[Closed] Removal of Ads Served by Intelligent advisor

Home Forums Contact

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

register button

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Closed Topic

Start new topic

[Closed] Removal of Ads Served by Intelligent advisor, Spyware / malware

Stephie24 View Member Profile	Aug 3 2008, 12:52 PM Post #1
New Member Group: New Member Posts: 6 Joined: 2-August 08 From: Edinburgh Member No.: 80,704 Operating System: Vista	Hi, i've followed the thread on here: how to remove ads served by intelligent advisor. i have now pased the contect after completing the HJT scan on my pc - as stated in the thread. your assistance would be much appreciated as i'm not to sure what i should look for - thank you. Stephanie. Logfile of HijackThis v1.99.1 Scan saved at 19:44:10, on 03/08/2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Yahoo!\common\YMailAdvisor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nike+ Utility\Nike+ Utility.exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\System32\mobsync.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: AdvancedTool - {6C4ECE5C-7CB8-36C5-6F3B-D414CE8F8E22} - C:\Program Files\AdvancedTool\AdvancedTool-1.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [{9775765e-f551-1bd0-c6ed-c1903ea0897a}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\xfvukwcjujahsf.dll" DllStart O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

LDTate View Member Profile	Aug 9 2008, 05:35 PM Post #2
Forum God Group: Root Admin Posts: 48,333 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Sorry about the delay in responding If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

Stephie24 View Member Profile	Aug 12 2008, 02:39 PM Post #3
New Member Group: New Member Posts: 6 Joined: 2-August 08 From: Edinburgh Member No.: 80,704 Operating System: Vista	Hi, below i have pasted in the most recent scan. the computer still has pop ups from intelligent advisor and these pop up even when the computer isn't connected to the internet. before the results below appeared Hijackthis told me... For some reason your system denied write access to the host files. if an hijacked domains are in this file, HijacThis may NOT be able to fix this. if this happens you need to edit the file your self to do this click Start, Run and type: notepad"C:\Windows\System32\drivers\etc\hosts" & then press entre. find the line(s) HijacThis reports and delete them, save the file as "hosts" (with quotes) & reboot. i tried to do this howere the PC came back and said that no file was able to be found. antoher message i recieved was: An unexpected error has occured at prodedure: Modmain_CheckOther1Item0 Error#75-Path\Fileaccesserror Please email me at merijn@spywareinfo.com, reporting the following: What you were trying to fix how you can reproduce the error a complete HJT scan log Windows version: Windows NT6.00.1.1905 MSIE Version: 7.0.6001.1800 HJT Version: 1.99.1 ------------------------------------------------------------------------------------------ HJT SCAN RESULTS: ------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 19:44:10, on 03/08/2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Yahoo!\common\YMailAdvisor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nike+ Utility\Nike+ Utility.exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\System32\mobsync.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: AdvancedTool - {6C4ECE5C-7CB8-36C5-6F3B-D414CE8F8E22} - C:\Program Files\AdvancedTool\AdvancedTool-1.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [{9775765e-f551-1bd0-c6ed-c1903ea0897a}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\xfvukwcjujahsf.dll" DllStart O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) Your help and time is appreciated, Stephanie.

LDTate View Member Profile	Aug 12 2008, 03:04 PM Post #4
Forum God Group: Root Admin Posts: 48,333 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	The host error is normal when running Vista. Don't worry about that. Please download ATF Cleaner by Atribune. Download - ATF Cleaner Right-click ATF-Cleaner.exe and select " Run as administrator " to run the program. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. Then: Please download Malwarebytes' Anti-Malware to your desktop. Right-click mbam-setup.exe, select " Run as administrator " and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Also "copy/paste" a new HijackThis log file into this thread.

Stephie24 View Member Profile	Aug 13 2008, 12:29 PM Post #5
New Member Group: New Member Posts: 6 Joined: 2-August 08 From: Edinburgh Member No.: 80,704 Operating System: Vista	Hello, I completed both actions. The Malware Scan Results are below: Malwarebytes' Anti-Malware 1.24 Database version: 1020 Windows 6.0.6001 Service Pack 1 19:22:01 13/08/2008 mbam-log-8-13-2008 (19-22-01).txt Scan type: Quick Scan Objects scanned: 37410 Time elapsed: 12 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Thanks, Stephanie.

LDTate View Member Profile	Aug 14 2008, 04:40 PM Post #6
Forum God Group: Root Admin Posts: 48,333 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Download ComboFix from Here or Here to your Desktop. Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop -------------------------------------------------------------------- Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix. WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts Please do not re-connect your machine back to the Internet until Combofix has completely finished. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ** *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections. Give it atleast 20-30 minutes to finish

Stephie24 View Member Profile	Aug 17 2008, 09:52 AM Post #7
New Member Group: New Member Posts: 6 Joined: 2-August 08 From: Edinburgh Member No.: 80,704 Operating System: Vista	Hi, The ComboFix scan results are: ComboFix 08-08-16.01 - Lee & Steph 2008-08-17 16:23:48.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.309 [GMT 1:00] Running from: C:\Users\Lee & Steph\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . Error: Cfiles.dat Error: Cfolders.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Lee & Steph\AppData\Local\Microsoft\Windows\Temporary Internet Files\e9ffd3a5-1ea9-b4ca-e6f8-cf621ffdd816 C:\Users\Lee & Steph\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp32D3.tmp C:\Users\Lee & Steph\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp3BD7.tmp C:\Users\Lee & Steph\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpA3CD.tmp C:\Users\Lee & Steph\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpA83F.tmp C:\Users\Lee & Steph\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpB0A8.tmp C:\Users\Lee & Steph\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpB8B3.tmp C:\Users\Lee & Steph\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpE149.tmp C:\Users\Lee & Steph\AppData\Roaming\macromedia\Flash Player\#SharedObjects\ZXV9JR3U\interclick.com C:\Users\Lee & Steph\AppData\Roaming\macromedia\Flash Player\#SharedObjects\ZXV9JR3U\interclick.com\ud.sol C:\Users\Lee & Steph\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Users\Lee & Steph\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Users\Lee & Steph\AppData\Roaming\Microsoft\Windows\Cookies\lee_&_steph@ad.yieldmanager[2].txt C:\Users\Lee & Steph\AppData\Roaming\Microsoft\Windows\Cookies\lee_&_steph@ehg-autotrader.hitbox[2].txt C:\Users\Lee & Steph\AppData\Roaming\Microsoft\Windows\Cookies\lee_&_steph@peach.bskyb[1].txt C:\Users\Lee & Steph\AppData\Roaming\Microsoft\Windows\Cookies\lee_&_steph@revsci[1].txt C:\Users\Lee & Steph\AppData\Roaming\Microsoft\SystemCertificates\My . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 ))))))))))))))))))))))))))))))) . 2008-08-13 16:54 . 2008-07-16 02:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-12 20:12 . 2008-06-19 04:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-11 19:31 . 2008-08-11 19:31 <DIR> d-------- C:\PerfLogs 2008-08-03 18:49 . 2008-01-19 08:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll 2008-08-03 18:48 . 2008-01-19 08:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr 2008-08-03 18:47 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll 2008-08-03 18:46 . 2008-01-19 08:32 5,714,432 --a------ C:\Windows\System32\logon.scr 2008-08-03 18:45 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-08-03 18:44 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe 2008-08-03 18:44 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc 2008-08-03 18:44 . 2008-01-05 12:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc 2008-08-03 18:44 . 2008-01-05 12:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs 2008-08-03 18:44 . 2008-01-05 12:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs 2008-08-03 18:44 . 2008-01-05 12:39 150 --a------ C:\Windows\System32\RacUREx.xml 2008-08-03 18:44 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf 2008-08-03 18:43 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-08-03 18:42 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-08-03 18:42 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-08-03 18:42 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-08-03 18:42 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-08-03 18:42 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-08-03 18:42 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-08-03 18:42 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-08-03 18:42 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-08-03 18:18 . 2008-08-03 18:18 <DIR> d-------- C:\Users\Lee & Steph\AppData\Roaming\Malwarebytes 2008-08-03 18:18 . 2008-08-03 18:18 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-08-03 18:18 . 2008-08-03 18:18 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-08-03 18:18 . 2008-08-03 18:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-03 18:18 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-08-03 18:18 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-07-28 22:57 . 2008-07-28 22:57 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-07-28 22:57 . 2008-07-28 23:00 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy 2008-07-28 22:53 . 2008-07-28 22:53 <DIR> d-------- C:\Users\Lee & Steph\AppData\Roaming\Yahoo! 2008-07-28 21:52 . 2008-07-29 00:09 <DIR> d-a------ C:\Users\All Users\TEMP 2008-07-28 21:52 . 2008-07-29 00:09 <DIR> d-a------ C:\ProgramData\TEMP 2008-07-27 02:36 . 2008-07-28 22:08 <DIR> d-------- C:\Program Files\AdvancedTool 2008-07-27 02:13 . 2008-07-27 02:23 64,324 --a------ C:\Windows\System32\gsfucpauuvliuu.exe 2008-07-18 19:46 . 2008-01-19 08:35 4,497,408 --a------ C:\Windows\System32\NlsData0019.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-16 11:23 --------- d-----w C:\Program Files\McAfee 2008-08-13 15:55 --------- d-----w C:\Program Files\Windows Mail 2008-08-11 18:47 174 --sha-w C:\Program Files\desktop.ini 2008-08-11 18:38 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-11 18:38 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-08-11 18:38 --------- d-----w C:\Program Files\Windows Journal 2008-08-11 18:38 --------- d-----w C:\Program Files\Windows Defender 2008-08-11 18:38 --------- d-----w C:\Program Files\Windows Collaboration 2008-08-11 18:38 --------- d-----w C:\Program Files\Windows Calendar 2008-08-11 17:51 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-08-11 17:51 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-07-28 21:55 --------- d-----w C:\ProgramData\Yahoo! Companion 2008-07-27 01:46 --------- d-----w C:\Users\Lee & Steph\AppData\Roaming\LimeWire 2008-07-14 18:22 --------- d-----w C:\Program Files\ZyDAS Technology Corporation 2008-07-14 18:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-05 17:41 --------- d-----w C:\Program Files\iDump 2008-07-01 19:17 --------- d-----w C:\Program Files\Nike+ Utility 2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-07 20:05 0 ----a-w C:\Users\Lee & Steph\AppData\Roaming\wklnhst.dat 2008-01-09 22:01 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-09 22:01 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-09 22:01 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ------- Sigcheck ------- 2008-01-19 08:33 21504 3794b461c45882e06856f282eef025af C:\Windows\System32\svchost.exe 2006-11-02 10:45 22016 10da15933d582d2fedcf705efe394b09 C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe 2008-01-19 08:33 21504 3794b461c45882e06856f282eef025af C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe 2008-01-19 08:36 627200 b974d9f06dc7d1908e825dc201681269 C:\Windows\System32\user32.dll 2006-11-02 10:46 633856 e698a5437b89a285aca3ff022356810a C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll 2007-09-14 04:16 633856 63b4f59d7c89b1bf5277f1ffefd491cd C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll 2007-09-14 04:16 633856 9d9f061eda75425fc67f0365e3467c86 C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll 2008-01-19 08:36 627200 b974d9f06dc7d1908e825dc201681269 C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll 2008-01-19 08:37 179200 b304d47d5744ba20fcb99fb8b2c07b0b C:\Windows\System32\ws2_32.dll 2006-11-02 10:46 178688 d99a071c1018bb3d4abaad4b62048ac2 C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll 2008-01-19 08:37 179200 b304d47d5744ba20fcb99fb8b2c07b0b C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll 2008-06-27 05:15 827392 618a51b5fb9dd5810960f6044c0e9289 C:\Windows\System32\wininet.dll 2006-11-02 10:46 822272 214a456aadcc7dd1b36e2287ba71a9ca C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16386_none_ffb23181a4e80112\wininet.dll 2007-12-14 06:22 822784 7dbb98ebb2d267acf9e6bc04aec6cbf3 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16448_none_ffdf73aba4c5c123\wininet.dll 2007-12-14 06:23 822784 9c1c977fa682d428c7133cf29013211b C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16473_none_ffba0275a4e29643\wininet.dll 2008-01-11 20:24 824832 f3b7b70b789056994406377ca8b06829 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16575_none_ffbc04efa4e0c618\wininet.dll 2008-02-13 10:31 824832 0ad9be4f82f0389ec9b8a58f2fd16442 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16609_none_000bb771a4a46504\wininet.dll 2008-02-21 05:43 826368 daeed2799d4d19f955c3e90b22a1e91e C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll 2008-04-25 05:23 826368 9191790bf02a8d759ec2b4e4fa868407 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\wininet.dll 2008-06-27 04:54 826368 e74d932ca7b3da8cdb7a5f11f5a03abc C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\wininet.dll 2007-12-14 06:22 823296 1ea5200f3d45efdfc25f630a52ddf9e5 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20547_none_0068102cbde44796\wininet.dll 2007-12-14 06:23 823808 355f1f19daad8f769936752f993ea8bf C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20583_none_0038cf54be0851fe\wininet.dll 2008-01-11 20:24 825344 0683cba27e3111cb87b682ca66475c0c C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20697_none_00320276be0cd072\wininet.dll 2008-02-13 10:31 825344 39fbdec53d5f7c5f4b7c35b9b1926a0f C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20734_none_006fe306bdded9ee\wininet.dll 2008-02-22 05:52 827392 f7ff1e0d443788d6ae4cbca593530099 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll 2008-04-25 05:09 827392 f40594128a6bfda6c3f0900796895078 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\wininet.dll 2008-06-27 04:49 827904 ae7150c0696c656d02fdd48259f4eff5 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\wininet.dll 2008-01-19 08:36 825856 455d715a840579bdc1cf8e5c1da76849 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll 2008-02-22 06:01 826880 482bccbf1fcbb3378100ff97081438c1 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll 2008-04-25 05:35 826880 44fd3968ad885026d94450832a78de8a C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\wininet.dll 2008-06-27 05:15 827392 618a51b5fb9dd5810960f6044c0e9289 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\wininet.dll 2008-02-22 05:52 826880 4e962b645608e6edb7d31b75921d07fa C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll 2008-04-25 05:22 826880 a86218059c228e7691a13e4cb63c4cdf C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\wininet.dll 2008-06-27 04:50 827904 edf59d63ddbc8be0bb4836efffc04bdc C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\wininet.dll 2008-04-26 09:26 891448 82e266bee5f0167e41c6ecfdd2a79c02 C:\Windows\System32\drivers\tcpip.sys 2008-01-19 08:43 891448 fc6e2835d667774d409c7c7021eaf9c4 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys 2008-04-26 09:26 891448 82e266bee5f0167e41c6ecfdd2a79c02 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys 2008-04-26 09:08 891448 01ec1e92595f839bee70d439c46796e3 C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys 2006-11-02 09:58 802816 d944522b048a5feb7700b5170d3d9423 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys 2008-01-11 20:33 802816 028061c7f6d2d03068c72e2a27e4228a C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys 2008-02-13 10:34 803328 5df77458aa92fdb36fce79c60f74ab5d C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys 2008-01-11 20:33 804352 43eae40b50fe3e60d194dd9c97ebb1fd C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys 2008-02-13 10:34 806400 52a8bd6294f7d1443c6184c67ae13af4 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys 2008-01-19 08:33 314880 c2610b6bdbefc053bbdab4f1b965cb24 C:\Windows\System32\winlogon.exe 2006-11-02 10:45 308224 9f75392b9128a91abafb044ea350baad C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe 2008-01-19 08:33 314880 c2610b6bdbefc053bbdab4f1b965cb24 C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe 2008-01-19 08:43 529464 9bdc71790fa08f0a0b5f10462b1bd0b1 C:\Windows\System32\drivers\ndis.sys 2006-11-02 10:51 500840 227c11e1e7cf6ef8afb2a238d209760c C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys 2008-01-19 08:43 529464 9bdc71790fa08f0a0b5f10462b1bd0b1 C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys 2008-04-26 09:25 3600952 6bb1994f5b62fef6268f1ebb4014e293 C:\Windows\System32\ntkrnlpa.exe 2006-11-02 10:51 3502184 cadaa2fcb7f3d18be056a34d84ee2ca1 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntkrnlpa.exe 2008-01-13 22:09 3504824 b0315aab99ca2cf6576e68465b3ac554 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntkrnlpa.exe 2008-01-11 20:26 3504824 a676d072ff3967821ec292f5c885a32d C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntkrnlpa.exe 2008-01-11 20:23 3504824 7b3de8f172bd5ba3842237088595e0dd C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16575_none_6a037312b730c69a\ntkrnlpa.exe 2008-02-13 10:35 3504696 0be027340c32d14abecda068e45e532a C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntkrnlpa.exe 2008-01-13 22:09 3504824 a59c7ea8f866ba9ebe06cb57f01fa5e1 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntkrnlpa.exe 2008-01-11 20:26 3504824 99ac9f5573f9376970a82d77731be62a C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntkrnlpa.exe 2008-01-11 20:22 3505848 0bdca5c80ed74ad207eec0535d2af508 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20697_none_6a797099d05cd0f4\ntkrnlpa.exe 2008-02-13 10:35 3505720 4821ab9f49b32cc17887ae861895826e C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntkrnlpa.exe 2008-01-19 08:43 3600440 fe51e8dbbef2d01ef886499fecbf2d78 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntkrnlpa.exe 2008-04-26 09:25 3600952 6bb1994f5b62fef6268f1ebb4014e293 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntkrnlpa.exe 2008-04-26 09:11 3601464 68eef02a8846442fe98ad0e0517ee6bc C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntkrnlpa.exe 2008-04-26 09:25 3549240 c9cd31b3cba8134f2b47fb5e78376acc C:\Windows\System32\ntoskrnl.exe 2006-11-02 10:51 3467880 883d5b644bfa3dc7298d4731b13af499 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntoskrnl.exe 2008-01-13 22:09 3470008 4f2488ec5d0ebfe868f47681bcf315d3 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntoskrnl.exe 2008-01-11 20:26 3471032 0e8f7801d17c7437cee216099b975163 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntoskrnl.exe 2008-01-11 20:22 3470520 2d202d94c6d0ec6b1483d2d47016fa0a C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16575_none_6a037312b730c69a\ntoskrnl.exe 2008-02-13 10:35 3470392 a0bf353a68b434f2bbff238feeb51486 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntoskrnl.exe 2008-01-13 22:09 3470520 99b743be7149970eb8d9c48fb0a41bf7 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntoskrnl.exe 2008-01-11 20:26 3471544 9e6991f557248a5e6e742d1081583969 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntoskrnl.exe 2008-01-11 20:22 3472056 2df67260dd3167402abc14dc11112686 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20697_none_6a797099d05cd0f4\ntoskrnl.exe 2008-02-13 10:35 3471928 b23072ae0fd60a2be57fd48f81ddb5bb C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntoskrnl.exe 2008-01-19 08:43 3548728 6700f35eba206e5c89ac27c9a124dc01 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntoskrnl.exe 2008-04-26 09:25 3549240 c9cd31b3cba8134f2b47fb5e78376acc C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntoskrnl.exe 2008-04-26 09:11 3549240 22d444d3d88a4c299894b3638a114bf7 C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntoskrnl.exe 2008-01-19 08:33 2927104 ffa764631cb70a30065c12ef8e174f9f C:\Windows\explorer.exe 2006-11-02 10:45 2923520 fd8c53fb002217f6f888bcf6f5d7084d C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe 2008-01-11 20:35 2923520 6d06cd98d954fe87fb2db8108793b399 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe 2008-01-11 20:35 2923520 bd06f0bf753bc704b653c3a50f89d362 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe 2008-01-19 08:33 2927104 ffa764631cb70a30065c12ef8e174f9f C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe 2008-01-19 08:33 279040 2b336ab6286d6c81fa02cbab914e3c6c C:\Windows\System32\services.exe 2006-11-02 10:45 279552 329cf3c97ce4c19375c8abcabae258b0 C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe 2008-01-19 08:33 279040 2b336ab6286d6c81fa02cbab914e3c6c C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe 2008-01-19 08:33 9728 dcf733788c7d088d814e5f80eb4b3e0f C:\Windows\System32\lsass.exe 2006-11-02 10:45 7680 6a0e382e74280e4cc0df17fe2661d003 C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe 2008-01-19 08:33 9728 dcf733788c7d088d814e5f80eb4b3e0f C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe 2006-11-02 10:45 8704 22bfd03df51065a9ed8d17f8fb72296b C:\Windows\System32\ctfmon.exe 2006-11-02 10:45 8704 22bfd03df51065a9ed8d17f8fb72296b C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe 2008-01-19 08:33 125952 846cdf9a3cf4da9b306adfb7d55ee4c2 C:\Windows\System32\spoolsv.exe 2006-11-02 10:45 124928 da612ef2556776df2630b68bf2d48935 C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe 2008-01-19 08:33 125952 846cdf9a3cf4da9b306adfb7d55ee4c2 C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe 2008-01-19 08:33 43008 8e93cdf0ea8edba63f07e2898a9b2147 C:\Windows\System32\wuauclt.exe 2006-11-02 10:46 41472 ff81090b6ef1a42a19df226632711d25 C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_6.0.6000.16386_none_acab9aecacae685d\wuauclt.exe 2008-01-10 16:16 53080 f3e9065eb617a7e3a832a7976bfa021b C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6000.381_none_981d19142bc9942c\wuauclt.exe 2008-01-19 08:33 43008 8e93cdf0ea8edba63f07e2898a9b2147 C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_a052d92e34802200\wuauclt.exe 2008-01-19 08:33 25088 0e135526e9785d085bcd9aede6fbcbf9 C:\Windows\System32\userinit.exe 2006-11-02 10:45 24576 22027835939f86c3e47ad8e3fbde3d11 C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe 2008-01-19 08:33 25088 0e135526e9785d085bcd9aede6fbcbf9 C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] 2008-06-25 18:13 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 08:36 2153472 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-06-01 00:35 326440] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-26 00:33 457216] "PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 02:33 204908] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 23:49 151552] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152] "YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 23:06 125208] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-30 20:07 1187448] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 09:56 4493312 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-06-15 09:45 1826816 C:\Windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 23:49 151552] "DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.EXE" [2007-12-04 13:32 111904] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 12:44:06 29696] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-14 04:38:32 535336] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520] Nike+ Utility.lnk - C:\Program Files\Nike+ Utility\Nike+ Utility.exe [2008-04-30 16:33:46 1228800] ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-07-14 19:22:04 475136] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{70313D0E-2D73-4A56-AFD6-6DE194F07AED}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B56D3BF4-3F81-4B33-85F3-23EB7C3A8D5B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{19E90D49-E626-40AC-8CC0-B24D5344399A}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{96734FEA-FF44-4EF2-960F-6A020D237C80}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician "{DDA71D86-E87D-43B1-97D0-A0FF5CEDA9E7}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD "{6EED23F9-336D-43A2-8477-17A2BB6F3F15}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine "{B18354C5-FBCC-49BE-9FA1-DCD4CA785D0B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician "{48C4529A-D0C4-4E7B-A6A5-ACA0E25F22CF}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia "{C3C0593F-EB72-431D-9221-A69405F1AAA9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect "{5CA689BC-45A5-4953-A562-BB126BA0CF1A}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service "{79C8CC84-3B2D-4E9A-BA11-E0CF1433E17F}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{D4DDFF20-8C12-4378-A7DE-3F568AB476AC}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{8471463F-3B4F-48C0-91EB-8BF54CB4504B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{89244C0D-A0E3-4090-B217-EBC09689762F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{0E2DB4E6-9B0E-4D41-9275-DF4C6ACCD605}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{941AE77F-351F-46CE-8FC2-65E8CF1B7324}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{370E513F-53FA-4888-BDEB-0D3ABB19ADA7}"= TCP:6004\|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{01C23780-CBD1-4DB8-949E-031832E4584A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{FF36DDE5-5115-4F6D-96C4-4EF227DF0D9E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{5B4F0E72-D700-4405-9871-3E11CFF7B8E3}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{1DF41B28-506E-49A3-B105-EFD5566C7FD7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe::Enabled:eDSfsu "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe::Enabled:encryption "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe::Enabled:decryption R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-22 02:33] R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 12:08] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 09:09] R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\Windows\system32\DRIVERS\zd1211Bu.sys [2005-08-17 15:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2008-01-06 C:\Windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-01-06 C:\Windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Apanel - C:\ACERSW\config\SetApanel.cmd HKLM-Run-{9775765e-f551-1bd0-c6ed-c1903ea0897a} - C:\Windows\system32\xfvukwcjujahsf.dll HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.sky.com R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 R0 -: HKLM-Main,Start Page = hxxp://en.uk.acer.yahoo.com R1 -: HKCU-Internet Settings,ProxyOverride = .local R1 -: HKCU-SearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/http://uk.yahoo.com O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 -: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com *********************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-17 16:32:19 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Windows\System32\WUDFHost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe . ************************************************************************ . Completion time: 2008-08-17 16:37:35 - machine was rebooted [Lee & Steph] ComboFix-quarantined-files.txt 2008-08-17 15:37:11 Pre-Run: 49,985,810,432 bytes free Post-Run: 49,842,692,096 bytes free 341 --- E O F --- 2008-08-13 15:55:36

LDTate View Member Profile	Aug 17 2008, 11:34 AM Post #8
Forum God Group: Root Admin Posts: 48,333 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	1. All tools MUST be run from the executable. (.exe) With Admin Rights (Right click, choose "Run as Administrator") http://forums.whatthetech.com/We_do_not_support_t91501.html P2P programs 1.Click Start > Settings > Control Panel. 2.Next, open Add/Remove LimeWire Open notepad and copy/paste the text in the Codebox below into it: CODE File:: C:\Windows\System32\gsfucpauuvliuu.exe C:\Windows\system32\xfvukwcjujahsf.dll Folder:: C:\Program Files\Bonjour Save this as Save this as "CFScript" Drag CFScript.txt into ComboFix.exe Then post the results log and a new HijackThis log. Also please describe how your computer behaves at the moment.

Stephie24 View Member Profile	Aug 19 2008, 03:29 PM Post #9
New Member Group: New Member Posts: 6 Joined: 2-August 08 From: Edinburgh Member No.: 80,704 Operating System: Vista	Hi, Limewire is removwed and should have been removed about 4 weeks ago, but it is definately removed now. PC is doing alot better - not as frequent pop ups from the intelligent advisor and since connecting i don't think i remember seeing one. i need to log on the pc for longer to ensure that i recieve no more pop ups from IA. Scan results as followed are: ComboFix 08-08-18.05 - Lee & Steph 2008-08-19 22:00:27.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.305 [GMT 1:00] Running from: C:\Users\Lee & Steph\Desktop\ComboFix.exe Command switches used :: C:\Users\Lee & Steph\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: C:\Windows\System32\gsfucpauuvliuu.exe C:\Windows\system32\xfvukwcjujahsf.dll . Error: Cfiles.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Bonjour C:\Program Files\Bonjour\About Bonjour.rtf C:\Program Files\Bonjour\mdnsNSP.dll C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\gsfucpauuvliuu.exe . ((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 ))))))))))))))))))))))))))))))) . 2008-08-13 16:54 . 2008-07-16 02:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-12 20:12 . 2008-06-19 04:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-11 19:31 . 2008-08-11 19:31 <DIR> d-------- C:\PerfLogs 2008-08-03 18:49 . 2008-01-19 08:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll 2008-08-03 18:48 . 2008-01-19 08:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr 2008-08-03 18:47 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll 2008-08-03 18:46 . 2008-01-19 08:32 5,714,432 --a------ C:\Windows\System32\logon.scr 2008-08-03 18:45 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-08-03 18:44 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe 2008-08-03 18:44 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc 2008-08-03 18:44 . 2008-01-05 12:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc 2008-08-03 18:44 . 2008-01-05 12:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs 2008-08-03 18:44 . 2008-01-05 12:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs 2008-08-03 18:44 . 2008-01-05 12:39 150 --a------ C:\Windows\System32\RacUREx.xml 2008-08-03 18:44 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf 2008-08-03 18:43 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-08-03 18:42 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-08-03 18:42 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-08-03 18:42 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-08-03 18:42 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-08-03 18:42 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-08-03 18:42 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-08-03 18:42 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-08-03 18:42 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-08-03 18:18 . 2008-08-03 18:18 <DIR> d-------- C:\Users\Lee & Steph\AppData\Roaming\Malwarebytes 2008-08-03 18:18 . 2008-08-03 18:18 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-08-03 18:18 . 2008-08-03 18:18 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-08-03 18:18 . 2008-08-03 18:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-03 18:18 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-08-03 18:18 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-07-28 22:57 . 2008-07-28 22:57 <DIR> d-------- C:\Program Files\Common Files\Scanner 2008-07-28 22:57 . 2008-07-28 23:00 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy 2008-07-28 22:53 . 2008-07-28 22:53 <DIR> d-------- C:\Users\Lee & Steph\AppData\Roaming\Yahoo! 2008-07-28 21:52 . 2008-07-29 00:09 <DIR> d-a------ C:\Users\All Users\TEMP 2008-07-28 21:52 . 2008-07-29 00:09 <DIR> d-a------ C:\ProgramData\TEMP 2008-07-27 02:36 . 2008-07-28 22:08 <DIR> d-------- C:\Program Files\AdvancedTool . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-16 11:23 --------- d-----w C:\Program Files\McAfee 2008-08-13 15:55 --------- d-----w C:\Program Files\Windows Mail 2008-08-11 18:47 174 --sha-w C:\Program Files\desktop.ini 2008-08-11 18:38 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-11 18:38 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-08-11 18:38 --------- d-----w C:\Program Files\Windows Journal 2008-08-11 18:38 --------- d-----w C:\Program Files\Windows Defender 2008-08-11 18:38 --------- d-----w C:\Program Files\Windows Collaboration 2008-08-11 18:38 --------- d-----w C:\Program Files\Windows Calendar 2008-07-28 21:55 --------- d-----w C:\ProgramData\Yahoo! Companion 2008-07-27 01:46 --------- d-----w C:\Users\Lee & Steph\AppData\Roaming\LimeWire 2008-07-14 18:22 --------- d-----w C:\Program Files\ZyDAS Technology Corporation 2008-07-14 18:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-05 17:41 --------- d-----w C:\Program Files\iDump 2008-07-01 19:17 --------- d-----w C:\Program Files\Nike+ Utility 2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-07 20:05 0 ----a-w C:\Users\Lee & Steph\AppData\Roaming\wklnhst.dat 2008-01-09 22:01 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-09 22:01 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-09 22:01 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-08-17_16.35.55.08 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-17 15:30:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-08-19 21:06:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-08-19 21:06:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-08-17 15:31:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-08-19 21:07:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-08-19 21:07:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-08-17 15:31:02 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-08-19 21:07:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-08-19 21:07:04 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-08-17 13:00:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-08-19 20:39:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-08-17 13:00:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-08-19 20:39:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-08-17 13:00:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-08-19 20:39:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-08-17 15:23:35 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-08-19 21:00:08 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat - 2008-08-17 15:03:53 105,448 ----a-w C:\Windows\System32\perfc009.dat + 2008-08-19 20:36:08 105,448 ----a-w C:\Windows\System32\perfc009.dat - 2008-08-17 15:03:53 599,942 ----a-w C:\Windows\System32\perfh009.dat + 2008-08-19 20:36:08 599,942 ----a-w C:\Windows\System32\perfh009.dat - 2008-08-17 15:01:18 6,946 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-73388062-1814890543-907049141-1000_UserData.bin + 2008-08-19 21:08:33 7,240 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-73388062-1814890543-907049141-1000_UserData.bin - 2008-08-17 15:01:18 55,444 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-08-19 21:08:32 55,516 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-08-17 15:32:30 58,060 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-08-19 21:08:19 58,084 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] 2008-06-25 18:13 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 08:36 2153472 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-06-01 00:35 326440] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-26 00:33 457216] "PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 02:33 204908] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 23:49 151552] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152] "YMailAdvisor"="C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 23:06 125208] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-30 20:07 1187448] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 09:56 4493312 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-06-15 09:45 1826816 C:\Windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 23:49 151552] "DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.EXE" [2007-12-04 13:32 111904] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 12:44:06 29696] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-14 04:38:32 535336] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520] Nike+ Utility.lnk - C:\Program Files\Nike+ Utility\Nike+ Utility.exe [2008-04-30 16:33:46 1228800] ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-07-14 19:22:04 475136] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{70313D0E-2D73-4A56-AFD6-6DE194F07AED}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B56D3BF4-3F81-4B33-85F3-23EB7C3A8D5B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{19E90D49-E626-40AC-8CC0-B24D5344399A}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{96734FEA-FF44-4EF2-960F-6A020D237C80}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician "{DDA71D86-E87D-43B1-97D0-A0FF5CEDA9E7}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD "{6EED23F9-336D-43A2-8477-17A2BB6F3F15}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine "{B18354C5-FBCC-49BE-9FA1-DCD4CA785D0B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician "{48C4529A-D0C4-4E7B-A6A5-ACA0E25F22CF}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia "{C3C0593F-EB72-431D-9221-A69405F1AAA9}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect "{5CA689BC-45A5-4953-A562-BB126BA0CF1A}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service "{79C8CC84-3B2D-4E9A-BA11-E0CF1433E17F}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{D4DDFF20-8C12-4378-A7DE-3F568AB476AC}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{8471463F-3B4F-48C0-91EB-8BF54CB4504B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{89244C0D-A0E3-4090-B217-EBC09689762F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{0E2DB4E6-9B0E-4D41-9275-DF4C6ACCD605}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{941AE77F-351F-46CE-8FC2-65E8CF1B7324}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{370E513F-53FA-4888-BDEB-0D3ABB19ADA7}"= TCP:6004\|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{01C23780-CBD1-4DB8-949E-031832E4584A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{FF36DDE5-5115-4F6D-96C4-4EF227DF0D9E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{5B4F0E72-D700-4405-9871-3E11CFF7B8E3}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{1DF41B28-506E-49A3-B105-EFD5566C7FD7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe::Enabled:eDSfsu "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe::Enabled:encryption "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe::Enabled:decryption R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-22 02:33] R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 12:08] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 09:09] R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\Windows\system32\DRIVERS\zd1211Bu.sys [2005-08-17 15:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2008-01-06 C:\Windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-01-06 C:\Windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . *********************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-19 22:07:49 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Windows\System32\WUDFHost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\McAfee\VirusScan\mcsysmon.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\Windows\System32\wbem\WMIADAP.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\dllhost.exe . ************************************************************************ . Completion time: 2008-08-19 22:13:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-19 21:12:59 ComboFix2.txt 2008-08-17 15:37:36 Pre-Run: 49,686,683,648 bytes free Post-Run: 49,565,376,512 bytes free 243 --- E O F --- 2008-08-13 15:55:36 Kindest Thanks, Stephanie.

LDTate View Member Profile	Aug 19 2008, 05:50 PM Post #10
Forum God Group: Root Admin Posts: 48,333 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Post a new HijackThis log. 1. All tools MUST be run from the executable. (.exe) With Admin Rights (Right click, choose "Run as Administrator")

Stephie24 View Member Profile	Aug 24 2008, 03:41 PM Post #11
New Member Group: New Member Posts: 6 Joined: 2-August 08 From: Edinburgh Member No.: 80,704 Operating System: Vista	Hi, I'm struggling to do this. i've right clicked but can't see the option. i've also searched for this but don't know how to do it. can you advise please?

LDTate View Member Profile	Aug 24 2008, 07:40 PM Post #12
Forum God Group: Root Admin Posts: 48,333 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	QUOTE (Stephie24 @ Aug 24 2008, 04:41 PM) Hi, I'm struggling to do this. i've right clicked but can't see the option. i've also searched for this but don't know how to do it. can you advise please? Are you right clicking on the file HijackThis.exe?

LDTate View Member Profile	Aug 28 2008, 08:59 AM Post #13
Forum God Group: Root Admin Posts: 48,333 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	You still with me on this?

LDTate View Member Profile	Sep 1 2008, 06:22 AM Post #14
Forum God Group: Root Admin Posts: 48,333 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

« Next Oldest · Infections Removal · Next Newest »

Closed Topic

Start new topic

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Infections Removal Poor Malware Removal 12	29	elmkd	490	51 minutes ago Last post by: oldman960
		Infections Removal [Closed] Kaspersky Log	2	ArtemusGordon	56	Today, 09:41 AM Last post by: LDTate
		Infections Removal [Closed] hijack this logfile	5	livewiredrinker	71	Today, 09:23 AM Last post by: SweetTech
		Infections Removal [Resolved] Spyware>Malware>Virus Removal>Infections Removal 12	25	Charlene Reeves	372	Yesterday, 02:54 PM Last post by: LDTate

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 16th March 2010 - 01:17 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2010 IPS, Inc.