13 replies to this topic

[polly]

Hello! I'm sorry that I totally reposted this from below. Admin people, please feel free to delete my other post. I just realized that I was stupid in my naming of the post and that it would probably never get seen... Here's the deal: I have a Dell with Windows XP. I've been getting this fake "Windows Security Alert, Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! Click YES to download spyware remover..." It's been there for a couple of months, and I know it's not good, but I've just been moving it aside and ignoring it. Bad, I know. Well, then my control panel disappeared. And I looked on a forum to see how to get it back. I can get it back, but I can't access anything in it, and it goes away again once in a while. I am also now getting a "Google Desktop did not startup successfully" box. My IE stopped working two days ago, but I just went into my Personal Firewall and figured out that it was blocked. I unblocked it and it is working now. Oh, and when I try to access, well, almost anything, I get an error "Restrictions, This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator." So...I came on here and then tried to follow the instructions to download HijackThis. I got the little setup dooey on my desktop, but I'm trying to install and I have and Error: "C:\Program Files\HijackThis\HijackThis.exe An error occurred while trying to rename a file in the destination directory: MovieFile failed; code 5. Access is denied. Click Retry to try again, Ignore to skip this file (not recommended), or Abort to cancel installation." Please help! I work from my computer, and this is really making me crazy. Any help would be GREATLY appreciated! As soon as I can get a HijackThis log I will post it. Do you have any idea what I should do with this HijackThis error? Thanks! Erin

Edited by polly, 16 November 2007 - 11:20 PM.

[MrCharlie]

Welcome to the forum and please don't start any new posts..stay in this one!!!

Download to your desktop "FixPolicies.exe", a self-extracting ZIP archive from HERE.

Double-click FixPolicies.exe.
Click the Install button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd
A black box will briefly appear and then close.

----------------

1. Download RVAXO.exe to your desktop.

2. Double click on RVAXO.exe and choose unzip.
It will install to a folder called Rvaxo.

3. Now open up the Rvaxo folder and double click on RVAXO.cmd

You will see a small window pop up, and quickly some lines will run , then the window will close by itself, this is normal behavior.
Then it is possible for an uninstaller of some roque scanner to start up, do not close this but follow all prompts there, and let it run its course.

4. When it's done the computer will reboot.....press any key to reboot.

5. After reboot RVAXO will run again, let it finish

6. After it's done it will create a file called RVAXO-results.log in C:\RVAXO-results.log

7. Copy and paste it back here


-----------------

Next.......

Please download SUPERAntiSpyware Home Edition (free)

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes, Let it through your firewall!
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:

• Close browsers before scanning
• Scan for tracking cookies
• Terminate memory threats before quarantining.
• Ignore System Restore/Volume Information on ME and XP
• Please leave the others unchecked.
• Click the Close button to leave the control center screen.

On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click
Yes.

To retrieve the removal information - please do the following:

• After reboot, double-click the SUPERAntispyware icon on your desktop.
• Click Preferences . Click the Statistics/Logs tab .
• Under Scanner Logs , double-click SUPERAntiSpyware Scan Log .
• It will open in your default text editor (such as Notepad/Wordpad).
• Please highlight everything , then right-click and choose copy.
• Click close and close again to exit the program.

Now please paste the removal information along with a fresh HijackThis log in your reply. If it's a large log, you may need several replies to post it.
Please don't forget the log from RVAXO.

Good Luck, MrC

[polly]

Thank you so much for being here! Here is all I got from the rvaxo.exe thing: ----------------RVAXO.exe first run------------- Files found: C:\WINDOWS\exploeee.exe C:\WINDOWS\svhjdsah.exe C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\WinAvXX.exe C:\WINDOWS\system32\vtr.dll C:\WINDOWS\system32\explore.exe Uninstallers Rogue scanners: Folders Found: Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Files found: Folders Found: --------------RVAXO.exe finished---------------- Files found: After this showed up, the black box popped up again with: "Could Not Find C:\RVAXO.reg File not found - C:\WINDOWS\system32\regedit.com Could Not Find C:\WINDOWS\system32\regedit.com File not found - C:\WINDOWS\system32\cmd.com Could Not Find C:\WINDOWS\SYSTEM32\cmd.com The system cannot find the file specified." I also got a popup that says: "Registry editing has been disabled by your administrator" I am going to download the SUPERAntiSpyware now and will then post an HJT log. Thank you again, and please let me know if there is anything else I need to do about the RVAXO

[MrCharlie]

I also got a popup that says:
"Registry editing has been disabled by your administrator"

Run FixPolicies.exe again.....reboot and.....

Download combofix.exe To Your Desktop from the link below:
http://download.blee...Bs/ComboFix.exe

Double click combofix.exe & follow the prompts.
A window will open with a warning.
Type "Y" (and Enter) to start the fix.
When the scan completes it will open a text window.
Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

Please post that log too, MrC

[polly]

SUPERAntiSpyware Scan Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/17/2007 at 10:22 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 02:50:37

Memory items scanned : 671
Memory threats detected : 0
Registry items scanned : 5788
Registry threats detected : 28
File items scanned : 97744
File threats detected : 402

MyWay Search Assistant Computers
HKLM\Software\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\Programmable
C:\PROGRAM FILES\MYWAYSA\SRCHASDE\1.BIN\DESRCAS.DLL
HKLM\Software\Classes\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Control
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\MiscStatus\1
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\ProgID
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\TypeLib
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\Version
HKCR\CLSID\{4D25F924-B9FE-4682-BF72-8AB8210D6D75}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32#ThreadingModel
HKCR\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\Programmable
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-21-2761986962-667163744-2159242065-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{4D25F926-B9FE-4682-BF72-8AB8210D6D75}

Adware.Tracking Cookie
C:\Documents and Settings\Aroon\Cookies\aroon@partner2profit[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.addynamix[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@stats.channel4[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@fastclick[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ww3.shoshkeles[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@burstnet[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@S149245[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@cgi-bin[7].txt
C:\Documents and Settings\Aroon\Cookies\aroon@nextag[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@statcounter[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@login.tracking101[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@client.enhance[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@perf.overture[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.uproar[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@casalemedia[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.adsag[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@cgi-bin[5].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adtrak[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@web-stat[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.burstbeacon[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@a.websponsors[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@trafficmp[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@phg.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@northwestairlines.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@bluestreak[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adknowledge[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@112.2o7[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@rightmedia[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@dcskqeg2voifwznnd6alhtnei_8f3u[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@webstat[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@server.iad.liveperson[10].txt
C:\Documents and Settings\Aroon\Cookies\aroon@sales.liveperson[3].txt
C:\Documents and Settings\Aroon\Cookies\aroon@targetnet[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-citrixonline.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@maxserving[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.vnuemedia[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@sources.sourcetool[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.pointroll[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@e-2dj6wjlycjc5ckp.stats.esomniture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@doubleclick[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@overture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@server.iad.liveperson[7].txt
C:\Documents and Settings\Aroon\Cookies\aroon@e-2dj6wfk4qjdjako.stats.esomniture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@c.enhance[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@apmebf[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@2o7[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@cgi-bin[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@edge.ru4[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.tropicaltraditions[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@cgi-bin[3].txt
C:\Documents and Settings\Aroon\Cookies\aroon@advertising[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@S149247[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@xiti[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.theadvertiser[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-zoomerang.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@indextools[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@msnportal.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@S148884[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-ontargetjobs.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@perfectpaycheck.directtrack[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@media.adrevolver[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@dealtime[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@questionmarket[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@statse.webtrendslive[6].txt
C:\Documents and Settings\Aroon\Cookies\aroon@findwhat[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adrevolver[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adopt.hbmediapro[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@tribalfusion[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@offersquest.directtrack[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@valueclick[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adprofile[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@atdmt[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@mediaplex[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adopt.specificclick[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@z1.adserver[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-airtran.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@serving-sys[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@realmedia[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-reddoorinteractive.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@metareward[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@tdstats[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@coolsavings[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@bs.serving-sys[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@pro-market[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@e-2dj6wjlygkazmfo.stats.esomniture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@citi.bridgetrack[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@serviceswitching[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@linksynergy[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@S005-01-7-11-261455-88277[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@azjmp[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.expedia[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adserver.matchcraft[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@kanoodle[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@zedo[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@qksrv[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@atwola[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@S130376[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@S151261[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-quiksilver.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adv.webmd[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@paypal.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@e-2dj6wjlospdpeko.stats.esomniture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-randomhouse.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@12362[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@v7.stats.load[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads2.drivelinemedia[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@indexstats[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@revenue[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@belnk[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@paycounter[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@harpo.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@revsci[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@10512[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@data1.perf.overture[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@statse.webtrendslive[4].txt
C:\Documents and Settings\Aroon\Cookies\aroon@anat.tacoda[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@tracking.citibank[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@bizrate[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-mattress.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@roiservice[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.adultfreevideos[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adopt.euroclick[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adbrite[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@stats.manticoretechnology[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@mycounter.tinycounter[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@tradedoubler[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@rotator.adjuggler[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@e-2dj6wjkywhdzeap.stats.esomniture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.smartadserver[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@icc.intellisrv[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@tracker.myspacemaps[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@stat.onestat[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@mediaonenetwork[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@doubleclick.hertz[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@data2.perf.overture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@lotusmedia[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.cnn[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@rainbowmedia.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@e-2dj6wjmygpczmgo.stats.esomniture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@cqcounter[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@admarketplace[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@stat.dealtime[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@a[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-triseptsoultions.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ad.yieldmanager[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@popularscreensavers[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@jcrew.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@10510[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@e-2dj6wfmyclcjgko.stats.esomniture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.addesktop[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.monster[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@e-2dj6wflikjd5mhq.stats.esomniture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@realmedia.co[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@nbtracking[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@clicks.brokeringtraffic[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@keywordmax[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-jag.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@data4.perf.overture[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@statse.webtrendslive[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@c.goclick[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@efashionsolutions.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@reduxads.valuead[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-sonyny.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@counter4.sextracker[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@tropicaltraditions[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@entrepreneur[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@screensavers[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@marthastewart.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ford.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.teensporn[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@wvw.silkroadtech[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.topix[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@anad.tacoda[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@enhance[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adinterax[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@alltracked[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@jays-xxx-links[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@1us.cqcounter[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@teendreams[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@mars.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@h.starware[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@34292599[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@web4.realtracker[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@prnewswire.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-intuit.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@uk.sitestat[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@38282[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@lonelyplanet.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@mb[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@media.hopstop[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@yieldmanager[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@sdc.multicastmedia[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adlegend[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.directnetadvertising[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-timeout.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@statse.webtrendslive[5].txt
C:\Documents and Settings\Aroon\Cookies\aroon@247realmedia[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@counter2.hitslink[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@cz3.clickzs[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@precisionclick[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@counter.hitslink[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@tacoda[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@cnn.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-hollywoodmedia.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-foundation.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-bizjournals.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@redorbit[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@partners.adultadworld[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@bannerads[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@clickauditor[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@cbs.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.jays-xxx-links[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@cs.sexcounter[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@hertz.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@38283[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@sales.liveperson[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@mia.citi.bridgetrack[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@sextracker[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@banner[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@data3.perf.overture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www5.addfreestats[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@38290[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@lynxtrack[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-suite101.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@as-eu.falkag[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@try.starware[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adserver1.backbeatmedia[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-salemwebnetworks.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-associatednewmedia.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.googleadservices[4].txt
C:\Documents and Settings\Aroon\Cookies\aroon@marketworksinc.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-rodale.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@mb[4].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-teococorp.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.ticketsnow[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@server.iad.liveperson[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@go.winantivirus[3].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.googleadservices[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@scholastic.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-adaptivemarketing.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@i.screensavers[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.consumeraffairs[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@hc2.humanclick[3].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ad.iconadserver[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@snapfish.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@kaboose.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ergoweb.advertserve[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@countercentral[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@valueclick[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@itxt.vibrantmedia[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.revsci[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@financialcontent.advertserve[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@CADWZD1Q.txt
C:\Documents and Settings\Aroon\Cookies\aroon@ad.motiveinteractive[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@statse.webtrendslive[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@vhost.oddcast[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-space.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@hypertracker[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@specificclick[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@tracker.wholinked[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@client.enhance[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@clicksor[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.adbrite[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@theweddingtracker[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@viewers.multicastmedia[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@bannerads.wedalert[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-chicos.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@mediabistro[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@uk.sitestat[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-penguingroupusa.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@hg1.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@wpni.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@tremor.adbureau[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@38302[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-davidsbridal.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@server.iad.liveperson[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@stgmediacorp[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@sales.liveperson[5].txt
C:\Documents and Settings\Aroon\Cookies\aroon@image.masterstats[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@hentaicounter[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@38262[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@m1.webstats4u[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@4.adbrite[3].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-weddingwindow.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@stats2.clicktracks[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@eb.adbureau[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ge.bridgetrack[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.googleadservices[5].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.bigfoot[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.googleadservices[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@incisivemedia.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@server.iad.liveperson[3].txt
C:\Documents and Settings\Aroon\Cookies\aroon@spamblockerutility[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@media.hotels[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adserver2.teracent[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@server.iad.liveperson[5].txt
C:\Documents and Settings\Aroon\Cookies\aroon@sitetrafficstats[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@stats1.clicktracks[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@adtech[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.googleadservices[3].txt
C:\Documents and Settings\Aroon\Cookies\aroon@server.iad.liveperson[9].txt
C:\Documents and Settings\Aroon\Cookies\aroon@hc2.humanclick[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@rocku.adbureau[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@m1.webstats.motigo[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@bizjournals.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@eyewonder[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-findlaw.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@anheuserbusch.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.screensavers[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ezzs.valueclick[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@yadro[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-zoom.hitbox[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@richmedia.yahoo[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@statse.webtrendslive[3].txt
C:\Documents and Settings\Aroon\Cookies\aroon@marketlive.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@banners.decisionmark[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@clickbank[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.theweddingtracker[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.burstnet[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-pfizer.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@livestat[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@server.iad.liveperson[6].txt
C:\Documents and Settings\Aroon\Cookies\aroon@3.adbrite[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@sitestat.mayoclinic[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@server.iad.liveperson[8].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.associatedcontent[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@nextstat[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@imagemedia[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@tracking.foxnews[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.ak.facebook[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.onestat[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@nasdaq.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@hc2.humanclick[4].txt
C:\Documents and Settings\Aroon\Cookies\aroon@media.adrevolver[3].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@primediabusiness.122.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.realtechnetwork[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@superstats[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@brightcove.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@e-2dj6wfliskcjslp.stats.esomniture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ge.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@go.winantivirus[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@media.mtvnservices[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@saa-push.worldmedia[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@www.googleadservices[6].txt
C:\Documents and Settings\Aroon\Cookies\aroon@gostats[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@sales.liveperson[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@hc2.humanclick[5].txt
C:\Documents and Settings\Aroon\Cookies\aroon@banners.broadwayworld[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@clickaider[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@e-2dj6wgliolcjmeq.stats.esomniture[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ehg-oreilly.hitbox[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@server.iad.liveperson[11].txt
C:\Documents and Settings\Aroon\Cookies\aroon@statse.webtrendslive[7].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.shopthescene[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@CAGYFL4P.txt
C:\Documents and Settings\Aroon\Cookies\aroon@podshow.112.2o7[1].txt
C:\Documents and Settings\Aroon\Cookies\aroon@stats[2].txt
C:\Documents and Settings\Aroon\Cookies\aroon@wTracker[2].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@2o7[1].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@ad.yieldmanager[2].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@ads.addynamix[1].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@ads.pointroll[1].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@advertising[1].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@atdmt[2].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@casalemedia[2].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@cbs.112.2o7[1].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@doubleclick[2].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@fastclick[1].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@mediabistro[1].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@mediaplex[2].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@questionmarket[1].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@realmedia[2].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@trafficmp[1].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@tribalfusion[2].txt
C:\Documents and Settings\Aroon\Local Settings\Temp\Cookies\aroon@zedo[2].txt
C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.addynamix[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediabistro[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt
C:\WINDOWS\Temp\Cookies\aroon@statse.webtrendslive[2].txt

HJT log coming next!

[polly]

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:45 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\printer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\explore.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\fredflinstone.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: info.exe
O4 - Startup: system.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: info.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14535 bytes


I'll do the combofix thing now...

[polly]

OK, MrC. Here's the ComboFix log. Thanks so much for looking these over!

ComboFix 07-11-08.1 - Aroon 2007-11-17 23:04:18.1 - NTFSx86
Running from: C:\Documents and Settings\Aroon\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\info.exe
C:\Documents and Settings\Aroon\Start Menu\Programs\Startup\info.exe
C:\Documents and Settings\Aroon\Start Menu\Programs\Startup\system.exe
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 23:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 19:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-17 19:25 <DIR> d-------- C:\Documents and Settings\Aroon\Application Data\SUPERAntiSpyware.com
2007-11-17 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-17 19:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 19:08 <DIR> d-------- C:\RVAXO
2007-11-17 19:04 432,760 --a------ C:\WINDOWS\SYSTEM32\RVAXO.bat
2007-11-17 19:04 69,632 --a------ C:\WINDOWS\SYSTEM32\remove.exe
2007-11-17 07:53 <DIR> d-------- C:\HJT
2007-11-13 08:07 <DIR> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 04:00 --------- d-----w C:\Documents and Settings\Aroon\Application Data\McAfee.com Personal Firewall
2007-11-17 01:05 --------- d-----w C:\Documents and Settings\Aroon\Application Data\U3
2007-11-17 01:04 49,036 ----a-w C:\Documents and Settings\Aroon\Application Data\wklnhst.dat
2007-05-18 00:52 58,896 ----a-w C:\Documents and Settings\Aroon\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-08-22 02:04]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-20 01:48]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-09-08 00:08]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-11 05:10]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 19:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-05-17 04:18]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 09:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 09:05]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 16:50]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 16:50]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 23:15]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-18 02:26]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-08-18 02:29]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-12-14 10:08]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-18 00:55]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 23:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-29 20:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 06:20]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 06:08]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 06:55]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 06:55]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 15:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 22:41]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-08 06:55]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-18 20:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2004-08-06 22:33]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 17:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 05:32]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-05-14 04:29:44]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-12-14 10:07:24]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-12-14 09:53:53]
Kodak EasyShare software.lnk - C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 15:04:48]
KODAK Software Updater.lnk - C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 21:12:08]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2006-02-27 06:01:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 00:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R2 BASFND;BASFND;\??\C:\WINDOWS\system32\Drivers\BASFND.sys
R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-01-31 01:51:58 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2007-11-17 21:14:19 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ERIN-Aroon).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-11-17 21:15:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DJ7HL961-Owner).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-17 21:07:00 C:\WINDOWS\Tasks\McAfee.com Update Check (ERIN-Adam).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-17 21:15:00 C:\WINDOWS\Tasks\McAfee.com Update Check (ERIN-Aroon).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 23:13:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-17 23:17:49 - machine was rebooted
.
--- E O F ---

[MrCharlie]

Looks Good, I just need a fresh HJT log............Thanks....MrC

[polly]

Thank you!!!

Still getting the "Google Desktop did not startup successfully" popup, though... Would this have to do with the infection?

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:13 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\fredflinstone.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish....pfishUpload.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13634 bytes

[MrCharlie]

Still getting the "Google Desktop did not startup successfully" popup, though... Would this have to do with the infection?

It's hard to say but it's there and running......You may have to uninstall then reinstall it.

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

----------------------

Just get this one:

Close ALL programs down, leaving ONLY HijackThis running - Click Scan and.....
Place a check against the following items if found:

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Click on Fix Checked and exit HijackThis.

----------------

How's it running, MrC

[polly]

To the amazing MrC... Did that, and thing seem to be fine! Thank you so much!!! Should I leave all those things that I installed on my computer, or delete them? (Hijack This, RVAZO, ComboFix...)

[MrCharlie]

That's Good News

Yes you can delete them...you'll find that info below:

If you have any questions - please post back

I'll leave you with........

Some Preventive Maintenance:

Some of the programs you may have run create backups of what was deleted - you can safely delete them now: (delete folders in blue) You can also delete/uninstall the programs themselves.

C:\!KillBox (KillBox)
C:\VundoFix Backups (VundoFix)
C:\QooBox (ComboFix)
C:\SDFix\backups\backups.zip (SDFix)
C:\avenger\backup.zip (Avenger)
C:\_OTMOVEIT folder (OTMoveIt)

RVAXO:
You can use Uninstall.cmd to remove everything from RVAXO, it will be found in the RVAXO-folder on your desktop.
Then delete the RVAXO folder and RVAXO.exe.

If you used AVG Anti-Spyware and/or SuperAntiSpyware...........

Open up SuperAntiSpyware > Preferences > General and Start-up > Start-up Options > Uncheck > Start SAS when Windows Starts.
"SAS free" provides no real time protection so there's no need for it to be running, I suggest you keep the program and update regularly - you can use it to scan for malware. It's an excellent program. When you want to start it - just double click on the SAS icon.

AVG Anti-Spyware will provide 30 days of real time protection and then after that you can use it to scan for malware - you'll have to manually update it first.


------------------Must have or do:-----------------

Now that you're clean: <----Important Step!!!!
Delete your system restore files and create a new restore point (XP only):

Note: This will remove all previous Restore Points!

1. Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer,

2. Turn on System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UnCheck Turn off System Restore.
Click Apply, and then click OK.

Visit Windows Update and install all the lastest critical updates.

Install these two free programs, they sit in the backround and protect your system from spy and adware being installed on your system, also from your browser being hijacked.

SpywareBlaster Check for updates weekly.

SpywareGuard

IE-SPYAD
Puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
or try the new ZonedOut

Blocking Unwanted Parasites with a Hosts File
Direct Download - MVPS HOSTS <==> MVPS HOSTS Tutorial

Need a free anti virus?
AVG*free
Avast Free
AntiVir® PersonalEdition Classic
-->Check for updates - daily<---

How about a firewall? The front door to your computer.
Windows firewall is not suffient...install a better one.
Comodo Free Firewall
ZoneAlarm*free
Other free firewalls

Keep those temp files off your system use
ATF Cleaner - hit "select all" then just uncheck "cookies" (uncheck cookies is optional - leave it checked if you want to delete all cookies) then "empty selected"
or
CCleaner
Uncheck "Cookies" under "Internet Explorer".
That will clear out all the temp files on the system.

IMPORTANT!!
Keep your Sun Java up-to-date JRE Version 6 Update 3<--newest version
Delete ALL old versions from add/remove programs if listed first!
Check HERE

Keep the registry backed up - use ERUNT
Print this out and save it
ERUNT Tutorial

Starter Manage you startup programs and services.

----------Free malware removal programs:----------

AVG Anti-Spyware<---VERY GOOD! (XP and 2K only)
SUPERAntiSpyware (free edition)<---Excellent!
AVG Anti-Rootkit Free Edition Run it!!
SpyBot
AD-Aware
CW-Shredder

Please consider using FireFox instead of Internet Explorer. A more secure browser! Easy to make the change!
FireFox Tutorial


Pop-up stoppers:
GoogleToolBar
Pop-upStopperFree

Disable "Windows Messenger Service" XP - 2K (stops pop-up ads -etc):
Shoot The Messenger

Anti-Rootkit Software - Detection, Removal & Protection

Reduce Online Fraud

Slow Computer - Check Here

Don't open e-mail attachments without first scanning them with an up-to-date anti virus program, even after doing that I would be very careful. Don't click on any executables in e-mails or any other links that you're not sure of.
Don't believe e-mails from your bank, financial institution, etc asking for personal informations - they're most likely fraudulent no matter how authentic they look.
Watch your surfing habits, don't click on or download anything you're not sure of. Don't install a program that hasn't been recommended by a reputable organization.

Good luck and thanks for using the forum - MrC

[polly]

Thank you! I will recommend this site to everyone. Take care! Erin

[MrCharlie]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.