So I fell victim to some kind of what I believe to be some kind of rootkit. I am constantly getting IE popups which some open and some dont. I dont even need to have IE open to get them. When they do popup my network virtually freezes. I have ran antivirus and adware removers and nothing works. I just ran adaware which fnd only tracking cookies. I removed them all then I ran HJT and here os the log. Any assistance on this would be greatly appreciated as I cannot rebuild this computer at this time. It is a macbook pro running Vista Business on bootcamp.

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:32 PM, on 2/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\sttray.exe
C:\Windows\System32\IRW.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/?.src=fp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RestartNeroSetup] "C:\Users\Rick\AppData\Local\Temp\OnlineUpdate8\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 8" RUNSETUPXU="1" OS_UPDATED="1" STUB="1" UPGRADE="1"
O4 - HKLM\..\Run: [RecordPadRun] "C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [IRW] C:\Windows\system32\IRW.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [AppleTime] C:\WINDOWS\system32\AppleTime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Rick\AppData\Local\Temp\~DFA6E.tmp C:\Users\Rick\AppData\Local\Temp\~DFA69.tmp C:\Users\Rick\AppData\Local\Temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Rick\AppData\Local\Temp\~DFA6E.tmp C:\Users\Rick\AppData\Local\Temp\~DFA69.tmp C:\Users\Rick\AppData\Local\Temp\HSPERF~1.SH! (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...own&unknown
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/windowsupdate/...b?1167503112204
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...221/mcfscan.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://mscorp.myspace.com/dana-cached/sc/J...SetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0012061202257257) (0012061202257257mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\001206~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10743 bytes

Hi Rickincali,

that's original... This is the first BootCamp Windows I see. I have an iMac at home and a MacBook Pro. I run my Windows from VMware Fusion, as I don't like BootCamp. But that is beside the point. Let's get to the log.

I don't see a firewall in your log. If you don't have one, or use Microsoft's firewall in Windows XP, download
Sygate Personal Firewall, Sunbelt Kerio Personal Firewall or Online Armour Free and install it.
Block everything that is not supposed to dial out!

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "The Java Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

I see both Symantec and McAfee in your log. It is not a good idea to have multiple anti virus products running. These programs get in each other's way. Use just one as an "On Access" scanner. You can keep the other one for "On Demand" scanning.

Please download ATF Cleaner to your desktop.

Right click on ATF-Cleaner.exe and choose "Run As Administrator" to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.

Run HijackThis, click on "Scan" and check the boxes next to all these items.

O4 - HKLM\..\Run: [RestartNeroSetup] "C:\Users\Rick\AppData\Local\Temp\OnlineUpdate8\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 8" RUNSETUPXU="1" OS_UPDATED="1" STUB="1" UPGRADE="1"

O23 - Service: McAfee Application Installer Cleanup (0012061202257257) (0012061202257257mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\001206~1.EXE

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".

Restart your computer and post a new log in this thread.

Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List".
Save the log to a convenient location, and copy it into this thread.

I will do this as soon as I get home.

I have recently uninstalled Symantec to install McAfee so maybe it didnt uninstall all the way and thats why there is 2 antivirus. The McAfee I believe does have a firewall but I could be mistaken. On the HJT log 5th line from the bottom is McAfee personal Firewall. I will double check it is turned on or even actually installed.

Thanks for the help and i will report back as soon as I can.

On a side note, how does VMWare Fusion run?

Hi Bobbi,

I followed your instructions to the letter. Here is the HJT log, I will post the Application list after this one. I also verified I do have McAfee firewall running on my laptop.

I did not see the one entry though.

O23 - Service: McAfee Application Installer Cleanup (0012061202257257) (0012061202257257mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\001206~1.EXE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:40 PM, on 2/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\sttray.exe
C:\Windows\System32\IRW.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/?.src=fp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RecordPadRun] "C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [IRW] C:\Windows\system32\IRW.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [AppleTime] C:\WINDOWS\system32\AppleTime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Rick\AppData\Local\Temp\~DFA6E.tmp C:\Users\Rick\AppData\Local\Temp\~DFA69.tmp C:\Users\Rick\AppData\Local\Temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Rick\AppData\Local\Temp\~DFA6E.tmp C:\Users\Rick\AppData\Local\Temp\~DFA69.tmp C:\Users\Rick\AppData\Local\Temp\HSPERF~1.SH! (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...own&unknown
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/windowsupdate/...b?1167503112204
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...221/mcfscan.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://mscorp.myspace.com/dana-cached/sc/J...SetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10295 bytes

Bobbi,

When I try to get the program list it closes HJT. As soon as I click save log it closes. I can compiled a list by hand. The powertoys for wndows xp are legacy apps leftover from the upgrade I did a few months back. They will not uninstall and I havent really looked into getting them off yet.

Ad-Aware 2007
Adobe Bridge 1.0
Adobe Creative Suite 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
BitComet 0.97
Boot Camp Services
Canon EOS Utility
Clear Type Tuning Control Panel Applet
Google Earth
HijackThis 2.0.2
HWiNFO32 Version 1.77
Image Resizer Powertoy for Windows XP
IrfanView (remove only)
iTunes
Java™ 6 Update 4
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Macintoch Drivers for Windows XP
McAfee Security Center
Microsoft .NE Framework 1.1
Microsoft .NET Framework 3.0
Microsoft IntelliPoint 6.1
Microsoft Office Professional Plus 2007
Mozilla Firefox (2.0.011)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 6.0 Parser (KB933579)
QuickTime
RealPlayer
Realtek High Definition Audio Driver
SigmaTel Audio
Skype 3.6
Star Wars Galaxies
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
Trillian
Tweak UI
Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Built-in iSight (02/09/2007 1.3.0.0)
Windows Driver Package - Apple Inc. Apple IR Reciever (07/16/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)
Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)
Windows Driver Package - Apple Inc. Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)
Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0)
Windows Driver Package - Atheros Communications Inc. (athr) net (04/15/2007 7.2.0.204)
Windows Driver Package - Atheros Communications Inc. Net (04/15/2007 7.2.0.204)
Windows Driver Package - Mavell (yukonwlh) Net (03/23/2007 10.12.7.3)
Windows Live Installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Xfire (remove only)
Xvid 1.1.2 final uninstall
Yahoo! Messenger

Hi Rickincali,

Hmmm... Could be an incompatibility between HijackThis and BootCamp. Oh well, as long as you can do what I want I don't really care who creates the list. On Powertoys... If you want it gone, we can take a look at it, but it is legit so I wouldn't suggest the removal.

The rest of the installed programs are legit as well (or rather I cannot find proof that they're bad).

Okay.

Probably cleaned itself up. I think that you were updating McAfee while running the log.

The log looks clean, but it was that from the getgo. So let's see what we can dig up.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Combofix log.


ComboFix 08-02.05.3 - Rick 2008-02-07 17:07:16.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1264 [GMT -8:00]
Running from: C:\Users\Rick\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\atapii.sys
C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\system32\drivers\iSightFTT.sys
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Rick\AppData\Roaming\macromedia\Flash Player\#SharedObjects\4MWZSTZW\www.broadcaster.com
C:\Users\Rick\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Users\Rick\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Windows\system32\drivers\atapii.sys
C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\system32\drivers\iSightFTT.sys

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
hxxp://õj+|�C�ü¤Ì›v÷+È@™JŸ:®½‰NêGD_©½ºD˜QÄ{¶ÀzÎ
‰Z˜®ÞÛO…ŸmOÌ¢ŸºÏ\}&®\ÞHªÇ¯¶¦@¬ÎWU Client Download


S-1-5-18
@x
€`lð



@\
?


?

?

?
 



6ÚVwoQZC¬¬D¢HÿóM6ÚVwoQZC¬¬D¢HÿóMXuï(ôyhÈ
ï(ôyhÈ
ï(ôyhÈ

ï(ôyhÈ
oVÝ2¯È


§v‰Z˜®ÞÛO…ŸmOÌ¢ŸºGD_©½ºD˜QÄ{¶ÀzÎGD_©½ºD˜QÄ{¶ÀzÎGD_©½ºD˜QÄ{¶ÀzÎ÷+È@™JŸ:®½‰Nêõj+|�C�ü¤Ì›vate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ISIGHTFTT
-------\iSightFTT


((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-06 17:06 . 2008-02-06 17:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-05 20:43 . 2008-02-05 20:43 <DIR> d-------- C:\Windows\PCHEALTH
2008-02-05 16:39 . 2008-02-05 16:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-05 16:39 . 2008-02-05 16:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 20:03 . 2008-02-04 20:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-04 18:57 . 2008-02-05 18:54 <DIR> d-------- C:\Program Files\StarWarsGalaxies
2008-02-03 21:08 . 2008-02-04 19:39 <DIR> d-------- C:\Downloads
2008-02-03 21:01 . 2008-02-03 21:01 <DIR> d-------- C:\$WINDOWS.~BT
2008-02-03 08:14 . 2008-02-03 08:14 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-03 08:14 . 2008-02-03 08:14 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-03 08:13 . 2008-02-04 20:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-02 17:53 . 2008-02-02 17:53 <DIR> d-------- C:\Windows\McAfee.com
2008-02-02 13:02 . 2008-02-02 13:02 0 --a------ C:\Windows\nsreg.dat
2008-02-01 19:01 . 2008-02-05 16:39 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-01 19:01 . 2008-02-05 16:39 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-01 18:21 . 2008-02-01 18:21 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-02-01 18:10 . 2008-02-07 17:12 7,418 --a------ C:\Windows\System32\Config.MPF
2008-02-01 18:09 . 2008-02-01 19:05 <DIR> d-------- C:\Users\Rick\AppData\Roaming\SiteAdvisor
2008-02-01 18:09 . 2008-02-01 18:09 <DIR> d-------- C:\Users\All Users\SiteAdvisor
2008-02-01 18:09 . 2008-02-01 18:09 <DIR> d-------- C:\ProgramData\SiteAdvisor
2008-02-01 18:09 . 2008-02-03 08:03 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-02-01 18:08 . 2007-07-21 09:08 40,488 --a------ C:\Windows\System32\drivers\mfesmfk.sys
2008-02-01 18:08 . 2007-07-21 09:08 35,240 --a------ C:\Windows\System32\drivers\mfebopk.sys
2008-02-01 18:08 . 2007-07-24 12:02 33,800 --a------ C:\Windows\System32\drivers\mferkdk.sys
2008-02-01 18:07 . 2008-02-01 18:07 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-01 18:07 . 2008-02-06 17:29 <DIR> d-------- C:\Program Files\McAfee
2008-02-01 18:07 . 2008-02-01 18:24 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-01 18:07 . 2007-07-21 09:08 201,288 --a------ C:\Windows\System32\drivers\mfehidk.sys
2008-02-01 18:07 . 2007-07-13 09:21 125,728 --a------ C:\Windows\System32\drivers\Mpfp.sys
2008-02-01 18:07 . 2007-07-24 07:40 79,304 --a------ C:\Windows\System32\drivers\mfeavfk.sys
2008-02-01 17:55 . 2008-02-01 18:10 <DIR> d-------- C:\Users\All Users\McAfee
2008-02-01 17:55 . 2008-02-01 18:10 <DIR> d-------- C:\ProgramData\McAfee
2008-02-01 17:50 . 2008-02-01 17:50 <DIR> d-------- C:\Users\All Users\Avg7
2008-02-01 17:50 . 2008-02-01 17:50 <DIR> d-------- C:\ProgramData\Avg7
2008-01-29 16:29 . 2008-02-07 17:16 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-29 16:29 . 2008-01-29 16:29 1,409 --a------ C:\Windows\QTFont.for
2008-01-28 18:43 . 2008-01-28 18:43 <DIR> d-------- C:\Program Files\iTunes
2008-01-28 18:43 . 2008-01-28 18:43 <DIR> d-------- C:\Program Files\iPod
2008-01-28 18:42 . 2008-01-28 18:43 <DIR> d-------- C:\Program Files\QuickTime
2008-01-28 18:39 . 2008-01-28 18:39 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-28 18:37 . 2008-01-28 18:37 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-26 11:52 . 2008-01-26 11:52 <DIR> d-------- C:\Program Files\Common Files\Steam
2008-01-24 12:09 . 2008-01-24 12:14 <DIR> d-------- C:\Program Files\Windows Live
2008-01-24 12:09 . 2008-01-24 12:13 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-24 12:08 . 2008-01-24 12:08 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-01-24 12:08 . 2008-01-24 12:08 <DIR> d-------- C:\ProgramData\WLInstaller
2008-01-24 07:38 . 2008-01-24 07:39 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-21 12:26 . 2008-01-21 12:26 <DIR> d-------- C:\Users\Rick\AppData\Roaming\skypePM
2008-01-21 12:26 . 2008-01-21 12:39 <DIR> d-------- C:\Users\Rick\AppData\Roaming\Skype
2008-01-21 12:26 . 2008-01-21 12:26 32 --a------ C:\Users\All Users\ezsid.dat
2008-01-21 12:26 . 2008-01-21 12:26 32 --a------ C:\ProgramData\ezsid.dat
2008-01-21 12:25 . 2008-01-21 12:25 <DIR> d-------- C:\Users\All Users\Skype
2008-01-21 12:25 . 2008-01-21 12:25 <DIR> d-------- C:\ProgramData\Skype
2008-01-21 12:25 . 2008-01-21 20:17 <DIR> d-------- C:\Program Files\Skype
2008-01-21 12:25 . 2008-01-21 12:25 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-01-19 22:45 . 2008-01-19 22:45 205,824 --a------ C:\Windows\System32\msoeacct.dll
2008-01-19 22:45 . 2008-01-19 22:45 87,040 --a------ C:\Windows\System32\msoert2.dll
2008-01-19 22:45 . 2008-01-19 22:45 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2008-01-19 22:42 . 2008-01-19 22:42 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-01-19 22:42 . 2008-01-19 22:42 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-01-19 22:40 . 2008-01-19 22:40 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-19 22:40 . 2008-01-19 22:40 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-19 22:40 . 2008-01-19 22:40 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-19 22:40 . 2008-01-19 22:40 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-19 22:40 . 2008-01-19 22:40 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-19 22:39 . 2008-01-19 22:39 414,208 --a------ C:\Windows\System32\msscp.dll
2008-01-19 22:39 . 2008-01-19 22:39 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 22:38 . 2008-01-19 22:38 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-01-19 22:38 . 2008-01-19 22:38 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-01-19 22:38 . 2008-01-19 22:38 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-01-19 22:38 . 2008-01-19 22:38 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-01-19 22:38 . 2008-01-19 22:38 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-01-19 22:37 . 2008-01-19 22:37 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-01-19 22:37 . 2008-01-19 22:37 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-01-19 22:37 . 2008-01-19 22:37 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2008-01-19 22:37 . 2008-01-19 22:37 86,016 --a------ C:\Windows\System32\icfupgd.dll
2008-01-19 22:37 . 2008-01-19 22:37 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2008-01-19 22:37 . 2008-01-19 22:37 61,952 --a------ C:\Windows\System32\cmifw.dll
2008-01-19 22:37 . 2008-01-19 22:37 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2008-01-19 22:37 . 2008-01-19 22:37 16,896 --a------ C:\Windows\System32\wfapigp.dll
2008-01-19 22:37 . 2008-01-19 22:37 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2008-01-19 22:34 . 2008-01-19 22:34 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-19 22:34 . 2008-01-19 22:34 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-19 22:34 . 2008-01-19 22:34 104,448 --a------ C:\Windows\System32\DWWIN.EXE
2008-01-19 22:33 . 2008-01-19 22:33 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-01-19 22:33 . 2008-01-19 22:33 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-01-19 22:33 . 2008-01-19 22:33 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-01-19 22:32 . 2008-01-19 22:32 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-01-19 22:32 . 2008-01-19 22:32 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-01-19 22:32 . 2008-01-19 22:32 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys
2008-01-19 22:32 . 2008-01-19 22:32 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2008-01-19 22:32 . 2008-01-19 22:32 23,040 --a------ C:\Windows\System32\drivers\usbuhci.sys
2008-01-19 22:32 . 2008-01-19 22:32 8,704 --a------ C:\Windows\System32\hcrstco.dll
2008-01-19 22:32 . 2008-01-19 22:32 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-01-19 22:32 . 2008-01-19 22:32 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2008-01-19 22:30 . 2008-01-19 22:30 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-01-19 22:29 . 2008-01-19 22:29 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-01-19 22:29 . 2008-01-19 22:29 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-01-19 22:29 . 2008-01-19 22:29 2,048 --a------ C:\Windows\System32\asferror.dll
2008-01-19 22:25 . 2008-01-19 22:25 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 01:08 --------- d-----w C:\Program Files\Java
2008-02-06 04:51 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-29 02:44 --------- d-----w C:\Users\Rick\AppData\Roaming\Apple Computer
2008-01-29 02:43 --------- d-----w C:\ProgramData\Apple Computer
2008-01-24 15:35 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-24 04:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-24 01:13 --------- d-----w C:\Users\Rick\AppData\Roaming\Juniper Networks
2008-01-21 19:50 --------- d-----w C:\Program Files\Google
2008-01-20 07:00 174 --sha-w C:\Program Files\desktop.ini
2008-01-20 06:55 --------- d-----w C:\Program Files\Windows Mail
2008-01-20 06:55 --------- d-----w C:\Program Files\Windows Defender
2008-01-20 06:55 --------- d-----w C:\Program Files\Windows Calendar
2008-01-20 06:54 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-20 06:46 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-20 06:46 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-20 06:46 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-20 06:46 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-20 06:46 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-20 06:44 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-01-20 06:44 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-20 06:44 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-01-20 06:44 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-20 06:44 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-01-20 06:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-20 06:34 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-20 06:34 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-20 06:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-20 06:26 320,000 ----a-w C:\Windows\system32\drivers\csc.sys
2008-01-20 06:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-20 05:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 05:43 --------- d-----w C:\ProgramData\Symantec
2008-01-20 05:28 --------- d-----w C:\Program Files\Realtek
2008-01-20 04:35 641 ----a-w C:\Windows\system32\drivers\stwrte.log
2008-01-20 03:24 484 ----a-w C:\Windows\system32\drivers\sthdae.log
2008-01-19 16:12 --------- d-----w C:\Users\Rick\AppData\Roaming\Zylom
2008-01-19 16:12 --------- d-----w C:\Users\Rick\AppData\Roaming\Xfire
2008-01-19 16:12 --------- d-----w C:\Users\Rick\AppData\Roaming\U3
2008-01-19 16:12 --------- d-----w C:\Users\Rick\AppData\Roaming\teamspeak2
2008-01-19 16:12 --------- d-----w C:\Users\Rick\AppData\Roaming\Nero
2008-01-19 16:12 --------- d-----w C:\Users\Rick\AppData\Roaming\NCH Swift Sound
2008-01-19 16:12 --------- d-----w C:\Users\Rick\AppData\Roaming\LimeWire
2008-01-19 16:12 --------- d-----w C:\Users\Rick\AppData\Roaming\CoffeeCup Software
2008-01-19 16:03 --------- d-----w C:\Program Files\Zylom Games
2008-01-19 16:03 --------- d-----w C:\Program Files\Xvid
2008-01-19 16:03 --------- d-----w C:\Program Files\Xfire
2008-01-19 16:03 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-19 16:03 --------- d-----w C:\Program Files\Trillian
2008-01-19 16:03 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-01-19 16:02 --------- d-----w C:\Program Files\Sony
2008-01-19 16:02 --------- d-----w C:\Program Files\Real
2008-01-19 16:02 --------- d-----w C:\Program Files\Nero
2008-01-19 16:02 --------- d-----w C:\Program Files\NCH Swift Sound
2008-01-19 16:02 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-19 16:02 --------- d-----w C:\Program Files\MSBuild
2008-01-19 16:02 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-19 16:02 --------- d-----w C:\Program Files\Microsoft Works
2008-01-19 16:02 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-19 16:01 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-19 16:01 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-19 16:01 --------- d-----w C:\Program Files\Mahjong Fortuna 2 Deluxe
2008-01-19 16:01 --------- d-----w C:\Program Files\Juniper Networks
2008-01-19 16:01 --------- d-----w C:\Program Files\IrfanView
2008-01-19 16:01 --------- d-----w C:\Program Files\Intel
2008-01-19 16:01 --------- d-----w C:\Program Files\HWiNFO32
2008-01-19 16:01 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-19 16:01 --------- d-----w C:\Program Files\Common Files\Real
2008-01-19 16:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-19 16:01 --------- d-----w C:\Program Files\Common Files\Canon
2008-01-19 16:01 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-19 16:01 --------- d-----w C:\Program Files\Canon
2008-01-19 16:01 --------- d-----w C:\Program Files\BitComet
2008-01-19 16:00 --------- d-sh--w C:\ProgramData\DRM
2008-01-19 16:00 --------- d-----w C:\ProgramData\Zylom
2008-01-19 16:00 --------- d-----w C:\ProgramData\Yahoo!
2008-01-19 16:00 --------- d-----w C:\ProgramData\Viewpoint
2008-01-19 16:00 --------- d-----w C:\ProgramData\PopCap
2008-01-19 16:00 --------- d-----w C:\ProgramData\Nero
2008-01-19 16:00 --------- d-----w C:\ProgramData\NCH Swift Sound
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 01:45 8704]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-06-21 15:12 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 22:41 1006264]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-08 00:58 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"SigmatelSysTrayApp"="sttray.exe" [2007-10-08 20:59 303104 C:\Windows\sttray.exe]
"RecordPadRun"="C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [ ]
"IRW"="C:\Windows\system32\IRW.exe" [2007-10-08 20:56 147456]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 14:52 849280]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-11-02 01:44 989696 C:\Windows\System32\bthprops.cpl]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"Apple_KbdMgr"="C:\Program Files\Boot Camp\KbdMgr.exe" [2007-10-08 22:06 419120]
"AppleTime"="C:\WINDOWS\system32\AppleTime.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.exe" [2007-07-25 15:10 111904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Desktop Search.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe

R1 NEOFLTR_600_12141;Juniper Networks TDI Filter Driver (NEOFLTR_600_12141);C:\WINDOWS\system32\Drivers\NEOFLTR_600_12141.SYS [2007-10-02 15:51]
R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files\HWiNFO32\HWiNFO32.SYS [2007-09-14 13:15]
R2 KeyAgent;KeyAgent;C:\Windows\system32\drivers\KeyAgent.sys [2007-10-08 20:56]
R2 MacHALDriver;Mac HAL;C:\Windows\system32\drivers\MacHALDriver.sys [2007-10-08 20:56]
R3 aapltp;Apple Trackpad;C:\Windows\system32\DRIVERS\aapltp.sys [2007-10-08 20:56]
R3 applebt;Apple Built-in Bluetooth;C:\Windows\system32\DRIVERS\applebt.sys [2007-10-08 20:56]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-10-08 20:56]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-08 20:55]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\system32\DRIVERS\IRFilter.sys [2007-10-08 20:56]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\system32\DRIVERS\KeyMagic.sys [2007-10-08 20:56]
S3 aapltctp;Apple Trackpad Enabler;C:\Windows\system32\DRIVERS\aapltctp.sys [2007-10-08 20:56]
S3 BthKicker;Apple Bluetooth Device Driver;C:\Windows\system32\DRIVERS\BthKicker.sys [2007-10-08 20:56]
S3 IFXTPM;IFXTPM;C:\Windows\system32\DRIVERS\IFXTPM.SYS [2005-10-10 14:46]
S3 iSightUpdate;iSight Update Driver;C:\Windows\system32\DRIVERS\iSightUP.sys [2007-10-08 20:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WudfServiceGroup REG_MULTI_SZ WUDFSvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1d892d2-c6a5-11dc-a144-806e6f6e6963}]
\shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 02:24:48 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-02 02:24:48 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 17:16:23
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-02-07 17:19:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 01:19:00
.
2008-02-06 04:51:54 --- E O F ---

HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:47 PM, on 2/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\sttray.exe
C:\Windows\System32\IRW.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/?.src=fp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RecordPadRun] "C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [IRW] C:\Windows\system32\IRW.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [AppleTime] C:\WINDOWS\system32\AppleTime.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Rick\AppData\Local\Temp\~DFA6E.tmp C:\Users\Rick\AppData\Local\Temp\~DFA69.tmp C:\Users\Rick\AppData\Local\Temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Rick\AppData\Local\Temp\~DFA6E.tmp C:\Users\Rick\AppData\Local\Temp\~DFA69.tmp C:\Users\Rick\AppData\Local\Temp\HSPERF~1.SH! (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix:
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...own&unknown
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/windowsupdate/...b?1167503112204
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...221/mcfscan.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://mscorp.myspace.com/dana-cached/sc/J...SetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10247 bytes

Bobbi,

Above are the logs. Thanks for your support on this. My Laptop is already running better. I have been online for a few hours and have not had a single popup. I almost forgot what it was like to have popup free websurfing.

Hi Rickincali,

This log looks clean!

This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

This can be accessed by going to http://windowsupdate.microsoft.com/ and following the prompts. If you are running Windows XP get updated to SP-2

Please post back if you are still having any problems....

Bobbi,

Everything is still running great. I apreciate all your help and will indeed heed your advice.

Thanks again,

Rick