junior40

I have a question about my computer. I recently got my computer reformatted. When I got it back everything was really fast. There were no down time. Since then I only have music on my computer and very little programs and it still ran smooth and fast. Then one day when I turned my computer on it was slow. When I bring up Windows Task Manager (I have windows xp) My CPU Usage is always at 100%. The little icon on the bottom right is always green, 100%. I dont know what I did but watching movies and navigating through the web and my computer is really really slow. How can I fix this? There must be something i can do? I have a 250 gb harddrive and only put 30 gb on it with music. and i have a 1gb of RAM. Its weird how all this time is was fast and now its slow...its been like this for a couple of weeks and i cant take it anymore haha, i need help. thanks.

everything looks clean Jean, and my computer seems fine now. Thank you so much for your help and time. I know it took awhile but the wait was well worth it. If I don't talk to you have a blessed and merry christmas (if you celebrate). Once again thank you!!! B)

SDFix: Version 1.118 Run by JR on Fri 12/14/2007 at 03:57 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\PROGRA~1\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-14 16:07:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s0"=dword:8fc34bda "s1"=dword:0a216748 "s2"=dword:5f9e1643 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:8e,0a,2b,96,b5,9d,f2,82,17,25,65,5b,22,70,d5,16,42,46,3e,a5,d7,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:8e,0a,2b,96,b5,9d,f2,82,17,25,65,5b,22,70,d5,16,42,46,3e,a5,d7,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Tue 14 Sep 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 25 Oct 2005 1,544 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak" Sun 2 Dec 2007 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak" Sun 2 Dec 2007 211 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak" Sun 24 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Sat 21 Jun 2003 377,344 A..H. --- "C:\Program Files\IsoBuster\IsoBuster\Help\AHlp.exe" Tue 27 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0d4a7c846fe5e74c3056c3e240c1ffeb\BIT66.tmp" Tue 14 Sep 2004 4,348 A..H. --- "C:\Documents and Settings\JR\My Documents\My Music\License Backup\drmv1key.bak" Tue 25 Oct 2005 782 A..H. --- "C:\Documents and Settings\JR\My Documents\My Music\License Backup\drmv1lic.bak" Sat 11 Dec 2004 400 A.SH. --- "C:\Documents and Settings\JR\My Documents\My Music\License Backup\drmv2key.bak" Sun 24 Dec 2006 54,520 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\7.1\vs000223.tmp" Mon 13 Aug 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp" Mon 13 Aug 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:28:15 PM, on 12/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wscntfy.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\WINDOWS\system32\tbctray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HighJackThis\HiJackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8920 bytes

here is another panda scan and a HJT log, and hopefully i deleted smitfraud Incident Status Location Adware:adware/exact.bargainbuddy Not disinfected Windows Registry Adware:adware/seekmo Not disinfected Windows Registry Adware:adware/pacimedia Not disinfected Windows Registry Adware:adware/exact.searchbar Not disinfected Windows Registry Adware:adware/wupd Not disinfected Windows Registry Spyware:spyware/media-motor Not disinfected Windows Registry Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.advertising.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.apmebf.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.revenue.net/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.adserver.easyad.info/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.com.com/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.zedo.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.go.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ehg-dig.hitbox.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JR\Cookies\jr@advertising[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JR\Cookies\jr@advertising[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\JR\Cookies\jr@atwola[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\JR\Cookies\jr@atwola[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JR\Cookies\jr@doubleclick[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JR\Cookies\jr@doubleclick[2].txt Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\JR\Desktop\fdvdcodecs.exe[NNCLXA638.EXE] Potentially unwanted tool:Application/MyWay Not disinfected C:\Documents and Settings\JR\Desktop\fdvdcodecs.exe[s4BarSp.exe] Adware:Adware/ClockSync Not disinfected C:\Documents and Settings\JR\Desktop\fdvdcodecs.exe[VVSNInst.exe] Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\K-Lite Codec Pack\K-Lite Codec Pack\XviD-1.0.2-Setup.exe[gunist.exe] Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\K-Lite Codec Pack\K-Lite Codec Pack\XviD-1.0.2-Setup.exe[gunist.exe][proxya.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:40:21 PM, on 12/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\tbctray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SiteAdvisor\SiteAdv.exe C:\WINDOWS\system32\DllHost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HighJackThis\HiJackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9124 bytes

Panda scan Incident Status Location Adware:adware/exact.bargainbuddy Not disinfected Windows Registry Adware:adware/seekmo Not disinfected Windows Registry Adware:adware/pacimedia Not disinfected Windows Registry Adware:adware/exact.searchbar Not disinfected Windows Registry Adware:adware/wupd Not disinfected Windows Registry Spyware:spyware/media-motor Not disinfected Windows Registry Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\JR\Desktop\fdvdcodecs.exe[NNCLXA638.EXE] Potentially unwanted tool:Application/MyWay Not disinfected C:\Documents and Settings\JR\Desktop\fdvdcodecs.exe[s4BarSp.exe] Adware:Adware/ClockSync Not disinfected C:\Documents and Settings\JR\Desktop\fdvdcodecs.exe[VVSNInst.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\JR\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\JR\Desktop\SmitfraudFix\restart.exe Virus:Generic Malware Not disinfected C:\Documents and Settings\JR\Desktop\spynomore.exe[snmIeGuard.dll] Virus:Generic Malware Not disinfected C:\Documents and Settings\JR\Desktop\spynomore.exe[sNM.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\JR\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\JR\SmitfraudFix\restart.exe Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\K-Lite Codec Pack\K-Lite Codec Pack\XviD-1.0.2-Setup.exe[gunist.exe] Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\K-Lite Codec Pack\K-Lite Codec Pack\XviD-1.0.2-Setup.exe[gunist.exe][proxya.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Potentially unwanted tool:Application/Processor Not disinfected D:\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected D:\SmitfraudFix\restart.exe ------------------------------------------------------------------------------------------ I havent seen those trojans come up again with the mcafee virus scan so i guess thats good, but if they do i'll post the names of them

hey jean, i was away all weekend on a business trip so sorry for not responding, I am running those scans right now and will post when i'm done. Thanks

Its been 12 hours or so since I did those logs, and no signs of Popups. My desktop is back to normal, and my computer is running faster. Sometimes here and there it will be slow but thats normal. Also windows is telling me I don't have a antivirus program, it never said that before. I do though have Mcafee so i'm not sure if that works and it is deleting some trojans that pop up once in awhile(i never got those before) so maybe i might be still infected? On a good note it says its stopping and deleting them. So what would you recommend for an antivirus program?

i did what you said and hopefully i did this right... SDFix: Version 1.116 Run by JR on Tue 12/04/2007 at 05:15 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\PROGRA~1\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\Documents and Settings\JR\Favorites\Error Cleaner.url - Deleted C:\Documents and Settings\JR\Favorites\Privacy Protector.url - Deleted C:\Documents and Settings\JR\Favorites\Spyware&Malware Protection.url - Deleted C:\WINDOWS\privacy_danger\index.htm - Deleted C:\WINDOWS\privacy_danger\images\capt.gif - Deleted C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted C:\WINDOWS\privacy_danger\images\down.gif - Deleted C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted C:\Program Files\RichVideoCodec\install.ico - Deleted C:\Program Files\RichVideoCodec\RichVideoCodec.ocx - Deleted C:\Program Files\RichVideoCodec\Uninstall.exe - Deleted C:\Program Files\Setup.exe - Deleted C:\DOCUME~1\JR\LOCALS~1\Temp\ac8zt2.dat - Deleted C:\WINDOWS\nethop.exe - Deleted C:\WINDOWS\rmvgor.dll - Deleted Folder C:\Program Files\RichVideoCodec - Removed Folder C:\WINDOWS\privacy_danger - Removed Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 17:26:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s0"=dword:8fc34bda "s1"=dword:0a216748 "s2"=dword:5f9e1643 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:8e,0a,2b,96,b5,9d,f2,82,17,25,65,5b,22,70,d5,16,42,46,3e,a5,d7,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:8e,0a,2b,96,b5,9d,f2,82,17,25,65,5b,22,70,d5,16,42,46,3e,a5,d7,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000024 "TracesSuccessful"=dword:00000003 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\PROGRA~1\SDFix\backups\backups.zip Files with Hidden Attributes: Tue 14 Sep 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 25 Oct 2005 1,544 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak" Sun 2 Dec 2007 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak" Sun 2 Dec 2007 211 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak" Sun 24 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Tue 4 Dec 2007 0 A..H. --- "C:\Documents and Settings\JR\Local Settings\Temp\BIT30.tmp" Tue 4 Dec 2007 0 A..H. --- "C:\Documents and Settings\JR\Local Settings\Temp\BIT31.tmp" Tue 4 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\JR\Local Settings\Temp\BIT695.tmp" Tue 4 Dec 2007 0 A..H. --- "C:\Documents and Settings\JR\Local Settings\Temp\BIT6BD.tmp" Tue 4 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\JR\Local Settings\Temp\BIT6C4.tmp" Tue 4 Dec 2007 0 A..H. --- "C:\Documents and Settings\JR\Local Settings\Temp\BIT6DA.tmp" Tue 4 Dec 2007 0 A..H. --- "C:\Documents and Settings\JR\Local Settings\Temp\BIT6E1.tmp" Tue 4 Dec 2007 0 A..H. --- "C:\Documents and Settings\JR\Local Settings\Temp\BIT6E2.tmp" Tue 4 Dec 2007 0 A..H. --- "C:\Documents and Settings\JR\Local Settings\Temp\BIT6E3.tmp" Tue 4 Dec 2007 0 A..H. --- "C:\Documents and Settings\JR\Local Settings\Temp\BIT6EF.tmp" Tue 4 Dec 2007 0 A..H. --- "C:\Documents and Settings\JR\Local Settings\Temp\BIT6FE.tmp" Sat 21 Jun 2003 377,344 A..H. --- "C:\Program Files\IsoBuster\IsoBuster\Help\AHlp.exe" Tue 27 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0d4a7c846fe5e74c3056c3e240c1ffeb\BIT66.tmp" Tue 14 Sep 2004 4,348 A..H. --- "C:\Documents and Settings\JR\My Documents\My Music\License Backup\drmv1key.bak" Tue 25 Oct 2005 782 A..H. --- "C:\Documents and Settings\JR\My Documents\My Music\License Backup\drmv1lic.bak" Sat 11 Dec 2004 400 A.SH. --- "C:\Documents and Settings\JR\My Documents\My Music\License Backup\drmv2key.bak" Sun 24 Dec 2006 54,520 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\7.1\vs000223.tmp" Mon 13 Aug 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp" Mon 13 Aug 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:49:42 PM, on 12/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\WINDOWS\system32\tbctray.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HighJackThis\HiJackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8408 bytes on a good not that red bio hazard sign went away and its back to my old desktop wall paper again, don't know if i'm cured or not but i'll wait for the next steps B)

ahhh yes!!! this is good news, what program do I use to delete that file? By the way I don't know how you do it but it works, fixing all of these computers online. I must say you are very good, and thank you so much for your help and time it is greatly appriciated!!!

Ok, I finally was able to do the panda scan so hopefully I did this right, and also here is a new HJT log....oh and i did do the rougeremover didnt know if there was a log I had to post for that. Incident Status Location Adware:adware/exact.bargainbuddy Not disinfected c:\windows\system32\bbchk.exe Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch Potentially unwanted tool:application/funweb Not disinfected hkey_local_machine\software\Fun Web Products Adware:adware/seekmo Not disinfected Windows Registry Adware:adware/pacimedia Not disinfected Windows Registry Adware:adware/exact.searchbar Not disinfected Windows Registry Adware:adware/wupd Not disinfected Windows Registry Spyware:spyware/media-motor Not disinfected Windows Registry Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.atdmt.com/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.go.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ehg-dig.hitbox.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.advertising.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.zedo.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ad.yieldmanager.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.overture.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.com.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.xiti.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.apmebf.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.weborama.fr/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.yadro.ru/] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.azjmp.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.ehg.hitbox.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\JR\Application Data\Mozilla\Firefox\Profiles\xb3r9a22.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\JR\Cookies\jr@112.2o7[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\JR\Cookies\jr@advertising[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\JR\Cookies\jr@atwola[1].txt Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\JR\Cookies\jr@bfast[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\JR\Cookies\jr@cgi-bin[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\JR\Cookies\jr@cgi-bin[3].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\JR\Cookies\jr@citi.bridgetrack[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\JR\Cookies\jr@com[2].txt Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\JR\Cookies\jr@cs.sexcounter[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\JR\Cookies\jr@doubleclick[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\JR\Cookies\jr@drivecleaner[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\JR\Cookies\jr@ehg-dig.hitbox[1].txt Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\JR\Cookies\jr@entrepreneur[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\JR\Cookies\jr@fastclick[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\JR\Cookies\jr@go.drivecleaner[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\JR\Cookies\jr@hg1.hitbox[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\JR\Cookies\jr@stats.drivecleaner[2].txt Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\JR\Cookies\jr@valueclick[2].txt Spyware:Cookie/AntiVirGear Not disinfected C:\Documents and Settings\JR\Cookies\jr@www.antivirgear[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\JR\Cookies\jr@www.drivecleaner[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\JR\Desktop\ComboFix(2).exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\JR\Desktop\ComboFix(2).exe[nircmd.cfexe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\JR\Desktop\ComboFix(4).exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\JR\Desktop\ComboFix(4).exe[nircmd.cfexe] Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\JR\Desktop\fdvdcodecs.exe[NNCLXA638.EXE] Potentially unwanted tool:Application/MyWay Not disinfected C:\Documents and Settings\JR\Desktop\fdvdcodecs.exe[s4BarSp.exe] Adware:Adware/ClockSync Not disinfected C:\Documents and Settings\JR\Desktop\fdvdcodecs.exe[VVSNInst.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\JR\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\JR\Desktop\SmitfraudFix\restart.exe Virus:Generic Malware Not disinfected C:\Documents and Settings\JR\Desktop\spynomore.exe[snmIeGuard.dll] Virus:Generic Malware Not disinfected C:\Documents and Settings\JR\Desktop\spynomore.exe[sNM.exe] Adware:Adware/NewMediaCodec Not disinfected C:\Documents and Settings\JR\Local Settings\Temp\ac8zt2.dat[ac8zt2/msmhost.dll] Adware:Adware/AdwareRemover2007 Not disinfected C:\Documents and Settings\JR\Local Settings\Temporary Internet Files\Content.IE5\NV7KYYXZ\install1216[1].cab[setup.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\JR\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\JR\SmitfraudFix\restart.exe Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\K-Lite Codec Pack\K-Lite Codec Pack\XviD-1.0.2-Setup.exe[gunist.exe] Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\K-Lite Codec Pack\K-Lite Codec Pack\XviD-1.0.2-Setup.exe[gunist.exe][proxya.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Potentially unwanted tool:Application/Processor Not disinfected D:\SmitfraudFix\Process.exe Virus:Trj/Rebooter.J Disinfected D:\SmitfraudFix\Reboot.exe Potentially unwanted tool:Application/SuperFast Not disinfected D:\SmitfraudFix\restart.exe Virus:Trj/Rebooter.J HighJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:20:11 AM, on 12/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\tbctray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\SiteAdvisor\SiteAdv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HighJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O21 - SSODL: sapnet - {D8FE4152-6574-42AF-9457-9065C49B075C} - C:\WINDOWS\sapnet.dll (file missing) O21 - SSODL: rmvgor - {7B8CADDB-42F5-471B-9541-DE1B6A6CD0E1} - C:\WINDOWS\rmvgor.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 8883 bytes

hey Jean I see that you are online, i'm running the panda scan right now, and will post that log and a new hjt log when its done hopefully i can catch you before you sign off for the day so you can help me with the next step

yeah my desktop still has that bio hazard sign and its red B)

I did what you said and on the program it said that C:\WINDOWS\rmvgor.dll did not exist but it deleted the other file, and my desktop says its in Active Desktop Recovery...i dont know if the virus is gone but my computer still runs slow, hopefully i did this right Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:30:57 PM, on 12/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\tbctray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\HighJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab O21 - SSODL: sapnet - {D8FE4152-6574-42AF-9457-9065C49B075C} - C:\WINDOWS\sapnet.dll (file missing) O21 - SSODL: rmvgor - {7B8CADDB-42F5-471B-9541-DE1B6A6CD0E1} - C:\WINDOWS\rmvgor.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 8697 bytes

here is the log you asked for hope it helps B) ComboFix 07-11-19.4C - JR 2007-11-29 17:53:37.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.498 [GMT -5:00] Running from: C:\Documents and Settings\JR\Desktop\ComboFix(4).exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\JR\Desktop\Error Cleaner.url C:\Documents and Settings\JR\Desktop\Privacy Protector.url C:\Documents and Settings\JR\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\JR\Favorites\Error Cleaner.url C:\Documents and Settings\JR\Favorites\Privacy Protector.url C:\Documents and Settings\JR\Favorites\Spyware&Malware Protection.url C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))) . 2007-11-28 21:56 <DIR> d-------- C:\Program Files\SiteAdvisor 2007-11-28 21:56 <DIR> d-------- C:\Documents and Settings\JR\Application Data\SiteAdvisor 2007-11-28 21:52 104,024 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2007-11-28 21:43 <DIR> d-------- C:\Program Files\McAfee 2007-11-28 21:43 <DIR> d-------- C:\Program Files\Common Files\McAfee 2007-11-28 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-11-24 17:21 <DIR> d-------- C:\Program Files\HighJackThis 2007-11-23 21:19 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-23 20:54 <DIR> d-------- C:\Program Files\Java 2007-11-20 17:48 335,872 --a------ C:\WINDOWS\sapnet.dll 2007-11-20 17:48 294,912 --a------ C:\WINDOWS\rmvgor.dll 2007-11-20 17:48 151,552 --a------ C:\WINDOWS\nethop.exe 2007-11-20 17:44 <DIR> d-------- C:\Program Files\RichVideoCodec 2007-11-11 13:09 <DIR> d-------- C:\Program Files\Guitar Pro 5 2007-11-06 16:47 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2070-01-01 00:00 --------- d-----w C:\Program Files\MacroStudioMX2004withFlashPro 2007-11-29 22:46 --------- d-----w C:\Documents and Settings\JR\Application Data\Azureus 2007-11-28 21:27 4,520 ----a-w C:\WINDOWS\system32\tmp.reg 2007-11-28 02:41 --------- d-----w C:\Program Files\Ares 2007-11-26 23:23 678 ----a-w C:\Program Files\Shortcut to HiJackThis.exe.lnk 2007-11-20 22:30 --------- d-----w C:\Program Files\AIMTunes 2007-11-13 20:45 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-04 23:33 --------- d-----w C:\Program Files\Full Tilt Poker 2007-10-21 21:01 --------- d-----w C:\Documents and Settings\JR\Application Data\QQ Games Plugin 2007-10-21 21:00 --------- d-----w C:\Program Files\AIM6 2007-10-21 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-10-21 20:57 --------- d-----w C:\Program Files\Tencent 2007-10-21 20:54 --------- d-----w C:\Program Files\Viewpoint 2007-10-21 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-10-21 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-10-14 20:42 --------- d-----w C:\Program Files\BitComet 2007-10-13 14:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-10 20:01 --------- d-----w C:\Program Files\Apple Software Update 2007-10-09 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2007-10-09 02:56 --------- d-----w C:\Program Files\Azureus 2007-10-06 13:30 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2007-10-04 04:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe 2007-09-06 04:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe 2006-04-07 15:19 25,512 -c--a-w C:\Documents and Settings\JR\Application Data\GDIPFONTCACHEV1.DAT 2005-04-22 10:07 184 -c--a-w C:\Program Files\Free-Codecs.txt 2003-10-01 09:52 73,332 -c--a-w C:\Program Files\eula.pdf 2003-10-01 09:52 5,110 -c--a-w C:\Program Files\contents.txt 2003-10-01 09:52 36,864 -c--a-w C:\Program Files\setup.exe 2003-10-01 09:52 17,252 -c--a-w C:\Program Files\readme.txt 2002-04-08 03:03 673 -c--a-w C:\Program Files\Read_Me.txt . ((((((((((((((((((((((((((((( snapshot@2007-11-24_17.19.25.82 ))))))))))))))))))))))))))))))))))))))))) . - 2004-10-13 00:06:17 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-11-29 20:14:31 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2004-10-13 00:06:17 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-11-29 20:14:31 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2004-10-13 00:06:17 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-11-29 20:14:31 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2007-11-24 22:18:37 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-11-29 22:54:26 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-11-24 22:18:38 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-11-29 22:54:27 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"= C:\Program Files\Video Add-on\ictmdl.dll [ ] [HKEY_CLASSES_ROOT\clsid\{23ed2206-856d-461a-bbcf-1c2466ac5ae3}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 10:01] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 00:50] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 00:51] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50] "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 13:05] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 09:19] "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 08:21] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01] "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [] "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-10-19 20:16] "iTunesHelper"="D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe" [2007-11-02 18:36] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "TraySantaCruz"="C:\WINDOWS\system32\tbctray.exe" [2002-04-03 14:47] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-26 13:32:43] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "sapnet"= {D8FE4152-6574-42AF-9457-9065C49B075C} - C:\WINDOWS\sapnet.dll [2007-11-20 13:41 335872] "rmvgor"= {7B8CADDB-42F5-471B-9541-DE1B6A6CD0E1} - C:\WINDOWS\rmvgor.dll [2007-11-20 13:41 294912] R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys S2 RVIEG01;VSC Engine;\??\C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys S3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys S3 PNDIS5;PNDIS5 NDIS Protocol Driver;\??\F:\PNDIS5.SYS S3 vtdg46xx;vtdg46xx;\??\C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys *Newly Created Service* - ENTDRV51 . Contents of the 'Scheduled Tasks' folder "2007-11-29 15:57:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-29 02:49:14 C:\WINDOWS\Tasks\McDefragTask.job" - C:\WINDOWS\system32\defrag.exe "2007-11-29 02:49:12 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe.4158 0 . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-29 17:59:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-11-29 18:01:11 C:\ComboFix2.txt ... 2007-11-24 17:20 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:05:42 PM, on 11/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe C:\WINDOWS\system32\tbctray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HighJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab O21 - SSODL: sapnet - {D8FE4152-6574-42AF-9457-9065C49B075C} - C:\WINDOWS\sapnet.dll O21 - SSODL: rmvgor - {7B8CADDB-42F5-471B-9541-DE1B6A6CD0E1} - C:\WINDOWS\rmvgor.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8836 bytes

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:13:49 PM, on 11/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe C:\WINDOWS\system32\tbctray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\PROGRA~1\McAfee\MSC\mclogsrv.exe C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\PROGRA~1\McAfee\MSC\mctskshd.exe C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\HighJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\J.R.'s Music\iTunes Folder\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [0251961196304193mcinstcleanup] C:\DOCUME~1\JR\LOCALS~1\Temp\025196~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://sln.lasalle.edu/iNotes6W.cab O21 - SSODL: sapnet - {BA9D3F44-D0EB-441E-ADCE-478EF7EA7D57} - C:\WINDOWS\sapnet.dll O21 - SSODL: rmvgor - {067AB3C3-869D-4ABF-ACBC-AB76550A115D} - C:\WINDOWS\rmvgor.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 9457 bytes