\Local Settings\Temp\~DF38EF.tmp

9/11/2008 11:07:38 PM 376832 32 C:\Documents and Settings\Angela\Local Settings\Temp\~DF4204.tmp

9/9/2008 3:37:41 PM 802816 32 C:\Documents and Settings\Angela\Local Settings\Temp\~DF55DB.tmp

9/10/2008 8:55:18 PM 507904 32 C:\Documents and Settings\Angela\Local Settings\Temp\~DF5E99.tmp

9/10/2008 5:41:17 PM 2113536 32 C:\Documents and Settings\Angela\Local Settings\Temp\~DF8172.tmp

9/9/2008 7:41:01 PM 425984 32 C:\Documents and Settings\Angela\Local Settings\Temp\~DF818F.tmp

9/9/2008 10:09:10 AM 1884160 32 C:\Documents and Settings\Angela\Local Settings\Temp\~DF92D1.tmp

9/9/2008 2:31:30 PM 622592 32 C:\Documents and Settings\Angela\Local Settings\Temp\~DF9D2.tmp

9/12/2008 11:36:37 AM 458752 32 C:\Documents and Settings\Angela\Local Settings\Temp\~DFA5EB.tmp

9/11/2008 5:44:50 PM 49152 32 C:\Documents and Settings\Angela\Local Settings\Temp\~DFB6C.tmp

9/9/2008 8:26:51 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~dfcf440812436b1c8f65457283e00.jpd

9/9/2008 8:26:51 PM 2216 32 C:\Documents and Settings\Angela\Local Settings\Temp\~dfcf440812436b1c8f65457283e00.jpg

9/9/2008 8:27:17 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~e07b2254113ad21c912c931343000.jpd

9/9/2008 8:27:17 PM 2569 32 C:\Documents and Settings\Angela\Local Settings\Temp\~e07b2254113ad21c912c931343000.jpg

9/9/2008 8:27:40 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~ee7b225a1822ed1c912c96476bf00.jpd

9/9/2008 8:27:40 PM 2369 32 C:\Documents and Settings\Angela\Local Settings\Temp\~ee7b225a1822ed1c912c96476bf00.jpg

9/9/2008 8:27:24 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~ee7b225e12a6521c912c953c64900.jpd

9/9/2008 8:27:24 PM 2560 32 C:\Documents and Settings\Angela\Local Settings\Temp\~ee7b225e12a6521c912c953c64900.jpg

9/9/2008 8:27:20 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~ee7b226012392e1c912c941e4a600.jpd

9/9/2008 8:27:20 PM 2435 32 C:\Documents and Settings\Angela\Local Settings\Temp\~ee7b226012392e1c912c941e4a600.jpg

9/9/2008 8:27:12 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~f7cf441bd93581c8fd737705e300.jpd

9/9/2008 8:27:12 PM 2196 32 C:\Documents and Settings\Angela\Local Settings\Temp\~f7cf441bd93581c8fd737705e300.jpg

9/9/2008 8:27:07 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~f7cf441f12a39e1c8fd734faf1600.jpd

9/9/2008 8:27:07 PM 2396 32 C:\Documents and Settings\Angela\Local Settings\Temp\~f7cf441f12a39e1c8fd734faf1600.jpg

9/9/2008 8:27:04 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~f7cf44211014341c8f8cee93b7b00.jpd

9/9/2008 8:27:04 PM 2111 32 C:\Documents and Settings\Angela\Local Settings\Temp\~f7cf44211014341c8f8cee93b7b00.jpg

9/9/2008 8:26:56 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~fbcf441516f47f1c8f6545f807900.jpd

9/9/2008 8:26:56 PM 1756 32 C:\Documents and Settings\Angela\Local Settings\Temp\~fbcf441516f47f1c8f6545f807900.jpg

9/9/2008 8:27:15 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~fe7b2248f48361c912c91f528d00.jpd

9/9/2008 8:27:15 PM 1932 32 C:\Documents and Settings\Angela\Local Settings\Temp\~fe7b2248f48361c912c91f528d00.jpg

9/9/2008 8:27:00 PM 21 32 C:\Documents and Settings\Angela\Local Settings\Temp\~ffcf44151111eb1c8f65461e2d300.jpd

9/9/2008 8:27:00 PM 2064 32 C:\Documents and Settings\Angela\Local Settings\Temp\~ffcf44151111eb1c8f65461e2d300.jpg

====== Files and Folders under "All Users\Application Data" Last 30 Days======

9/11/2008 8:06:32 PM 7742 C:\Documents and Settings\All Users\Application Data\Google

angelagriff · Answer

+++++++++++++++++++++++++++++++++++ File Lister++ Version 1.0.4++  By bamajim / bamajim.com++++++++++++++++++++++++++++++++++  Report ran on --->>>  9/12/2008 11:39:48 AM ====== Values under HKLM\~\Run ====== REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ehTray'='C:\WINDOWS\ehome\ehtray.exe''NvCplDaemon'='RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup''SigmatelSysTrayApp'='stsystra.exe''IAAnotif'='C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe''ISUSPM Startup'='\'C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe\' -startup''ISUSScheduler'='\'C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\' -start''SunJavaUpdateSched'='\'C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe\'''QuickTime Task'='\'C:\Program Files\QuickTime\qttask.exe\' -atboottime''WinampAgent'='C:\Program Files\Winamp\winampa.exe''DLCICATS'='rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16''dlcimon.exe'='\'C:\Program Files\Dell AIO Printer 946\dlcimon.exe\'''Motive SmartBridge'='C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe''SiteAdvisor'='\'C:\Program Files\SiteAdvisor\6261\SiteAdv.exe\'''dscactivate'='\'C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe\'''DellSupportCenter'='\'C:\Program Files\Dell Support Center\bin\sprtcmd.exe\' /P DellSupportCenter''mcagent_exe'='C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey' [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]'Installed'='1' [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]'Installed'='1''NoChange'='1' [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]'Installed'='1'  ====== Values under HKCU\~\Run ====== REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'MSMSGS'='\'C:\Program Files\Messenger\msmsgs.exe\' /background''DellSupport'='\'C:\Program Files\DellSupport\DSAgnt.exe\' /startup''ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe''HbDetect.exe'='C:\Program Files\Playskool\MADE FOR ME Software\HbDetect.exe''DellSupportCenter'='\'C:\Program Files\Dell Support Center\bin\sprtcmd.exe\' /P DellSupportCenter'  ====== Folders and Files from '%\' and '%\Windows' Created Last 30 Days ====== 9/12/2008 11:39:48 AM    2049    32    C:\Files.txt9/10/2008 9:01:00 PM    627378    C:\WINDOWS\$NtUninstallKB938464$9/10/2008 9:01:00 PM    627378    C:\WINDOWS\$NtUninstallKB938464$\spuninst8/14/2008 3:02:10 AM    711128    C:\WINDOWS\$NtUninstallKB946648$8/14/2008 3:02:10 AM    628184    C:\WINDOWS\$NtUninstallKB946648$\spuninst8/14/2008 3:01:57 AM    871517    C:\WINDOWS\$NtUninstallKB950974$8/14/2008 3:01:57 AM    628317    C:\WINDOWS\$NtUninstallKB950974$\spuninst8/14/2008 3:01:06 AM    1311826    C:\WINDOWS\$NtUninstallKB951066$8/14/2008 3:01:06 AM    628306    C:\WINDOWS\$NtUninstallKB951066$\spuninst8/14/2008 3:01:50 AM    689563    C:\WINDOWS\$NtUninstallKB951072-v2$8/14/2008 3:01:50 AM    629147    C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst8/14/2008 3:01:40 AM    960203    C:\WINDOWS\$NtUninstallKB952287$8/14/2008 3:01:40 AM    628427    C:\WINDOWS\$NtUninstallKB952287$\spuninst8/14/2008 3:02:17 AM    702740    C:\WINDOWS\$NtUninstallKB952954$8/14/2008 3:02:17 AM    628500    C:\WINDOWS\$NtUninstallKB952954$\spuninst8/14/2008 3:02:03 AM    716870    C:\WINDOWS\$NtUninstallKB953839$8/14/2008 3:02:03 AM    626758    C:\WINDOWS\$NtUninstallKB953839$\spuninst9/12/2008 6:13:26 AM    7268    C:\WINDOWS\LastGood9/12/2008 8:33:58 AM    1292    C:\WINDOWS\LastGood\Downloaded Program Files9/12/2008 6:13:26 AM    5976    C:\WINDOWS\LastGood\INF9/7/2008 11:56:31 PM    1962    32    C:\WINDOWS\default.htm9/10/2008 9:00:25 PM    8382    32    C:\WINDOWS\KB938464.log8/14/2008 3:02:09 AM    16855    32    C:\WINDOWS\KB946648.log8/13/2008 10:06:40 PM    23607    32    C:\WINDOWS\KB950974.log8/14/2008 3:01:01 AM    10145    32    C:\WINDOWS\KB951066.log8/13/2008 10:06:29 PM    36748    32    C:\WINDOWS\KB951072-v2.log8/14/2008 3:01:39 AM    16261    32    C:\WINDOWS\KB952287.log8/13/2008 10:06:44 PM    24141    32    C:\WINDOWS\KB952954.log8/14/2008 3:01:15 AM    28307    32    C:\WINDOWS\KB953838-IE7.log8/14/2008 3:02:02 AM    15337    32    C:\WINDOWS\KB953839.log9/11/2008 8:06:18 PM    135168    32    C:\WINDOWS\system32\java.exe9/11/2008 8:06:18 PM    135168    32    C:\WINDOWS\system32\javaw.exe9/11/2008 8:06:18 PM    139264    32    C:\WINDOWS\system32\javaws.exe9/11/2008 8:06:00 PM    6587    32    C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log9/7/2008 11:40:57 PM    8704    32    C:\WINDOWS\system32\smwin32.dll ====== Files under '\Administrator\Startup' Last 30 Days======  ====== Files under '\All Users\Startup' Last 30 Days======  ====== Folders under '\Program Files' Last 30 Days====== 9/7/2008 11:41:16 PM    351744    C:\Program Files\GetModule9/9/2008 5:48:17 PM    19618003    C:\Program Files\Lavasoft9/9/2008 5:48:17 PM    19618003    C:\Program Files\Lavasoft\Ad-Aware9/9/2008 5:48:20 PM    2146934    C:\Program Files\Lavasoft\Ad-Aware\Help9/9/2008 5:48:20 PM    709483    C:\Program Files\Lavasoft\Ad-Aware\Lang9/9/2008 5:48:20 PM    3498834    C:\Program Files\Lavasoft\Ad-Aware\Skin9/11/2008 9:41:23 PM    407912    C:\Program Files\Trend Micro9/11/2008 9:41:23 PM    407912    C:\Program Files\Trend Micro\HijackThis9/8/2008 11:56:17 PM    90624    C:\Program Files\Webtools ====== Files under '\System32\Drivers' Last 30 Days======  ====== Files under '\User\Local Settings\Temp' Last 30 Days====== 9/11/2008 4:13:02 PM    4096000    32    C:\Documents and Settings\Angela\Local Settings\Temp\AcrC07D.tmp9/3/2008 10:28:50 AM    270    32    C:\Documents and Settings\Angela\Local Settings\Temp\AUInst.log9/12/2008 11:37:13 AM    103187    32    C:\Documents and Settings\Angela\Local Settings\Temp\fla63.tmp

angelagriff · Answer

9/9/2008 2:13:23 PM    334    32    C:\Documents and Settings\Angela\Local Settings\Temp\jar_cache60661.tmp 9/1/2008 8:23:13 PM    416    32    C:\Documents and Settings\Angela\Local Settings\Temp\java_install_reg.log 9/7/2008 2:10:04 PM    2059    32    C:\Documents and Settings\Angela\Local Settings\Temp\jusched.log 9/10/2008 9:04:18 PM    526    32    C:\Documents and Settings\Angela\Local Settings\Temp\MSI84179.LOG 9/10/2008 8:46:46 PM    863550    32    C:\Documents and Settings\Angela\Local Settings\Temp\mvt.cab 9/10/2008 8:46:22 PM    256    32    C:\Documents and Settings\Angela\Local Settings\Temp\mvtapp.log 9/10/2008 8:47:00 PM    92    32    C:\Documents and Settings\Angela\Local Settings\Temp\MVTDetection.log 9/12/2008 11:36:37 AM    0    32    C:\Documents and Settings\Angela\Local Settings\Temp\sqlite_E2b0NoazL4wf2yw 9/10/2008 8:46:22 PM    7024    32    C:\Documents and Settings\Angela\Local Settings\Temp\Supporatability.log 9/9/2008 8:27:16 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~167b224810f0ef1c912c922e61400.jpd 9/9/2008 8:27:16 PM    1838    32    C:\Documents and Settings\Angela\Local Settings\Temp\~167b224810f0ef1c912c922e61400.jpg 9/9/2008 8:26:47 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~17cf4408e0e401c8f65454c5e400.jpd 9/9/2008 8:26:47 PM    1980    32    C:\Documents and Settings\Angela\Local Settings\Temp\~17cf4408e0e401c8f65454c5e400.jpg 9/9/2008 8:27:40 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~1e7b225bef48e1c912c96476bf00.jpd 9/9/2008 8:27:40 PM    2294    32    C:\Documents and Settings\Angela\Local Settings\Temp\~1e7b225bef48e1c912c96476bf00.jpg 9/9/2008 8:27:24 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~1e7b225f2c9ebf1c912c95628a300.jpd 9/9/2008 8:27:24 PM    2114    32    C:\Documents and Settings\Angela\Local Settings\Temp\~1e7b225f2c9ebf1c912c95628a300.jpg 9/9/2008 8:27:21 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~1e7b22611723b01c912c94315d300.jpd 9/9/2008 8:27:21 PM    2238    32    C:\Documents and Settings\Angela\Local Settings\Temp\~1e7b22611723b01c912c94315d300.jpg 9/9/2008 8:27:13 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~1fcf441bb492d1c8fd7378371000.jpd 9/9/2008 8:27:13 PM    1606    32    C:\Documents and Settings\Angela\Local Settings\Temp\~1fcf441bb492d1c8fd7378371000.jpg 9/9/2008 8:27:11 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~1fcf441f11a25b1c8fd7352117000.jpd 9/9/2008 8:27:11 PM    2403    32    C:\Documents and Settings\Angela\Local Settings\Temp\~1fcf441f11a25b1c8fd7352117000.jpg 9/9/2008 8:27:05 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~1fcf4421142f061c8f8ceeb9dd500.jpd 9/9/2008 8:27:05 PM    2676    32    C:\Documents and Settings\Angela\Local Settings\Temp\~1fcf4421142f061c8f8ceeb9dd500.jpg 9/9/2008 8:27:41 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~27b225b1407211c912c9693b7300.jpd 9/9/2008 8:27:41 PM    2251    32    C:\Documents and Settings\Angela\Local Settings\Temp\~27b225b1407211c912c9693b7300.jpg 9/9/2008 8:27:26 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~27b225f1a4b981c912c95e80de00.jpd 9/9/2008 8:27:26 PM    2562    32    C:\Documents and Settings\Angela\Local Settings\Temp\~27b225f1a4b981c912c95e80de00.jpg 9/9/2008 8:27:23 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~27b22612eaf241c912c94dd06800.jpd 9/9/2008 8:27:23 PM    2254    32    C:\Documents and Settings\Angela\Local Settings\Temp\~27b22612eaf241c912c94dd06800.jpg 9/9/2008 8:27:07 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~27cf441efd0921c8f8cef0628900.jpd 9/9/2008 8:27:07 PM    2089    32    C:\Documents and Settings\Angela\Local Settings\Temp\~27cf441efd0921c8f8cef0628900.jpg 9/9/2008 8:27:03 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~27cf4420c952d1c8f7fffb021d00.jpd 9/9/2008 8:27:03 PM    1547    32    C:\Documents and Settings\Angela\Local Settings\Temp\~27cf4420c952d1c8f7fffb021d00.jpg 9/9/2008 8:27:15 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~2e7b2249136d031c912c91e216000.jpd 9/9/2008 8:27:15 PM    2227    32    C:\Documents and Settings\Angela\Local Settings\Temp\~2e7b2249136d031c912c91e216000.jpg 9/9/2008 8:27:18 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~327b2255fcfa81c912c93beec500.jpd 9/9/2008 8:27:18 PM    2141    32    C:\Documents and Settings\Angela\Local Settings\Temp\~327b2255fcfa81c912c93beec500.jpg 9/9/2008 8:27:19 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~367b2255191b771c912c93e511f00.jpd 9/9/2008 8:27:19 PM    2384    32    C:\Documents and Settings\Angela\Local Settings\Temp\~367b2255191b771c912c93e511f00.jpg 9/9/2008 8:26:47 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~37cf4408971741c8f65455f71100.jpd 9/9/2008 8:26:47 PM    1752    32    C:\Documents and Settings\Angela\Local Settings\Temp\~37cf4408971741c8f65455f71100.jpg 9/9/2008 8:27:40 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~3e7b225b13783e1c912c965a7ec00.jpd 9/9/2008 8:27:40 PM    2275    32    C:\Documents and Settings\Angela\Local Settings\Temp\~3e7b225b13783e1c912c965a7ec00.jpg 9/9/2008 8:27:25 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~3e7b225f32de2e1c912c959bc2a00.jpd 9/9/2008 8:27:25 PM    2254    32    C:\Documents and Settings\Angela\Local Settings\Temp\~3e7b225f32de2e1c912c959bc2a00.jpg 9/9/2008 8:27:21 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~3e7b22612c54d31c912c945782d00.jpd 9/9/2008 8:27:21 PM    2245    32    C:\Documents and Settings\Angela\Local Settings\Temp\~3e7b22612c54d31c912c945782d00.jpg 9/9/2008 8:26:48 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~41cf4409e1e221c8f65455f71100.jpd 9/9/2008 8:26:48 PM    1938    32    C:\Documents and Settings\Angela\Local Settings\Temp\~41cf4409e1e221c8f65455f71100.jpg 9/9/2008 8:27:19 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~427b2254930541c912c93d1ff200.jpd 9/9/2008 8:27:19 PM    1982    32    C:\Documents and Settings\Angela\Local Settings\Temp\~427b2254930541c912c93d1ff200.jpg 9/9/2008 8:27:39 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~447b225b1e55781c912c963459200.jpd 9/9/2008 8:27:39 PM    2767    32    C:\Documents and Settings\Angela\Local Settings\Temp\~447b225b1e55781c912c963459200.jpg 9/9/2008 8:27:24 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~447b225f198c6c1c912c953c64900.jpd 9/9/2008 8:27:24 PM    2372    32    C:\Documents and Settings\Angela\Local Settings\Temp\~447b225f198c6c1c912c953c64900.jpg 9/9/2008 8:27:20 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~447b2261fef5e1c912c940b37900.jpd 9/9/2008 8:27:20 PM    2246    32    C:\Documents and Settings\Angela\Local Settings\Temp\~447b2261fef5e1c912c940b37900.jpg 9/9/2008 8:27:41 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~487b225a16d8fd1c912c966d91900.jpd 9/9/2008 8:27:41 PM    2364    32    C:\Documents and Settings\Angela\Local Settings\Temp\~487b225a16d8fd1c912c966d91900.jpg 9/9/2008 8:27:25 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~487b225e244f381c912c95aed5700.jpd 9/9/2008 8:27:25 PM    2158    32    C:\Documents and Settings\Angela\Local Settings\Temp\~487b225e244f381c912c95aed5700.jpg 9/9/2008 8:27:22 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~487b2260281f6a1c912c946a95a00.jpd 9/9/2008 8:27:22 PM    2427    32    C:\Documents and Settings\Angela\Local Settings\Temp\~487b2260281f6a1c912c946a95a00.jpg 9/9/2008 8:27:14 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~4dcf4435c16a11c8fd737bca9700.jpd 9/9/2008 8:27:14 PM    2444    32    C:\Documents and Settings\Angela\Local Settings\Temp\~4dcf4435c16a11c8fd737bca9700.jpg 9/9/2008 8:27:17 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~5e7b225411bb131c912c9398c6b00.jpd 9/9/2008 8:27:17 PM    2469    32    C:\Documents and Settings\Angela\Local Settings\Temp\~5e7b225411bb131c912c9398c6b00.jpg

angelagriff · Answer

if you would rather me send you the txt file I'm more than willing to!  Thank you sooo much for your help!

angelagriff · Answer

9/9/2008 8:26:58 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~5fcf441413cecb1c8f6545f807900.jpd 9/9/2008 8:26:58 PM    1751    32    C:\Documents and Settings\Angela\Local Settings\Temp\~5fcf441413cecb1c8f6545f807900.jpg 9/9/2008 8:26:55 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~67cf4415129d5c1c8f6545abbc500.jpd 9/9/2008 8:26:55 PM    2595    32    C:\Documents and Settings\Angela\Local Settings\Temp\~67cf4415129d5c1c8f6545abbc500.jpg 9/9/2008 8:27:12 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~69cf441be0a5a1c8fd735473ca00.jpd 9/9/2008 8:27:12 PM    2434    32    C:\Documents and Settings\Angela\Local Settings\Temp\~69cf441be0a5a1c8fd735473ca00.jpg 9/9/2008 8:27:06 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~69cf441f105e101c8f8ceee002f00.jpd 9/9/2008 8:27:06 PM    2287    32    C:\Documents and Settings\Angela\Local Settings\Temp\~69cf441f105e101c8f8ceee002f00.jpg 9/9/2008 8:27:01 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~69cf44211197401c8f65461e2d300.jpd 9/9/2008 8:27:01 PM    2342    32    C:\Documents and Settings\Angela\Local Settings\Temp\~69cf44211197401c8f65461e2d300.jpg 9/9/2008 8:27:41 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~727b225a1642091c912c9680a4600.jpd 9/9/2008 8:27:41 PM    2354    32    C:\Documents and Settings\Angela\Local Settings\Temp\~727b225a1642091c912c9680a4600.jpg 9/9/2008 8:27:26 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~727b225e1689491c912c95c1e8400.jpd 9/9/2008 8:27:26 PM    2383    32    C:\Documents and Settings\Angela\Local Settings\Temp\~727b225e1689491c912c95c1e8400.jpg 9/9/2008 8:27:22 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~727b22602a9e1f1c912c9490bb400.jpd 9/9/2008 8:27:22 PM    2418    32    C:\Documents and Settings\Angela\Local Settings\Temp\~727b22602a9e1f1c912c9490bb400.jpg 9/9/2008 8:27:27 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~767b225e1a48761c912c95fb20b00.jpd 9/9/2008 8:27:27 PM    2457    32    C:\Documents and Settings\Angela\Local Settings\Temp\~767b225e1a48761c912c95fb20b00.jpg 9/9/2008 8:27:23 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~767b22602bc4931c912c95032c200.jpd 9/9/2008 8:27:23 PM    2260    32    C:\Documents and Settings\Angela\Local Settings\Temp\~767b22602bc4931c912c95032c200.jpg 9/9/2008 8:26:49 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~7bcf4409d48611c8f65457283e00.jpd 9/9/2008 8:26:49 PM    1984    32    C:\Documents and Settings\Angela\Local Settings\Temp\~7bcf4409d48611c8f65457283e00.jpg 9/9/2008 8:27:18 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~7e7b225410de9c1c912c9398c6b00.jpd 9/9/2008 8:27:18 PM    2411    32    C:\Documents and Settings\Angela\Local Settings\Temp\~7e7b225410de9c1c912c9398c6b00.jpg 9/9/2008 8:27:13 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~81cf441a11da8d1c8fd737705e300.jpd 9/9/2008 8:27:13 PM    1873    32    C:\Documents and Settings\Angela\Local Settings\Temp\~81cf441a11da8d1c8fd737705e300.jpg 9/9/2008 8:27:10 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~81cf441e13f4041c8fd7350e04300.jpd 9/9/2008 8:27:10 PM    2513    32    C:\Documents and Settings\Angela\Local Settings\Temp\~81cf441e13f4041c8fd7350e04300.jpg 9/9/2008 8:27:04 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~81cf4420109c4c1c8f8ceea6ca800.jpd 9/9/2008 8:27:04 PM    2047    32    C:\Documents and Settings\Angela\Local Settings\Temp\~81cf4420109c4c1c8f8ceea6ca800.jpg 9/9/2008 8:27:14 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~847b224813b78c1c912c91cf03300.jpd 9/9/2008 8:27:14 PM    2317    32    C:\Documents and Settings\Angela\Local Settings\Temp\~847b224813b78c1c912c91cf03300.jpg 9/9/2008 8:27:18 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~87b2255e85c61c912c93abd9800.jpd 9/9/2008 8:27:18 PM    2056    32    C:\Documents and Settings\Angela\Local Settings\Temp\~87b2255e85c61c912c93abd9800.jpg 9/9/2008 8:27:16 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~887b22491097471c912c92083ba00.jpd 9/9/2008 8:27:16 PM    2010    32    C:\Documents and Settings\Angela\Local Settings\Temp\~887b22491097471c912c92083ba00.jpg 9/9/2008 8:26:59 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~8bcf4414117b111c8f65460b1a600.jpd 9/9/2008 8:26:59 PM    2301    32    C:\Documents and Settings\Angela\Local Settings\Temp\~8bcf4414117b111c8f65460b1a600.jpg 9/9/2008 8:27:06 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~8dcf441f1525a61c8f8ceef315c00.jpd 9/9/2008 8:27:06 PM    2631    32    C:\Documents and Settings\Angela\Local Settings\Temp\~8dcf441f1525a61c8f8ceef315c00.jpg 9/9/2008 8:27:03 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~8dcf44211a4a691c8f7fff9d0f000.jpd 9/9/2008 8:27:03 PM    2840    32    C:\Documents and Settings\Angela\Local Settings\Temp\~8dcf44211a4a691c8f7fff9d0f000.jpg 9/9/2008 8:27:19 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~967b2254fe0311c912c93d1ff200.jpd 9/9/2008 8:27:19 PM    2200    32    C:\Documents and Settings\Angela\Local Settings\Temp\~967b2254fe0311c912c93d1ff200.jpg 9/9/2008 8:27:27 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~a07b225b1ce4851c912c960e33800.jpd 9/9/2008 8:27:27 PM    2454    32    C:\Documents and Settings\Angela\Local Settings\Temp\~a07b225b1ce4851c912c960e33800.jpg 9/9/2008 8:27:23 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~a07b225f17892c1c912c95163ef00.jpd 9/9/2008 8:27:23 PM    2374    32    C:\Documents and Settings\Angela\Local Settings\Temp\~a07b225f17892c1c912c95163ef00.jpg 9/9/2008 8:27:20 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~a07b2261f427a1c912c93f824c00.jpd 9/9/2008 8:27:20 PM    1993    32    C:\Documents and Settings\Angela\Local Settings\Temp\~a07b2261f427a1c912c93f824c00.jpg 9/9/2008 8:27:14 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~a9cf4435dba8e1c8fd737a996a00.jpd 9/9/2008 8:27:14 PM    2590    32    C:\Documents and Settings\Angela\Local Settings\Temp\~a9cf4435dba8e1c8fd737a996a00.jpg 9/9/2008 8:27:17 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~ae7b22551374601c912c9385b3e00.jpd 9/9/2008 8:27:17 PM    2698    32    C:\Documents and Settings\Angela\Local Settings\Temp\~ae7b22551374601c912c9385b3e00.jpg 9/9/2008 8:27:16 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~b27b22491193111c912c921b4e700.jpd 9/9/2008 8:27:16 PM    1795    32    C:\Documents and Settings\Angela\Local Settings\Temp\~b27b22491193111c912c921b4e700.jpg 9/9/2008 8:27:17 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~b67b22491122131c912c930030300.jpd 9/9/2008 8:27:17 PM    2570    32    C:\Documents and Settings\Angela\Local Settings\Temp\~b67b22491122131c912c930030300.jpg 9/9/2008 8:27:13 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~bbcf441ae2bd91c8fd7378371000.jpd 9/9/2008 8:27:13 PM    1848    32    C:\Documents and Settings\Angela\Local Settings\Temp\~bbcf441ae2bd91c8fd7378371000.jpg 9/9/2008 8:27:10 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~bbcf441e12cf931c8fd7350e04300.jpd 9/9/2008 8:27:10 PM    2232    32    C:\Documents and Settings\Angela\Local Settings\Temp\~bbcf441e12cf931c8fd7350e04300.jpg 9/9/2008 8:27:05 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~bbcf442011b7911c8f8ceea6ca800.jpd 9/9/2008 8:27:05 PM    2162    32    C:\Documents and Settings\Angela\Local Settings\Temp\~bbcf442011b7911c8f8ceea6ca800.jpg 9/9/2008 8:26:52 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~bcf4408104cf21c8f65458596b00.jpd 9/9/2008 8:26:52 PM    2283    32    C:\Documents and Settings\Angela\Local Settings\Temp\~bcf4408104cf21c8f65458596b00.jpg 9/9/2008 8:27:14 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~bfcf441ad4e251c8fd7379683d00.jpd 9/9/2008 8:27:14 PM    1678    32    C:\Documents and Settings\Angela\Local Settings\Temp\~bfcf441ad4e251c8fd7379683d00.jpg 9/9/2008 8:27:11 PM    21    32    C:\Documents and Settings\Angela\Local Settings\Temp\~bfcf441eef2241c8fd7353429d00.jpd

bamajim · Answer

angelagriff   Send it here.         Microsoft MVP Consumer-Security     SpywareHammer     'The world is what you make of it' Message Edited by bamajim on 09-15-2008 07:34 AM

bamajim · Answer

angelagriff

Sorry for the delay

We need to temporarily disable some protection programs so they don't interfere with our fix

1. Adwatch
Look to see if there is the Ad-Watch icon in the system tray.
If so, right click on it and choose *settings* and then under the *General Settings* Tab, turn off (red x) the option for "load Ad-Watch at Startup".
Next go to the *Status* tab in the left menu of Ad-Watch.
Turn OFF (red x) the Regshield.
Close that window when done then right-click the Ad-Watch icon once more from the system tray and choose *Close Ad-Watch*.

2. Please download the Killbox.

1)Save it to the desktop
2) Rt Click->>Extract all->.Extract it to your Desktop
3) Double Click Killbox.exe to run it
4)Select " Delete on Reboot", and then select "All files".
5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\smwin32.dll

6) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
7) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt.

3. Rerun Killbox

At the main window Select Tools ->> Delete Temp Files
At the next window uncheck XP Prefetch
Leave the other boxes checked
Select " Delete Selected Temp Files"
Allow the tool to run. When it is finished (You will know that it is finished because the checks will disappear from the location boxes)
Select " Exit"
Then Select " Exit" again to close Killbox

4. Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

Microsoft MVP Consumer-Security

SpywareHammer

"The world is what you make of it"

angelagriff · Answer

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:43:06 PM, on 9/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exeC:\WINDOWS\Explorer.EXEc:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\WINDOWS\system32
vsvc32.exeC:\Program Files\SiteAdvisor\6261\SAService.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Dell AIO Printer 946\dlcimon.exeC:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\DellSupport\DSAgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Playskool\MADE FOR ME Software\HbDetect.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\dlcicoms.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [ISUSPM Startup] 'C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe' -startupO4 - HKLM\..\Run: [ISUSScheduler] 'C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' -startO4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe'O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottimeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [dlcimon.exe] 'C:\Program Files\Dell AIO Printer 946\dlcimon.exe'O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [SiteAdvisor] 'C:\Program Files\SiteAdvisor\6261\SiteAdv.exe'O4 - HKLM\..\Run: [dscactivate] 'C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe'O4 - HKLM\..\Run: [DellSupportCenter] 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenterO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /backgroundO4 - HKCU\..\Run: [DellSupport] 'C:\Program Files\DellSupport\DSAgnt.exe' /startupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [HbDetect.exe] C:\Program Files\Playskool\MADE FOR ME Software\HbDetect.exeO4 - HKCU\..\Run: [DellSupportCenter] 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenterO4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://*.mcafee.comO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193579616031O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: dlci_device -   - C:\WINDOWS\system32\dlcicoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exeO23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe --End of file - 10992 bytes

bamajim · Answer

angelagriff 1. Rerun Killbox 1) Double Click Killbox.exe to run it 2)Select ' Delete on Reboot', and then select 'All files'. 3) Copy the file names below to the clipboard by highlighting them and pressing Control-C: C:\Program Files\Webtools\webtools.dllC:\Program Files\Webtools 4) Return to Killbox, go to the File menu, and choose ' Paste from Clipboard'. 5) Click the red-and-white ' Delete File' button.  Click ' Yes' at the Delete on Reboot prompt. 2. Rerun Hijackthis (scan only) and place checks beside the following entries O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dllO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab Close all other open windows except Hijackthis and Select ' Fix checked' Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log Microsoft MVP Consumer-Security   SpywareHammer   'The world is what you make of it'

angelagriff · Answer

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [ISUSPM Startup] 'C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe' -startupO4 - HKLM\..\Run: [ISUSScheduler] 'C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' -startO4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe'O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottimeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [DLCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [dlcimon.exe] 'C:\Program Files\Dell AIO Printer 946\dlcimon.exe'O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [SiteAdvisor] 'C:\Program Files\SiteAdvisor\6261\SiteAdv.exe'O4 - HKLM\..\Run: [dscactivate] 'C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe'O4 - HKLM\..\Run: [DellSupportCenter] 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenterO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /backgroundO4 - HKCU\..\Run: [DellSupport] 'C:\Program Files\DellSupport\DSAgnt.exe' /startupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [HbDetect.exe] C:\Program Files\Playskool\MADE FOR ME Software\HbDetect.exeO4 - HKCU\..\Run: [DellSupportCenter] 'C:\Program Files\Dell Support Center\bin\sprtcmd.exe' /P DellSupportCenterO4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://*.mcafee.comO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193579616031O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exeO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: dlci_device -   - C:\WINDOWS\system32\dlcicoms.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exeO23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe --End of file - 10665 bytes

angelagriff · Answer

everything appears to be running just fine now!  thank you soo much!  I'd send cookies if I could :)

bamajim · Answer

angelagriff

Glad to hear it. Thanks for the cookie offer.

Lets take one more look to make sure we haven't missed anything.

Please perform an Ewido Online Malware Scan

When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
Click on Start Scan.
after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread
If any infections are found, (After you save the logfile), Click on Remove Infections.

Microsoft MVP Consumer-Security

SpywareHammer

"The world is what you make of it"

Virus & Spyware

Was this post helpful?